Privacy Policy

Last updated: March 23, 2026

Overview

Parse ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our prompt security API service.

Information We Collect

1. API Request Data

We process prompts and content you submit to the Parse API for security analysis. This includes:

• Prompts: Text content submitted for injection screening and safety analysis
• Metadata: Optional fields like agent_id, session_id, and source identifiers
• Execution Results: Sandbox outputs when execute: true is enabled

2. API Keys and Authentication

We collect and store:

• API Keys: Self-generated keys via POST /v1/keys/generate (hashed for storage)
• Key Metadata: Name, creation date, expiration date, scopes, and usage statistics
• IP Addresses: For rate limiting and abuse prevention (retained for 30 days)

3. Payment Data (x402)

When using x402 USDC payments:

• We do not store payment credentials or private keys
• Payment verification occurs on-chain via the Base L2 blockchain
• We record transaction hashes for billing and audit purposes

How We Use Your Data

1. Service Delivery

We use your data to:

• Analyze prompts for security threats (prompt injection, jailbreaks, adversarial patterns)
• Return risk scores, flags, and safety assessments
• Execute prompts in isolated sandbox environments when requested
• Enforce rate limits and prevent abuse

2.Service Improvement

We may use anonymized, aggregated data to:

• Improve detection accuracy and reduce false positives
• Identify new attack patterns and threat vectors
• Optimize API performance and latency
• Generate usage statistics and analytics

Data Retention

API Request Data

• Free tier: Prompt content is not stored after analysis completes
• Sandbox outputs: Retained for 7 days for debugging and security auditing
• Evaluation results: Retained for 30 days (unless your plan specifies otherwise)

API Keys

• Active keys: Retained until expiration (default 30 days) or revocation
• Expired keys: Hashed values retained for 90 days for security auditing
• Usage records: Retained for 90 days for billing and analytics

Data Security

We implement industry-standard security measures:

• Encryption: All data in transit uses TLS 1.3
• API Keys: Stored as SHA-256 hashes (plaintext keys shown once at generation)
• Sandbox Isolation: Execution environments are containerized with no network access
• Access Controls: Strict authentication and authorization for all internal systems
• Monitoring: 24/7 intrusion detection and security auditing

Data Sharing and Disclosure

We do not sell your data. We may share data only in the following circumstances:

1. Service Providers

• Infrastructure: Railway (application hosting), Neon Postgres (database), Upstash Redis (caching)
• Payment Processing: x402 protocol facilitators (verify on-chain USDC transfers)
• AI Models: OpenRouter (LLM analysis routing to providers like DeepSeek, OpenAI, Anthropic)

All providers are contractually obligated to protect your data and use it only for service delivery.

2. Legal Requirements

We may disclose data if required to:

• Comply with legal obligations (court orders, subpoenas, warrants)
• Protect our rights, property, or safety
• Prevent fraud, abuse, or security threats
• Enforce our Terms of Service

Your Rights and Choices

1. API Key Management

• Generate: Create new API keys via POST /v1/keys/generate
• Revoke: Delete keys by contacting support (keys expire after 30 days by default)
• Configure: Adjust screening policy via GET/PUT/DELETE /v1/policy

2. Data Access and Deletion

• Usage Records: Request a copy of your API usage history by contacting support
• Deletion: Request deletion of your account and associated data (retained for legal/audit requirements)
• Export: Export your screening policies and configuration data at any time

3. Opt-Out

• Analytics: We do not use third-party analytics cookies or trackers
• Marketing: We do not send marketing emails or use your data for advertising

Children's Privacy

Parse is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete it promptly.

International Data Transfers

Parse may store and process data in the United States and other countries where our service providers operate. By using our service, you consent to this transfer, processing, and storage of your data.

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of material changes by:

• Posting the new policy on our website
• Updating the "Last updated" date at the top of this policy
• Sending a notification to your registered email (if provided)

Your continued use of Parse after changes constitutes acceptance of the new policy.

Contact Us

For questions about this privacy policy, your data, or your rights, contact us:

• Email: privacy@parsethis.ai
• GitHub: https://github.com/nicobailon/parse-for-agents
• Website: https://parsethis.ai