← Back

Privacy Policy

Last updated: February 2026

1. What We Collect

We collect only what is necessary to operate the CI-1T™ service:

  • Account information: Email address and name (provided at signup via the dashboard).
  • API usage data: Numeric prediction scores you submit (via the API, dashboard, or CLI Monitor), timestamps, and computed metrics (CI, authority level, ghost detection status).
  • Technical data: IP address, request headers, and API key identifier — used for rate limiting and security.
  • Chat messages (Pro only): If you use the Ask Grok feature on the dashboard, messages you send are forwarded to xAI for processing. See Section 4.

2. What We Do Not Collect

  • Model weights, architectures, or training data.
  • Raw input text or images — only numeric prediction scores (u16 integers, 0–65535).
  • Personal data beyond what you provide at signup.
  • Third-party tracking cookies, analytics pixels, or advertising identifiers.
  • CLI Monitor local data — profiles, state files, and alert history stored on your machine are never uploaded to our servers.

3. How We Use Your Data

  • To compute and return stability metrics in response to your API calls.
  • To enforce rate limits and prevent abuse.
  • To maintain and improve the service.

We do not sell, share, or monetize your data. We do not use your prediction scores to train any models.

4. Third-Party AI Services (xAI / Grok)

The following dashboard features are powered by Grok, a large language model operated by xAI Corp.:

  • Ask Grok (Pro): Chat messages you send in the Ask Grok panel are transmitted to xAI's API (api.x.ai) for response generation. Your conversation history within a session is included for context.
  • Live Probe / Playground (Pro): Prompts you enter are sent to xAI's API multiple times to measure response consistency. The prompt text and generated responses pass through xAI's infrastructure.

What we send to xAI:

  • Your chat messages and/or probe prompts.
  • A system prompt describing the CI-1T assistant context.
  • Conversation history within the current session (for Ask Grok).

What we do NOT send to xAI:

  • Your email address, name, or account credentials.
  • Your API keys or authentication tokens.
  • Your CI-1T prediction scores or analysis results (unless you type them into the chat yourself).

We log metadata only (timestamps, message count, rate limit events) — never raw message content. However, once your messages reach xAI's servers, they are subject to xAI's privacy policy. We encourage you to review it:

https://x.ai/legal/privacy-policy

xAI may process, store, or use data sent to their API in accordance with their own policies, which are outside our control. Do not share sensitive, confidential, or personally identifiable information in chat or probe prompts.

5. CI-1T Monitor (CLI)

The CI-1T Monitor is an open-source CLI tool (Apache 2.0) that runs on your machine. Here's what stays local and what leaves your machine:

Stored locally only (never sent to us):

  • Profile configuration files (~/.ci1t/profiles/*.yaml)
  • Session state — score history, alert log, rule streak counters (~/.ci1t/profiles/*.state.json)
  • Exported CSV/JSON history files

Sent to the CI-1T API:

  • Numeric prediction scores (u16 arrays) for evaluation
  • API key (if configured, sent as a Bearer token over HTTPS)

Webhooks (user-configured):

If you configure webhook rules, the CLI will POST alert payloads (signal name, rule name, CI score, authority level, timestamp) to URLs you specify. You control what URLs receive this data. The CLI includes SSRF protections to prevent webhooks from targeting internal networks.

The CLI source code is publicly auditable at github.com/collapseindex/ci1t-monitor.

6. Third-Party Infrastructure

We use the following third-party services to operate CI-1T:

  • PocketBase: Authentication and account management. Stores your email, name, and session tokens.
  • Render: Hosts the CI-1T engine API. Processes your prediction scores and returns computed metrics. Standard server logs (IP, timestamps) are retained per Render's infrastructure policies.
  • xAI: Powers the Ask Grok and Live Probe features (see Section 4).
  • GitHub: Hosts the CI-1T Monitor source code and optional Gist exports from chat conversations.

We do not use any third-party analytics, advertising, or tracking services.

7. Cookies & Local Storage

We do not use tracking cookies. The dashboard stores the following in your browser's local storage:

  • Authentication token: A session token from PocketBase to keep you signed in.
  • Chat history: Ask Grok conversation history is stored locally in your browser. It is not uploaded to our servers.
  • User preferences: Theme, panel state, and settings — stored locally, never transmitted.

You can clear this data at any time by clearing your browser's local storage or signing out.

8. External Links

The CI-1T website and dashboard may contain links to external sites (e.g., GitHub, xAI, documentation resources). We are not responsible for the privacy practices of external sites. We recommend reviewing their privacy policies before providing any personal information.

9. Data Retention

API server logs are retained per Render's default infrastructure policies. Chat messages sent via Ask Grok are not stored on our servers — they exist only in your browser's local storage and on xAI's infrastructure per their retention policy.

CLI Monitor state files are stored on your machine and are entirely under your control.

You may request deletion of your account data at any time by emailing ask@collapseindex.org or by deleting your account from the dashboard Settings page.

10. Security

All API traffic is encrypted via TLS. API keys are hashed at rest. Authentication tokens are transmitted only over HTTPS. The CLI Monitor communicates with the API exclusively over HTTPS and includes input validation (score range clamping, path traversal protection, webhook SSRF guards).

11. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. This includes:

  • Exporting your account data.
  • Deleting your account and all associated records.
  • Opting out of the Ask Grok feature (it requires explicit action to use — simply don't use it).
  • Deleting CLI Monitor local data by removing ~/.ci1t/.

Contact ask@collapseindex.org for any data requests.

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information. See Section 11.
  • Right to Opt-Out of Sale: We do not sell your personal information. There is nothing to opt out of.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, email ask@collapseindex.org with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

  • Lawful Basis: We process your data based on legitimate interest (operating the service) and consent (for optional features like Ask Grok).
  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate data.
  • Right to Erasure: You may request deletion of your data ("right to be forgotten").
  • Right to Data Portability: You may request your data in a structured, machine-readable format.
  • Right to Object: You may object to processing based on legitimate interest.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, email ask@collapseindex.org with the subject line "GDPR Request." We will respond within 30 days.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

14. Governing Law

This Privacy Policy is governed by the laws of the State of California. See our Terms of Service for full jurisdiction details.

15. Changes

We may update this policy. Material changes will be posted on the CI-1T website and dashboard at least 14 days before taking effect. Continued use after changes constitutes acceptance.

16. Contact

For privacy-related questions, data requests, or concerns, contact us at ask@collapseindex.org.

For technical security architecture details, see our Security Whitepaper.