SanctumSanctum
Start
Home

Legal

Privacy Policy

Sanctum Runtime (“we”, “us”, “our”) provides runtime trust infrastructure for autonomous AI systems. This policy explains what we collect, why we collect it, and the choices you have.

Last updated: April 30, 2026

1. Data we collect

We may collect:

  • Account information — name, email, and authentication metadata when you sign in to the cloud console (via our identity provider).
  • Organization and fleet data — organization name, runtime registrations, agent metadata, deployment groups, and configuration you submit.
  • Policy and audit data — action names, policy decisions, risk scores, verification states, human resolutions, correlation IDs, and related context needed to operate the runtime and compliance features.
  • API keys — key names, prefixes, and hashed secrets (we never store full API key values after creation).
  • Usage and billing metadata — plan tier, metered usage events, and payment references processed by our billing provider.
  • Enterprise SSO configuration — OIDC issuer, client ID, and encrypted client secrets you provide for per-organization login.
  • Technical logs — IP addresses, request metadata, and security logs needed to operate, debug, and protect the service.

Content your agents or robots send through the runtime (actions, context, prompts) is processed to enforce policy and may be stored in audit logs according to your plan retention settings.

2. How we use data

We use data to:

  • Provide, operate, and secure the Sanctum Runtime API and cloud console
  • Enforce policies, human-in-the-loop verification, and audit trails
  • Support billing, entitlements, and plan limits
  • Configure enterprise SSO and fleet orchestration
  • Prevent abuse, fraud, and unauthorized access
  • Comply with legal obligations and respond to lawful requests
  • Communicate service updates and support responses

3. AI and infrastructure processing

Optional risk models may process action context to score risk. You control whether cloud AI providers are enabled in your deployment. Infrastructure providers (hosting, database, authentication, email, analytics, and payments) process data only as needed to run the service.

4. Sharing

We share data only with service providers required to operate Sanctum Runtime (for example hosting, Supabase authentication and database, payment processing, and email) or when required by law. We do not sell personal information.

5. Retention and deletion

We retain data only as long as needed for the purposes above. Retention for audit and usage data depends on your plan (see Billing). You may export organization data from the console where available (GDPR export). You may request deletion by contacting us; some records may be retained where required by law.

6. Security

We use reasonable technical and organizational safeguards, including encryption for sensitive configuration (such as SSO client secrets), access controls, and rate limiting. No service is 100% secure — protect your credentials, API keys, and devices.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, delete, or restrict processing of your personal data. Use in-app export where available or contact us below.

8. International transfers

Data may be processed in the United States and other countries where our providers operate. We rely on appropriate safeguards where required by applicable law.

9. Contact

Privacy requests: privacy@sanctumruntime.com

See also: Terms & Conditions, Refund Policy, Billing, Pricing, Contact, Cookies.

Full reference: documentation · llms.txt · architecture.md

Build AI humans can trust.

Open the cloud console to manage runtimes and policies, or self-host the open-source runtime from GitHub.

Start with RuntimeEnterprise