— LEGAL · PRIVACY POLICY

What we collect and why.

Last updated: April 2026

01 · Who we are

Who we are

RAE Security, Inc. (“RAE”, “we”, “us”) operates userae.com. For privacy-related matters, contact us at privacy@userae.com.

02 · The most important thing

The most important thing

Raw prompts and responses processed by the RAE on-prem node never leave your network. The RAE cloud control plane receives only metadata: attack category, confidence score, detector votes, timestamp, and latency. We never see your agent’s actual inputs or outputs.

03 · Data we collect

Data we collect

When you use the free audit

Work email address (required; used to deliver the report and contact you), your agent’s HTTPS endpoint URL, the prompts RAE sends to your endpoint (these are our attack prompts, not yours), and your agent’s responses to those prompts. Responses are stored temporarily for report generation and deleted after 30 days.

When you use the RAE Node

Metadata only: attack category, confidence score, detector votes, timestamp, and latency. No raw prompts. No raw responses. Ever.

Website analytics

Page views and referrer data. No cross-site tracking. No advertising pixels. No third-party trackers beyond what’s listed in our cookie notice.

04 · How we use it

How we use it

We use the data we collect to:

  • Deliver your audit report.
  • Contact you about your audit results (once, unless you opt in to further communications).
  • Improve detector accuracy using anonymised, aggregated metadata.
  • Comply with legal obligations.
05 · Data retention

Data retention

  • Audit responses: deleted after 30 days.
  • Audit metadata: retained for model training (anonymised before use).
  • Node metadata: retained for 90 days on the control plane, then aggregated and deleted.
06 · Your rights

Your rights (GDPR / CCPA)

You have the right to access, correct, delete, or export your data. Email privacy@userae.com. We will respond within 30 days.

07 · Cookies

Cookies

We use one first-party session cookie for the audit run page. We do not use advertising cookies or cross-site trackers. You can disable cookies in your browser; the audit form will still work.

08 · Changes

Changes

We will notify users by email if material changes are made to this policy.