Privacy Policy | Ling 1T | Open-Source Trillion-Parameter AI Model

Last updated: June 23, 2025

1. Introduction

This Privacy Policy outlines how the Ling-1T AI service available at https://ling-1t.ai (“Ling-1T AI”, “we”, “us”, “our”) collects, uses, discloses, and safeguards personal data. We operate a hosted deployment of the open-source Ling-1T language model. Ling-1T AI is an independent service provider and is not affiliated with the model’s original authors. This notice applies when you browse our marketing site, use the console, call our APIs, interact with support, or otherwise engage with the services described here (collectively, the “Services”).

We act as the data controller for the personal data covered by this policy unless we identify a processor role. The policy supplements our Cookie Policy and is designed to meet the requirements of the EU GDPR, UK GDPR, ePrivacy Directive, CCPA/CPRA, and other applicable privacy regulations. When consent is the lawful basis for processing, we request it through explicit mechanisms such as a cookie banner or in-product settings.

2. Key Definitions

Account Data: Information required to create or manage an account, such as name, email address, password hash, workspace affiliation, and optional profile details.
Service Usage Data: Diagnostic, telemetry, and interaction data generated while you browse the site or use the console and APIs (for example IP address, device type, session identifiers, and feature engagement).
Conversation Data: Prompts, attachments, and generated outputs exchanged with the Ling-1T model through chat or API calls.
Billing Data: Transaction details processed by our merchant of record (Creem / Armitage Labs OÜ), including invoice line items, payment confirmations, and tax information.
Processor: A third party that processes personal data on our behalf under written instructions.

3. Personal Data We Collect

3.1 Information You Provide

Account registration: Name, email address, password (stored in hashed form), organisation, timezone, and optional profile preferences submitted when you sign up or update your account.
Billing and compliance: Business name, billing address, tax identifiers, and payment method details entered during checkout. This data is collected and retained by Creem as merchant of record.
Support communications: Messages you send to our support channels, feedback forms, or other correspondence.
Conversation inputs: Prompts, uploads, and configuration parameters you submit for Ling-1T model inference.

3.2 Information Collected Automatically

Device and security logs: IP address, browser type, operating system, authentication events, and error diagnostics captured to preserve platform integrity.
Product telemetry: Aggregated statistics about API throughput, latency, and usage volumes used to prioritise reliability improvements.
Session management: Cookies, local storage values, and similar identifiers described in the Cookie Policy that support authentication, localisation, consent logging, and fraud prevention.

3.3 Information from Third Parties

Identity providers: When you choose social sign-in (e.g., Google or GitHub), we receive basic profile details such as your verified email or display name in line with each provider’s privacy policy.
Payment processor: Creem shares payment confirmations, customer identifiers, tax compliance flags, and fraud screening results required to provide billing services.
Model infrastructure partners: Compute providers may return metadata (for example, token counts or job IDs) needed to process Ling-1T workloads. These partners do not have access to your authentication credentials.

We do not buy personal data from data brokers.

4. How We Use Personal Data

Service delivery: Authenticate users, manage sessions, provide API access, and surface usage dashboards.
Model inference: Execute your prompts against Ling-1T deployments and deliver the resulting outputs. We do not use customer Conversation Data to retrain or fine-tune models without your explicit written permission.
Billing and account administration: Track consumption, detect unpaid balances, generate invoices, and comply with financial reporting obligations.
Support and communications: Respond to support requests, send incident or maintenance notifications, and share product updates you opt in to receive.
Analytics and improvement: Monitor performance, reliability, and capacity to improve the Services while honouring your cookie preferences.
Legal and security purposes: Enforce our terms, investigate abuse, and respond to lawful requests.

5. Legal Bases for Processing (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on:

Performance of a contract: Providing the Services, verifying accounts, processing model calls, and facilitating billing.
Legitimate interests: Ensuring service reliability, preventing fraud, safeguarding infrastructure, and communicating essential updates.
Consent: Optional analytics, marketing communications, and any secondary processing of Conversation Data beyond real-time inference.
Legal obligations: Meeting tax, accounting, and regulatory requirements.

We share personal data with third parties only when necessary to deliver the Services or comply with the law:

Infrastructure and hosting: Providers such as Cloudflare and Vercel that supply networking, edge caching, monitoring, and security functionality.
Payment and billing: Creem and its sub-processors, which administer checkout, invoicing, and compliance screening.
Identity providers: Google and GitHub, but only if you choose their authentication options.
Email and support tooling: Vendors that help us manage ticketing, incident response, and transactional communications.
Professional advisers: Legal, tax, or accounting consultants bound by confidentiality obligations.
Regulators and authorities: When required to comply with applicable laws or to protect rights, property, or safety.

We do not sell personal data or allow processors to use it for their own advertising.

7. Data Retention

We retain personal data for no longer than necessary:

Account Data is kept for the lifetime of the account plus reasonable backup and audit intervals.
Billing Data is stored for the duration mandated by tax and accounting rules (typically 7–10 years).
Conversation Data is retained for up to 30 days to support session continuity unless you opt into longer retention for workspace history.
Support records are kept for up to 24 months unless a longer period is required to resolve open issues or comply with legal obligations.

You may request deletion or earlier anonymisation as described in Section 10.

8. International Data Transfers

We may transfer personal data to countries outside your jurisdiction, including Singapore, the European Union, the United States, and Estonia (where Creem is established). When transferring personal data from the EEA/UK/Switzerland, we use Standard Contractual Clauses or other recognised safeguards and carry out transfer impact assessments where required.

9. Security Measures

We maintain administrative, technical, and organisational safeguards such as encryption in transit, network segmentation, least-privilege access controls, audit logging, and regular vulnerability management. No online service can guarantee absolute security; if we identify a breach affecting your data, we will notify you and the relevant supervisory authorities in accordance with applicable law.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, as well as to receive a portable copy. You may withdraw consent for optional processing at any time without affecting the lawfulness of prior use.

Account controls: Update basic account information within the console.
Data requests: Email [email protected] with “Data Request” in the subject line; we will respond within the time frames mandated by local law (30 days under GDPR, 45 days under CCPA/CPRA).
Marketing preferences: Use the unsubscribe link in our messages or adjust your settings within the product.
Cookie preferences: Modify your selections through the Cookie Settings link or by clearing your browser cache.

We honour Global Privacy Control (GPC) or similar browser signals where required.

11. California Privacy Disclosures

For residents covered by the CCPA/CPRA, we disclose the categories of personal information described in Sections 3 and 6 for business purposes only. We do not sell or share personal information as defined by the CPRA. You may designate an authorised agent to submit requests on your behalf by providing written permission and verifying your identity.

12. Children’s Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a minor has provided personal data, contact us so we can delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our Services. Material updates will be communicated via the console, email (where appropriate), or prominent notices on our website. The “Last updated” date above indicates the most recent revision. Continued use of the Services after updates take effect constitutes acceptance of the revised policy.

14. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact:

Email: [email protected]
EU/UK representation: Available upon request via the email above

You may also lodge a complaint with your local data protection authority if you believe we have not resolved your concerns.