Legal · Privacy

Privacy Policy

Effective: March 1, 2026 · Version 1.0 · Questions: [email protected]

Plain English summary: We collect only what we need to run your service. We never sell your data. We never train AI models on your data. Your documents and conversations are yours — always.

1. Who We Are

Phosphoros ("we," "us," "our") is an AI workforce amplification company based in Washington, D.C. We provide managed AI services to businesses and government contractors. This policy explains how we collect, use, store, and protect your information.

2. What We Collect

Account & Contact Information

Name, email address, company name, phone number
Billing information (processed by Stripe — we never store raw card numbers)
Job title and department (for enterprise accounts)

Customer Content (Your Data)

Documents, files, and text you upload to train your AI Teammate
Conversations your employees or customers have with your AI Teammate
Configuration settings and custom instructions for your AI agents

Usage & Technical Data

Invocation counts, response times, error logs
IP addresses, browser type (for the PHOS chat widget on your website)
Integration activity logs (Slack, HubSpot, etc.)

3. How We Use Your Data

To provide and operate your AI Teammates — your documents train your agents; your conversation logs help us monitor performance
To send service communications — onboarding, usage alerts, invoices, SLA notifications
To improve our platform — aggregated, anonymized usage metrics only. Never individual customer data.
To comply with legal obligations — responding to lawful government requests with notice to you where permitted

We never: sell your data to third parties, use your content to train AI models, share your data with other customers, or use your conversations for advertising.

4. Data Isolation

Every Phosphoros customer operates in a logically isolated environment. Your knowledge base, conversation history, and AI agent configurations are stored separately from all other customers. Phosphoros employees can only access your data for support purposes, and only with your explicit permission or in response to a critical incident.

5. AI Model Providers

We route your AI requests through OpenAI and Anthropic APIs via our infrastructure. Your data is never sent directly to these providers by your systems — it passes through Phosphoros servers first, where we apply content filtering, session management, and security controls.

Both OpenAI and Anthropic's enterprise API agreements include zero data retention and no training on API data. We operate under these enterprise terms for all customer data.

6. Data Retention

Active accounts: Data retained for the duration of your subscription plus 90 days
Conversation logs: Retained for 12 months by default; configurable to 30 or 90 days on request
Upon cancellation: All customer content deleted within 30 days of your written request
Backups: Purged within 90 days of primary deletion

7. Security

All data encrypted in transit using TLS 1.3
All data encrypted at rest using AES-256
Access controls: role-based, least-privilege, MFA required for all internal staff
SOC 2 Type II audit targeted Q4 2026
Penetration testing conducted quarterly
Incident response: notification within 72 hours of confirmed breach affecting your data

8. Your Rights

Regardless of your location, we honor the following rights:

Access: Request a copy of all data we hold about you
Correction: Update inaccurate personal information
Deletion: Request deletion of your account and all associated data
Portability: Receive your knowledge base documents and conversation data in a machine-readable format
Objection: Opt out of any non-essential data processing

Submit requests to [email protected]. We respond within 30 days.

9. GDPR & CCPA

For customers subject to GDPR (EU/EEA) or CCPA (California): we act as a Data Processor for your customer content and as a Data Controller for your account information. A Data Processing Agreement (DPA) is available upon request and is included automatically in all Scale and Enterprise contracts.

10. Cookies

Our marketing website uses minimal cookies: session authentication and basic analytics (page views, referral source). No advertising or cross-site tracking cookies. You can disable cookies in your browser without affecting core functionality.

11. Changes to This Policy

We'll notify you by email at least 30 days before making material changes. Continued use after the effective date constitutes acceptance.

Questions? [email protected] · Back to site