This Privacy Policy explains what we collect when you work with Metaheuristic, how we use it, and the controls you have. We try to keep it short and concrete.
1. What we collect
Account & contact data. Email, name, organization, and details you submit through our contact form or during an engagement.
Client Materials. Documents, code, data, and system access you provide so we can deliver an engagement (an audit, build, or retainer).
Usage data. Website requests, IP address, user agent, timestamps, and error logs - used to operate and secure the site.
Cookies. A small number of strictly-necessary cookies for session state. We do not run advertising or cross-site tracking cookies.
2. How we use it
- Delivering engagements - audits, prototypes, builds, and LLMOps retainers
- Communicating with you about scoping, milestones, and support
- Billing for engagements and retainers
- Securing the site and our systems - abuse prevention, fraud detection
- Improving our practice in aggregate (we do not train models on your data or code)
3. Who we share it with
- Our team working on your engagement, on a need-to-know basis
- AI providers and subprocessors that run our infrastructure or models: cloud hosting, model APIs, database, email delivery, payment processing. A current list is available on request at privacy@metaheuristic.co
- Authorities when required by law, with notice to you unless legally prohibited
We do not sell personal information.
4. Client Materials and confidentiality
Client Materials are treated as confidential. Everyone on an engagement is bound by confidentiality obligations. We use Client Materials only to deliver the engagement, retain them for the period set in the engagement agreement, then delete or return them on request. We do not use your data or code to train AI models.
5. Data retention
- Account & contact data: for the life of the relationship, plus 12 months
- Client Materials: for the engagement, plus the wind-down period in the agreement (default 90 days), unless you ask us to delete sooner
- Logs: 30 days
- Billing records: 7 years (legal requirement)
6. Security
We encrypt data in transit (TLS 1.2+) and at rest. Access to production systems is limited to a small set of engineers, gated by SSO and hardware keys. Report security issues to security@metaheuristic.co.
7. Your rights
Depending on where you live (GDPR, CCPA, etc.), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing
Email privacy@metaheuristic.co and we’ll respond within 30 days.
8. International transfers
We operate primarily in the EU and US. When data crosses borders, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Children
The service is not directed at children under 16. We do not knowingly collect data from children.
10. Changes
We may update this policy. Material changes will be announced via email or in-product at least 14 days before they take effect.
11. Contact
Privacy questions: privacy@metaheuristic.co