Privacy Policy

Your data is yours. Always. We built Lociro to give you full control, transparency, and enterprise-grade privacy — without the fine-print gotchas.

📅 Effective date: May 11, 2026 🔒 Last updated: May 11, 2026

1. Introduction & scope

Lociro.ai (“Lociro”, “we”, “us”, or “our”) provides a centralized AI workspace for teams — including the admin dashboard, chat interface, audit logs, Company Standards, and all underlying services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform (“Service”).

What this policy covers: All data submitted to Lociro, including chat prompts, file uploads, responses from AI models, audit logs, team member details, and billing information.

What this policy does NOT cover: Third-party AI providers’ independent data practices — but we contractually restrict every provider we route to from training on your data or retaining your inputs. See Section 6 for our provider guarantee.

2. Information we collect

📋 Workspace & account data

Company name, admin email addresses, employee emails, role assignments, and authentication logs (OTP timestamps, IP addresses).

💬 Chat & content data

All prompts, model responses, file attachments (including PDFs, images, Word, Excel), and chat metadata (project, timestamps, model used).

📊 Usage & telemetry

Model selection, token counts, feature usage (audit log views, standards toggles), and performance metrics — never associated with specific chat content.

💳 Billing information

Payment method details (processed by our PCI-compliant partners), invoice contacts, and subscription tier.

What we NEVER collect: We do not collect or store API keys for third-party AI providers; all credentials are held by Lociro and rotated regularly. We also never collect biometric data, government IDs, or financial account numbers beyond payment processing.

3. How we use your information

  • Provide the Service — route chats to chosen AI models, generate responses, store conversation history, and enable your admin dashboard.
  • Security & compliance — enforce Company Standards, flag potential sensitive data (e.g., credentials), audit employee activity, and maintain login restrictions (IP/network).
  • Product improvement — aggregate usage patterns (e.g., “42% of chats use Claude”) to improve model routing and performance. Individual chat content is never used for training or seen by Lociro staff without explicit permission.
  • Customer support — troubleshoot issues only when you grant temporary, per-incident access. By default, no Lociro employee can read your workspace.
  • Billing & account management — process payments, send invoices, and manage user seats.

Lociro does not sell your personal data. We do not share chat contents with advertisers or third parties for marketing purposes.

4. Data retention & deletion

Your workspace retains all chats, files, and audit logs for as long as your account is active. After cancellation:

  • You may export all data (CSV, JSON) via the admin dashboard before closing your account.
  • Upon termination, we delete chat history and associated files within 30 days (configurable to 7 days for Enterprise plans).
  • Anonymized, aggregate usage statistics (with no identifiable content) may be retained for product analytics.

You can also request manual deletion of specific conversations via privacy@lociro.ai. We will fulfill requests within 14 days.

5. When we share your data

We share information only in these limited scenarios:

  • AI providers (zero-training only). Your prompts and files are transmitted to the models you select (e.g., Claude, GPT, Llama). Every provider we work with signs enterprise terms guaranteeing no training, no retention, no human review. See Provider Guarantee in Section 6.
  • Subprocessors & hosting. We use encrypted cloud infrastructure (AWS, Vercel) to store your data. All data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Legal obligations. If required by law, valid court order, or to protect the rights and safety of Lociro or others. We will notify you before complying unless legally prohibited.
  • With your explicit consent. For example, when you grant Lociro support temporary access to troubleshoot an issue.

We never sell, rent, or trade your personal information or chat data.

6. AI provider zero-training guarantee ✓ contractually bound

Unlike consumer AI tools, Lociro routes only to providers that commit in writing to the following:

🚫 No training on inputs

Your prompts, uploaded files, and model outputs are never used to improve or train any foundation model.

⏱️ Zero retention

Providers delete inference data immediately after returning the response. No logging, no sampling, no “trust & safety” review.

🔒 Enterprise-only terms

Every model provider signed an addendum before we routed a single chat. No consumer defaults. No fine-print exceptions.

We disclose the complete list of AI providers under NDA during your security review. Contact security@lociro.ai to request our current provider roster and copies of relevant data processing agreements.

7. Your privacy rights

Depending on your jurisdiction (EEA, UK, California, etc.), you have these rights over your data:

  • Access: Receive a copy of personal data we hold about your workspace users.
  • Correction: Update inaccurate employee email addresses or roles.
  • Deletion: Request deletion of specific conversations or your entire workspace.
  • Export: Download all chats, files, and audit logs in machine-readable format (CSV/JSON).
  • Restrict processing: Opt out of non-essential processing (e.g., aggregate analytics).

How to exercise rights: Email privacy@lociro.ai or use the admin dashboard’s “Export” and “Delete” controls. We respond within 30 days.

8. Security & encryption

We protect your workspace with multiple layers of security:

  • Encryption at rest: All chat history, files, and audit logs are encrypted using AES-256.
  • Encryption in transit: TLS 1.3 for all connections between your browser, Lociro servers, and AI providers.
  • Access controls: Only OTP-authenticated users can enter the workspace. Admin can enforce IP/office restrictions.
  • No standing access: Lociro engineers cannot read customer workspaces unless you grant a temporary, audited support token.
  • Third-party security: All subprocessors are audited annually (SOC 2 Type II or equivalent).

9. Cookies & similar technologies

We use essential cookies to operate the Service (session management, security tokens). We do not use advertising cookies, cross-site trackers, or any form of behavioral tracking for marketing. Analytics are privacy-preserving (no sharing of chat content). You can disable non-essential cookies in your browser settings without affecting core functionality.

10. International data transfers

Your data is stored on servers located in the US-East (N. Virginia) region. If you access Lociro from outside the United States, you consent to the transfer and processing of your data in the US. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and additional safeguards. All AI providers we route to also adhere to SCCs or equivalent adequacy mechanisms.

11. Children’s privacy

Lociro is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact privacy@lociro.ai and we will delete it promptly.

12. Updates to this Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. If we make material changes, we will notify you via email (to workspace admins) and via an in-app banner at least 14 days before the effective date. Your continued use after the update constitutes acceptance of the revised policy.

The “Last updated” date at the top of this page indicates when the latest revision was published. Historical versions are available upon request.

This Privacy Policy is incorporated into the Lociro Terms of Service. By using Lociro, you acknowledge that you have read and understood this policy.