Privacy Policy — Ardak AI

🏛️

Section 1

Core Philosophy & Architecture

This Privacy Policy governs the processing of data within Ardak AI, a specialised artificial intelligence language model application operated by Otan Systems.

Architecture

Local-First

Minimises data collection and maximises user control at every layer.

Data Sales

Never

We do not sell, rent, or trade user information with any third party.

Guiding Principle

Minimum Necessary

Only what is strictly required to deliver the service — nothing more.

By authenticating and using Ardak AI, you acknowledge and agree to the data practices outlined in this Policy.

🚫

Section 2

Data We Do Not Collect

Ardak AI does not maintain traditional cloud-based user databases. The following data is never collected or stored:

Names, email addresses, or phone numbers
User passwords of any kind
Identity documents or biometric data
Passports or driver's licences (Zero KYC)
Web analytics or behavioural tracking
Advertising pixels (Meta, TikTok, etc.)
Tracking cookies of any type

🔑

Section 3

Data Processing & Authentication

3.1 Authentication Layer

Access is managed via trusted third-party OAuth 2.0 providers. Supported methods:

Provider

Continue with Google

Provider

Continue with GitHub

Provider

Continue with Apple

        How it works: During login, authentication occurs on the provider's secure infrastructure. Otan Systems receives only a transient cryptographic session token to authorise your current session. This token is discarded at the end of your session and is never linked to any persistent identifier held by us.
      

        GDPR Note: Even a transient session token may constitute personal data under the GDPR. Otan Systems processes this token solely on the legal basis of performance of contract (Article 6(1)(b) GDPR).
      

3.2 Local-First Storage

All conversation histories, system prompts, configuration contexts, notes, and active project data are stored strictly on your local device. Otan Systems operates no server-side databases that log, sync, or retain your conversation data.

        Important: Because your data resides entirely on your device, we are unable to recover, restore, or export it if you clear your browser storage or lose your device. To ensure complete erasure, clear your browser's site data for the Ardak AI domain — clearing the cache alone may not be sufficient.
      

⚙️

Section 4

AI Inference Pipeline (Sub-Processors)

To generate responses, your live prompts must be transmitted to external AI infrastructure. This is necessary for the service to function.

Step 1 · Your Device

Prompt Composed Locally

Your message is composed on-device. No data is sent until you submit a query.

Step 2 · Gateway

OpenRouter (Sub-Processor)

Your prompt is routed via a secure internal proxy to OpenRouter, bound by a Data Processing Agreement. It may not retain or train on your data.

Step 3 · Inference

Venice AI (Processor)

OpenRouter (Sub-Processor) routes to Venice AI enterprise infrastructure for model inference. Data transfers from the EEA are covered by Standard Contractual Clauses (SCCs).

Step 4 · Response

Response Returned & Discarded

Your prompt exists in processing memory only for the duration of the active inference window. It is not persistently stored by Otan Systems.

      Infrastructure Logging: Hosting providers and API gateways may passively generate transient security logs (e.g. for rate-limiting and DDoS protection). These are not controlled by Otan Systems and are subject to providers' own retention policies.
    

⛓️

Section 5

Web3 Financial Privacy & Monetisation

Ardak AI uses decentralised digital assets for premium features, avoiding the collection of traditional banking or payment card data entirely.

Supported Currency

USD Coin (USDC)

Stablecoin payments — no card details ever required.

Payment Interface

Jumper Widget

Integrated non-custodial widget. Otan Systems never sees your keys.

Supported Networks

Solana Base Polygon Arbitrum One Optimism

      Public Ledger Notice: Blockchain transactions are public and permanent by design. Otan Systems does not cross-reference or correlate your public wallet address with any personal identity information held by us.
    

🌍

Section 6

Global Rights & Compliance

6.1 EEA Residents — GDPR

Otan Systems acts as the Data Controller for personal data we process: (a) the transient session token via OAuth, and (b) prompt content transmitted during an active session. Legal basis: Performance of Contract (Art. 6(1)(b) GDPR).

Your rights under GDPR:

📋

Access

Request a copy of data we hold about you

✏️

Rectification

Correct inaccurate data

🗑️

Erasure

Delete locally stored data via browser site-data settings

⏸️

Restriction

Restrict how we process your data

📦

Portability

Receive your data in a portable format

🏛️

Complaint

Lodge a complaint with your local supervisory authority

6.2 California Residents — CCPA/CPRA

        Otan Systems does not sell or share your personal information for commercial gain or cross-context behavioural advertising. Prompt transmission to sub-processors is classified as an essential service-provider operational function under strict data-use limitation.
      

California residents have the right to know, delete, and opt out of the sale or sharing of personal information. As we do not sell personal information, no opt-out mechanism is required. Contact us at otan-systems@proton.me for any other requests.

🛡️

Section 7

Technical Security

We protect live data sessions using the following safeguards:

📦

Containerised Isolation

Application logic and routing proxies are containerised via secure Podman environments.

🔒

TLS 1.3 Encryption

All network data is transmitted over TLS 1.3, the latest and most secure transport standard.

✅

PASETO Tokens

Active sessions are validated using tamper-proof PASETO tokens to prevent client-side manipulation.

Contact Otan Systems

Questions, data rights requests, or transparency enquiries

✉️ otan-systems@proton.me 🐙 @Otan-systems ▶️ @OtanSystems 📸 @otansystems_official