Effective May 25, 2026
This Privacy Policy explains how SUDO, a DBA of Gravitas Digital LLC ("SUDO," "we," "us"), collects, uses, and protects information when you use SUDO Cloud (the "Service"). Our core principle: your data is yours, and we never use it to train any AI model.
Account information — your email and workspace name. Content — the prompts, documents, and agent configurations you submit. Usage data — model, token counts, latency, and timestamps for each request (our audit log). Payment information — handled by Stripe; we store only your subscription status and a Stripe customer reference, never your full card details.
Protected (SUDO-hosted). Requests to our open-source models run on infrastructure we operate. Your data stays within your isolated tenant and is never used to train any model.
Vendor-routed (your keys). If you connect your own Anthropic, OpenAI, or Google key, requests you route to those providers are sent to them and governed by their privacy terms. We log the metadata (provider, model, tokens) but the content is processed by the chosen vendor.
Private (SUDO Box). If you run a SUDO Box on your own hardware, those requests are processed entirely on your premises and never reach our cloud.
To provide and operate the Service, process AI requests, enforce plan usage limits, maintain your audit log, process payments, provide support, and secure the platform. We do not sell your personal information, and we do not use your content to train models.
We rely on a small set of processors to run the Service: Supabase (authentication and database), Vercel (application hosting), Stripe (payments), Together AI (open-source model inference for the Protected tier), and the third-party AI providers you choose to connect. Each processes data only as needed to provide their part of the Service.
Each tenant's data is isolated at the database level (row-level security). Any provider API keys you add are encrypted (AES-256-GCM) before storage and are decrypted only server-side at request time — never exposed to the browser and never logged. Connections are encrypted in transit (TLS).
We retain your account, content, and audit logs while your account is active. You can delete chats at any time. To request access to or deletion of your data, or to close your account, email us and we will act on your request as required by applicable law.
We use only essential cookies required to keep you signed in. We do not use third-party advertising or tracking cookies.
The Service is not directed to anyone under 18, and we do not knowingly collect information from children.
We may update this Policy from time to time. Material changes will be reflected in the effective date above and, where appropriate, communicated to you.
Privacy questions? Email sudo@sudo.digital.