Effective: March 2026
This Privacy Policy describes how Primust, Inc. ("Primust," "we," "us," or "our") collects, uses, and protects information when you use our website, APIs, dashboard, and related services (collectively, the "Services").
By using the Services, you agree to the collection and use of information as described in this policy.
Account information. When you create an account, we collect your name, email address, and organization name. If you subscribe to a paid plan, we collect billing information through our payment processor.
Inquiry information. When you contact us or submit the design-partner form, we collect the name, work email, company, role, use case, and workflow description you provide so we can respond. We do not store your raw IP address or browser user-agent with the inquiry.
Usage data. We collect anonymized usage data including API call volumes, feature usage patterns, and performance metrics. This data does not include the content of your governance checks or the data they operate on.
Credential signing requests. When you submit a credential for signing, we receive only the commitment hash. We do not receive, store, or have access to the underlying data, check logic, or check results.
We use the information we collect to: provide, maintain, and improve the Services; process transactions; send service communications; monitor usage for security and abuse prevention; and comply with legal obligations.
We do not sell personal information. We do not use customer data for advertising.
Account information is retained for the duration of your account. Inquiry information is retained only as long as needed to evaluate and respond to the inquiry or meet legal obligations. Usage data is retained in anonymized, aggregated form. Credential signing metadata (timestamps, hash prefixes for deduplication) is retained for 90 days unless you request earlier deletion.
We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and access controls. Our signing infrastructure uses hardware security modules (HSMs) for key management.
The architecture is designed so that a breach of Primust systems would not expose customer data — because we never have it.
We use third-party service providers for payment processing, infrastructure hosting, and analytics. These providers are contractually bound to protect your information and may only use it to perform services on our behalf.
We may disclose information if required by law, subpoena, or court order.
We use essential cookies for authentication and session management. We use analytics cookies to understand how the Services are used. You can disable non-essential cookies in your browser settings.
You may request access to, correction of, or deletion of your personal information by contacting us. California residents have additional rights under the CCPA. EU residents have additional rights under the GDPR.
We may update this policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date.
For privacy inquiries, contact us at privacy@primust.com.
Primust, Inc.
San Francisco, California