1. Introduction

This Privacy Policy describes how Cast Services, Inc. (“Company,” “we,” “our”) collects, uses, stores, and protects information in connection with our internal AI and orchestration system (“System”). This policy applies exclusively to Authorized Users who access the System through our Tailscale VPN infrastructure.

This System is not public-facing. It is operated solely for internal business purposes, accessible only behind a secure Tailscale VPN with authenticated access controls. No data collected or processed by the System is shared with, sold to, or used by any third party for marketing, advertising, analytics, or any commercial purpose whatsoever.

2. Scope

This Privacy Policy applies to:

• All Authorized Users of the System, including employees, contractors, and agents
• All data entered into, generated by, or processed through the System
• All AI processing, orchestration workflows, and automated operations within the System

This policy does not apply to the Company’s external websites, public products, or other services, which are governed by separate privacy policies.

3. Data We Collect

3.1 Authentication & Access Data

When you connect to the System via Tailscale VPN, we collect:

• Tailscale identity and device information (machine name, user identity, IP address within the Tailscale network)
• Authentication credentials and session tokens
• Login timestamps and session duration
• Device type and operating system information

3.2 Usage Data

During your use of the System, we may collect:

• Queries, prompts, and inputs submitted to the AI components
• Orchestration workflow execution logs and task metadata
• System interaction logs (features used, actions taken, errors encountered)
• Output and result data generated by AI models and orchestration workflows

3.3 Technical & Operational Data

• System performance metrics and error logs
• API call logs between integrated internal services
• Resource utilization data (compute, memory, storage)

4. How We Use Data

All data collected through the System is used exclusively for the following internal purposes:

4.1 System Operation

• Authenticating and authorizing user access
• Executing AI inferences and orchestration workflows as requested by Authorized Users
• Routing, processing, and delivering System outputs

4.2 Security & Compliance

• Monitoring for unauthorized access, security threats, and anomalous activity
• Maintaining audit trails for compliance and governance purposes
• Investigating and responding to security incidents

4.3 System Improvement

• Diagnosing and resolving technical issues and bugs
• Optimizing System performance, reliability, and user experience
• Planning infrastructure capacity and resource allocation

5. What We Do NOT Do With Your Data

We want to be unambiguously clear about the following commitments. Data collected or processed through the System is NEVER:

• Sold, rented, leased, or transferred to any third party for any reason
• Used for marketing, advertising, profiling, or commercial targeting of any kind
• Shared with advertisers, data brokers, analytics platforms, or marketing services
• Used to train, fine-tune, or improve any external or third-party AI models
• Used to build user profiles for purposes unrelated to System operation and security
• Transmitted outside the Company’s controlled infrastructure or Tailscale VPN boundary
• Made accessible to any person or system that is not expressly authorized

6. Data Storage & Security

6.1 Infrastructure Security

The System operates entirely within the Company’s private infrastructure, protected by:

• Tailscale VPN encryption for all network communications (WireGuard® protocol)
• Authenticated access requiring valid Tailscale identity and Company credentials
• Network-level isolation ensuring the System is not accessible from the public internet
• Encryption at rest for all stored data using industry-standard encryption algorithms
• Encryption in transit for all data moving between System components

6.2 Access Controls

• Role-based access controls (RBAC) limiting data access to authorized personnel
• Principle of least privilege applied to all System accounts and service connections
• Regular access reviews and credential rotation
• Multi-factor authentication where applicable

6.3 Monitoring & Incident Response

• Continuous security monitoring and alerting for suspicious activity
• Documented incident response procedures for data security events
• Regular security assessments and vulnerability reviews

7. Data Retention

We retain data collected through the System in accordance with the following principles:

• Authentication and access logs: Retained for 1 year for security auditing purposes
• AI interaction data (prompts and outputs): Retained for 1 year or as needed for System operation and debugging
• Orchestration workflow logs: Retained for 1 year for operational monitoring and troubleshooting
• System performance data: Retained for 1 year for capacity planning and optimization

Data is securely deleted or anonymized when it is no longer needed for the purposes described in this policy, in accordance with the Company’s data retention schedule.

8. AI-Specific Privacy Considerations

8.1 AI Data Processing

The AI components of the System process data solely to generate outputs in response to Authorized User requests. AI processing occurs entirely within the Company’s controlled infrastructure. Specifically:

• AI models operate within the Company’s private environment and do not transmit data externally
• Prompts and inputs are processed in real-time and are not used for model training or improvement of external AI services
• AI-generated outputs are stored only as necessary for System operation, logging, and audit purposes

8.2 Orchestration Data Flows

Orchestration workflows may route data between multiple internal services and AI models. All such data flows:

• Remain entirely within the Tailscale VPN perimeter and Company infrastructure
• Are logged for audit and troubleshooting purposes
• Are subject to the same access controls and security measures as all other System data

8.3 No Automated Decision-Making

The System does not make automated decisions that produce legal effects or similarly significant impacts on individuals without human review. AI outputs are intended to assist and inform Authorized Users, who retain responsibility for final decisions.

9. Third-Party Services

The System may integrate with internal tools and services operated by the Company. Where third-party software or APIs are used as part of the System’s infrastructure (e.g., AI model providers, cloud services), such integrations are:

• Governed by data processing agreements that prohibit the use of Company data for any purpose other than providing the contracted service
• Configured to minimize data exposure, using anonymization or pseudonymization where feasible
• Subject to the Company’s vendor security review process

No third-party service integrated with the System is permitted to use any data for marketing, advertising, model training, or any purpose beyond the direct provision of the service.

10. Your Rights & Choices

As an Authorized User, you have the right to:

• Request information about what data the System has collected in connection with your use
• Request correction of inaccurate data associated with your account
• Request deletion of your data, subject to the Company’s legitimate retention requirements for security and compliance
• Raise concerns or questions about data handling practices to [email protected]

To exercise any of these rights, contact [email protected].

11. Changes to This Policy

The Company may update this Privacy Policy from time to time to reflect changes in practices, technology, or legal requirements. Updated versions will be communicated to Authorized Users via email and will indicate the date of the most recent revision. Continued use of the System after notification of changes constitutes acceptance of the updated policy.

12. Contact Information

For questions, concerns, or requests related to this Privacy Policy or the handling of data within the System, please contact:

Privacy/Compliance Contact: Cast Services, Inc.

Email: [email protected]

Internal Channel: Email ([email protected])