Your data never reaches us.

Effective May 3, 2026 · Version 2.0 · 360opsAI LLC, a Florida limited liability company

360opsAI LLC (“360ops,” “we,” “us”) is not an AI company. We are an AI interface: a privacy-first filter that sits between you and the cloud AI providers you choose. Our job is to make sure the sensitive parts of your work never leave your device. This Privacy Policy explains, in plain terms, what that means for the data you generate while using 360ops.

// 01 · The short version

We don’t see your content. 360ops processes your messages, files, and prompts on your own device. The 360ops Desktop runs locally on Windows; 360ops Spartan runs locally on hardware you own.
Sensitive data is scrubbed before any cloud call. When you ask an AI question that needs a cloud model, we replace identifiers and sensitive fields with placeholder tokens (e.g. [NAME_1], [ACCOUNT_2]) before the request leaves your device.
The scrub map stays on your device. The mapping from placeholder back to the real value lives only on your hardware. When the AI’s reply comes back, your local 360ops client substitutes the real values back in. We never see the mapping. Cloud AI providers never see the original data.
We don’t train models on you. Your content is not used to train any AI model — ours or anyone else’s.
We don’t sell, share, or analyze your content. The only data we hold on our servers is what’s required to run your subscription: account email, billing record, license key, system version, basic usage counts.

// 02 · What we collect

2.1 Account & billing

Email address you sign up with.
Display name (optional).
Subscription tier and billing record (payment processed by our payment provider — they hold the card; we never see card numbers).

2.2 License & system telemetry

So we can validate your subscription and send updates, the 360ops client periodically transmits:

Your license key.
A hardware fingerprint (e.g. MAC + RAM signature) on Spartan installations.
Software version number.
Aggregate counts: number of active users, memory utilization, names of activated agents.

This telemetry contains no business content, no AI conversation text, no customer or employee information, no files, and no PII.

2.3 Support communications

If you contact support@360ops.ai, we collect what you send us — emails, screenshots, error logs you choose to share. We use it to help you and delete it when the case is closed.

2.4 Site analytics

Standard web analytics (IP address, browser, pages viewed, referrer) when you visit our marketing site or management console. We don’t run advertising cookies and we don’t track you across the web.

// 03 · What we don’t collect

360ops does not collect, transmit, or store:

The content of your AI prompts or replies.
Your emails, calendar events, files, documents, or messages.
Customer, employee, or vendor information from your business systems.
Financial records, transactions, or accounting data.
Agent memories, learned behaviors, or personal context.
The scrub vault — the map between placeholder tokens and your real values.

The scrub vault is the most important one to call out. It’s how 360ops can restore your data when an AI reply comes back. It exists only on your device. If you wipe your device, the vault is gone — there is no cloud backup we hold for it.

// 04 · How the privacy filter works

4.1 Local first

Whenever 360ops can answer with a local model on your device, it does. No cloud call happens. Your data never leaves your hardware.

4.2 Scrub before cloud

When a request needs a cloud AI model, the 360ops client runs your prompt through a local scrubber that:

Detects sensitive fields — PHI (HIPAA), PII (GDPR/CCPA), financial values, privileged matter, custom rules you define.
Replaces each detected value with an opaque placeholder token.
Stores the token-to-value mapping only on your device.
Sends only the scrubbed prompt to the cloud AI provider you’ve selected.

4.3 Restore on return

When the cloud AI’s reply arrives, your local 360ops client looks up each placeholder token in the on-device scrub map and substitutes the original value back. You see a complete, correct answer. The cloud provider only ever saw redacted text. We only see the encrypted route metadata required to bill the call.

4.4 Routing decisions

You decide which AI providers receive scrubbed traffic. 360ops routes through providers you authorize. Each provider has its own privacy and use policy that governs the scrubbed text we forward to it on your behalf — but they never see your original data.

// 05 · Sub-processors

We use a small set of vendors strictly to operate the service. Each receives only the minimum data needed for its function. The current list is published and updated at 360ops.ai/security. Vendor categories include: account database & authentication, application hosting, payment processing, transactional email, encrypted file storage, and any AI inference providers you’ve enabled in your subscription. None of our vendors receives your scrub vault or the original (un-redacted) values of your sensitive fields.

// 06 · How we use what we do collect

Validate your subscription and route licensed features.
Process payments and renewal.
Provide customer support when you ask for it.
Detect and prevent abuse, fraud, or service disruption.
Comply with legal obligations.

We do not use your information to:

Train any AI model.
Sell, rent, or trade to third parties.
Show you advertising.
Build profiles of your business behavior.

// 07 · Information sharing

We don’t sell, rent, or trade your information. We only share when:

Sub-processors need account/billing/telemetry to run the service (per Section 5).
Legal compulsion — court order, subpoena, government request — and we’ll fight overbroad requests.
Business transfers — a future acquisition or asset sale would carry your account/billing record to the successor with notice to you first.

We have no business reason to share your scrubbed traffic content beyond forwarding it to the AI provider you authorized.

// 08 · Security

All connections use TLS 1.2+. Account/billing data is encrypted at rest. Access to production systems is logged and limited to employees with a documented operational need. We run regular security reviews. The scrub vault never touches our infrastructure — its security depends on the hardware you run 360ops on.

// 09 · Retention

Account & billing: retained for the life of your subscription plus the period required by law (typically 7 years for tax records).
Telemetry: aggregated and retained for product analytics; no individually identifiable retention beyond 90 days.
Support tickets: kept for the case, then deleted within 90 days of close.
Scrub vault: lives only on your device. We never see it; we can’t delete it for you.

// 10 · Your rights

10.1 Access, correction, deletion

Email privacy@360ops.ai from your account address and we’ll provide a JSON export of the data we hold (account, billing, telemetry) within 30 days, or delete it within 30 days, except where law requires retention.

10.2 California (CCPA), Europe (GDPR), and other jurisdictions

You have rights including access, correction, deletion, and opt-out where applicable. We do not sell personal information. To exercise your rights, contact privacy@360ops.ai.

10.3 Children

360ops is not directed at anyone under 13 (under 16 in the EU). We don’t knowingly collect data from children. If you believe a child has signed up, contact us and we’ll delete the account.

// 11 · Cookies

Our marketing site and console use only the cookies needed for sign-in and session management. No advertising cookies. No cross-site tracking.

// 12 · Changes

We’ll post material changes to this policy here at least 30 days before they take effect, and email account owners. The effective date at the top tracks the most recent revision.

// 13 · Contact

Privacy Officer — 360opsAI LLC · Miami, FL
Privacy: privacy@360ops.ai
Legal: legal@360ops.ai
Support: support@360ops.ai
Site: https://360ops.ai

Document: Privacy Policy v2.0
Effective: May 3, 2026
Entity: 360opsAI LLC, a Florida limited liability company.