PRIVACY POLICY
LAST PROTOCOL AI SECURITY PLATFORM
EFFECTIVE DATE: NOVEMBER 24, 2025 • LAST UPDATED: DECEMBER 1, 2025
1. INTRODUCTION
Last Protocol ("Last Protocol," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI security platform and related services (the "Service").
By accessing or using our Service, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. INFORMATION WE COLLECT
2.1 Personal Information
We may collect the following personal information when you use our Service:
- Account information: full name, email address, organization details
- Authentication data: password hashes, email verification status
- Billing information: payment details, subscription plans, billing addresses
- Profile data: account type, organization settings, user preferences
2.2 Technical Information
- AI agent testing data and certification results
- Firewall configuration and policy settings
- Shadow AI detection logs and alerts
- System usage metrics and performance data
- IP addresses, device information, browser types
- Log files, cookies, and analytics data
2.3 AI Request Data (Important)
When you use our proxy or firewall services to route AI API traffic, we process your requests as follows:
What We Store (Metadata Only by Default):
- AI provider (OpenAI, Anthropic, Google, etc.)
- Model name (GPT-5, Claude 4.5, etc.)
- Timestamp of request
- Token counts (input/output)
- Estimated cost
- User and organization identifiers
- Firewall decisions (allowed/blocked) and rules triggered
What We Process But Do NOT Store by Default:
- Request content (prompts, messages)
- Response content (AI-generated text)
This content is processed in-memory only for real-time security scanning (detecting prompt injection, sensitive data exfiltration, policy violations) and is then discarded. Content is NOT written to our database unless your organization explicitly enables content logging.
Optional Content Logging:
Organizations may choose to enable full content logging for compliance, auditing, or training purposes. When enabled, request and response content will be stored in accordance with your organization's data retention policies. This is an opt-in feature and is disabled by default.
2.4 Communication Data
- Support requests and customer service interactions
- Email communications and notifications
- Feedback and survey responses
3. HOW WE USE YOUR INFORMATION
We use the collected information for the following purposes:
- Service Provision: To provide, operate, and maintain our AI security platform
- Agent Certification: To test, certify, and monitor AI agent security compliance
- Firewall Protection: To configure and maintain AI firewall policies and rules
- Shadow AI Detection: To identify and alert on unauthorized AI usage
- Account Management: To create and manage your account, authentication, and billing
- Customer Support: To respond to inquiries, provide technical support, and resolve issues
- Security: To detect, prevent, and address technical issues and security threats
- Analytics: To analyze usage patterns and improve our services
- Legal Compliance: To comply with legal obligations and protect our rights
4. DATA SHARING AND DISCLOSURE
We may share your information in the following circumstances:
4.1 Service Providers
We may share information with third-party service providers who perform services on our behalf, including cloud hosting, payment processing, email delivery, and analytics services.
4.2 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities, including law enforcement or national security requirements.
4.4 Protection of Rights
We may disclose information to protect our rights, property, or safety, or that of our users or others, including exchanging information for fraud protection purposes.
5. DATA SECURITY
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- End-to-end encryption for data in transit and at rest
- Multi-factor authentication and access controls
- Regular security audits and vulnerability assessments
- Secure cloud infrastructure and data centers
- Employee training on data protection and security practices
SECURITY NOTICE: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
6. DATA RETENTION
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.
- Account data: Retained while your account is active and for 7 years after account closure
- Security logs: Retained for up to 2 years for security analysis and compliance
- Billing records: Retained for 7 years for tax and legal compliance
- Analytics data: May be retained indefinitely in anonymized form
7. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights regarding your personal information:
- Access: The right to request copies of your personal information
- Rectification: The right to request correction of inaccurate information
- Erasure: The right to request deletion of your personal information
- Portability: The right to receive your data in a structured, machine-readable format
- Restriction: The right to request restriction of processing under certain conditions
- Objection: The right to object to processing based on legitimate interests
- Withdraw Consent: The right to withdraw consent for processing
To exercise these rights, please contact us
8. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your own. We ensure that such transfers are conducted in accordance with applicable data protection laws and include appropriate safeguards to protect your personal information.
9. CHILDREN'S PRIVACY
Our Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.
10. THIRD-PARTY LINKS
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage you to read the privacy policies of any third-party sites you visit.
11. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information is collected and how it is used
- The right to delete personal information
- The right to opt-out of the sale of personal information (we do not sell personal information)
- The right to non-discrimination for exercising CCPA rights
To exercise these rights, contact us
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after such modifications constitutes acceptance of the updated Privacy Policy.
13. CONTACT INFORMATION
If you have any questions about this Privacy Policy or our privacy practices, please contact us:
Last Protocol