Privacy Policy
SIBYL TECHNOLOGIES INC.
Privacy Policy
Last Updated: February 13, 2026
1. Introduction
Sibyl Technologies Inc. (“Company,” “we,” “us,” “our”) operates the SIBYL platform (“Service”), an AI-powered research, verification, and analysis tool available at https://sibylsays.com. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Service.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, do not use the Service.
This Privacy Policy applies to all users of the Service. For questions, contact us at support@sibylsays.com.
Data Minimization Commitment: We design our systems to collect and retain only the minimum data necessary to provide, secure, and improve the Service. We regularly review our data collection practices and eliminate unnecessary data processing wherever possible.
2. Information We Collect
2.1 Information You Provide
2.2 Information We Generate
As part of delivering SIBYL’s multi-model verification service, we generate the following data when you submit a query:
2.3 Information Collected Automatically
2.4 Information We Do NOT Collect
We do not collect: biometric data; precise geolocation (GPS); contact lists or address books; data from other apps on your device; or audio, video, or image data (unless you submit it as part of a query).
2.5 Sensitive Data Expectations
Important: Users should not submit protected health information (PHI), Social Security numbers, financial account numbers, or other regulated sensitive data to the Service unless explicitly supported under a separate enterprise agreement. The Service is not designed as a HIPAA-compliant, PCI-compliant, or financial-advisory platform. Submitting such data is at your own risk, and we disclaim liability for any regulatory consequences arising from such submissions.
3. Legal Bases for Processing
We process your personal information on the following legal grounds:
You may withdraw your consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
4. How We Use Your Information
4.1 Providing the Service
We use your information to process your queries through our multi-model AI verification pipeline, classify queries to select optimal AI models based on domain-specific competence, maintain your conversation history, apply your model and preset preferences, and deliver verified, synthesized responses.
4.2 Service Improvement
We analyze aggregate usage patterns to improve pipeline performance, use classification accuracy data to improve query routing, monitor model performance and error rates, and improve verification accuracy through feedback analysis. We use only aggregated, de-identified pipeline data (de-identified so it cannot reasonably be linked to an individual) for these purposes. This data does not contain your query text or personal information.
4.3 Security and Abuse Prevention
We use your information to detect and prevent unauthorized access, enforce rate limits and usage quotas, identify and block abusive usage patterns, and maintain audit logs for security investigations. We use server-side rate limiting based on IP address. We do not use browser fingerprinting or other client-side tracking technologies beyond the cookies described in Section 9.
4.4 Communication
We use your contact information to send account-related notifications (password reset, billing, policy changes), respond to support requests, and send Service updates (with opt-out option). We do not send marketing emails unless you opt in.
4.5 Legal Compliance
We use your information as necessary to comply with applicable laws and regulations, respond to legal process (subpoenas, court orders), and enforce our Terms of Service.
5. How We Share Your Information
5.1 Third-Party AI Model Providers
This is the most important section to understand. When you submit a query to SIBYL, your query text is sent to third-party AI model providers for processing. This is fundamental to how the Service works.
How SIBYL processes your queries: SIBYL classifies your query by domain (e.g., medical, legal, financial), routes it to multiple AI models selected for competence in that domain, uses adversarial cross-examination protocols between models to detect errors and hallucinations, and synthesizes a verified consensus response. This process requires transmitting your query text to multiple third-party AI model providers.
Current providers (accessed via OpenRouter, an API aggregation service):
• OpenAI (GPT-4o, GPT-4o-mini, and other models)
• Anthropic (Claude models)
• Google (Gemini Pro, Gemini Flash, and other models)
• xAI (Grok models)
Providers may be added or removed as the Service evolves. We will update our subprocessor list periodically (see Section 5.4).
What IS sent to providers:
• Your query text
• Conversation context (previous messages in the same conversation, used for continuity)
• System prompts (our instructions to the model, which do not contain your personal information)
What is NOT sent to providers:
• Your email address or account information
• Your payment information
• Your IP address
• Other users’ data
API data handling: Queries are sent via API (not consumer-facing chat products). Most major LLM providers do not use API input data for model training. We have opted out of training where providers offer this option. Where a provider cannot fully disable temporary retention for abuse monitoring, retention is limited to the provider’s minimum operational period and governed by contractual data-processing terms. Data handling practices vary by provider and may change. We recommend reviewing each provider’s current data policies:
• OpenAI: https://openai.com/policies/privacy-policy
• Anthropic: https://www.anthropic.com/privacy
• Google: https://policies.google.com/privacy
• xAI: https://x.ai/legal/privacy-policy
OpenRouter: We access AI models through OpenRouter (https://openrouter.ai), an API aggregation service. OpenRouter transmits your queries to the selected model providers. OpenRouter’s privacy policy: https://openrouter.ai/privacy
5.2 Web Search Services
When your query benefits from current information, we may use third-party web search services to retrieve relevant results. Your query text (not your identity or account details) is sent to these services.
5.3 Infrastructure Providers
These providers act as our data processors and access data only as necessary to perform services on our behalf, subject to contractual data-processing obligations.
5.4 Subprocessor List and Notification
We maintain a current list of subprocessors who process personal data on our behalf. This list is available upon request by contacting support@sibylsays.com. We will provide at least 30 days’ advance notice before adding new subprocessors that materially change how personal data is processed. Enterprise customers with executed Data Processing Agreements (DPAs) may have additional rights to object to new subprocessors as specified in their agreements. We offer a standard Data Processing Agreement (DPA) upon request.
5.5 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share personal data for cross-contextual behavioral advertising. We do not process sensitive personal data for the purpose of inferring characteristics about you.
5.6 Publicly Shared Content
When you use any sharing feature to create a public link to a conversation or response, that shared content is accessible to anyone with the link without authentication. You will be shown a confirmation dialog before creating a public link. Shared content is stored as a snapshot separate from your conversation history. Deleting a conversation does not delete associated shares. You can delete any shared links at any time through your account. We track anonymous view counts on shared content for analytics; we do not collect personal information from viewers.
Recommendation: Do not share content containing personal information, sensitive data, or confidential material. Once shared, content may be copied or saved by viewers before you delete the link.
5.7 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to comply with applicable law or regulation, enforce our Terms of Service, protect the rights, property, or safety of Sibyl Technologies Inc., our users, or the public, or detect or prevent fraud or other illegal activity.
5.8 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice before your information becomes subject to a different privacy policy.
6. Data Retention
6.1 Account Deletion
To request account deletion, contact us at support@sibylsays.com or use the account deletion feature in your settings. Upon deletion:
• Personal data is removed from production systems within 30 days.
• Data may persist in encrypted backups for up to 90 days. Backups are logically isolated and inaccessible for production use, and are automatically overwritten at the end of their retention cycle.
• We may retain anonymized or aggregated data that cannot reasonably be linked to an individual.
• Certain records (e.g., payment records, security audit logs) may be retained longer as required by law.
6.2 Data You Must Provide
An email address is required to create an account. Without it, you cannot access authenticated features such as conversation history, saved preferences, or paid subscriptions. You may use the Service without an account with limited functionality and stricter rate limits.
7. Data Security
We implement industry-standard security measures to protect your information:
Encryption in transit: All data transmitted between your browser and our servers uses TLS 1.2 or higher.
Encryption at rest: Database storage is encrypted using AES-256 on Google Cloud Platform.
Authentication: Passwords are hashed using bcrypt. Sessions use secure tokens with expiration. Google OAuth is available as an alternative authentication method.
Access control: Role-based access to production systems with the principle of least privilege.
Infrastructure: Hosted on Google Cloud Platform with SOC 2 certified infrastructure.
Monitoring: Automated security monitoring and alerting for unauthorized access attempts.
7.1 Incident Response and Breach Notification
We maintain incident response procedures for potential data breaches. In the event of a confirmed breach affecting your personal data, we will notify affected users without undue delay and no later than 72 hours after confirmation where required by applicable law, or as otherwise required by state breach notification statutes. Notification will include the nature of the breach, the data affected, steps we are taking, and recommended protective actions.
7.2 Security Certifications
Our infrastructure is hosted on SOC 2 Type II certified Google Cloud Platform. We are currently pursuing an independent SOC 2 Type II audit for our own application-layer controls. For current security certification status, contact us at the address below.
7.3 Vulnerability Disclosure
If you discover a security vulnerability in our Service, please report it responsibly to support@sibylsays.com. We are committed to investigating and addressing verified vulnerabilities promptly.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Your Rights
8.1 All Users
Regardless of where you reside, you have the right to: access your personal data (account information, query history, preferences); correct inaccurate personal data via account settings; delete your account and associated data; export your conversation history; and opt out of non-essential communications.
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including: the right to know what personal information we collect, use, and disclose; the right to request deletion of personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-contextual behavioral advertising); the right to limit use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights.
We do not sell personal data. We do not share personal data for targeted advertising. To exercise your rights, contact us at support@sibylsays.com. We will respond within 45 days as required by law.
8.3 Other U.S. State Privacy Rights
Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others that have enacted consumer data privacy legislation) may have similar rights, including the right to access, correct, delete, and port personal data, and the right to opt out of targeted advertising, profiling, and sales of personal data. To exercise these rights, contact us at the address below. We will respond within the timeframe required by your applicable state law. If you are unsatisfied with our response, you may have the right to appeal; appeals may be submitted to the same contact address.
8.4 Verification and Authorized Agents
To protect your personal data, we may require you to verify your identity before processing rights requests. If you submit a request through an authorized agent, the agent must present signed written authorization, and you may also be required to verify your identity directly. Authorized agent requests may be submitted to the contact address below.
9. Cookies and Similar Technologies
9.1 Essential Cookies
We use a session cookie to maintain your authenticated session and a preference cookie to store your UI preferences (theme, model selection). These cookies are necessary for the Service to function.
9.2 Functional Cookies
We may use functional cookies to remember your display preferences such as dark mode and layout options.
9.3 What We Do NOT Use
We do not use third-party tracking cookies, advertising cookies, or analytics cookies from third-party providers. We use first-party cookies only.
9.4 Do Not Track Signals
Some browsers include a “Do Not Track” (DNT) feature. Due to the lack of a common industry standard for interpreting DNT signals, we do not currently respond to DNT signals. However, as stated above, we do not engage in cross-site tracking or sell your personal information.
10. Children’s Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete such information promptly. If you believe we have collected information from a minor, please contact us immediately at support@sibylsays.com.
11. AI-Specific Disclosures
11.1 AI-Generated Content
All responses from the Service are generated by artificial intelligence models operated by third-party providers. Responses may contain errors, inaccuracies, or fabricated information (commonly known as “hallucinations”). While SIBYL’s multi-model verification pipeline is designed to detect and reduce such errors, no verification system is perfect. You should not rely on AI-generated content for decisions with legal, medical, financial, or other significant consequences without independent human verification. See our Terms of Service for detailed disclaimers.
11.2 How SIBYL Processes Your Queries
When you submit a query, the Service uses automated processing to:
• Classify your query by domain (e.g., medical, legal, financial, technical, creative, general)
• Select AI models based on classification and domain-specific competence scores
• Route your query to multiple selected models simultaneously
• Apply adversarial cross-examination protocols between model responses
• Score, arbitrate, and verify claims across model outputs
• Generate a final synthesized, verified response with confidence indicators
These automated processes affect the quality and nature of responses you receive but do not make decisions that produce legal effects or similarly significantly affect you.
11.3 Automated Decision-Making and Profiling
SIBYL does not engage in profiling for eligibility determinations, creditworthiness assessments, employment decisions, or similarly regulated determinations. The Service’s automated processing is limited to query classification, model selection, and response verification as described above. No automated decisions made by the Service produce legal effects or similarly significant effects on users.
11.4 Model Training
We do not use your queries to train AI models. Your queries are sent to third-party model providers via API for processing only. We have opted out of training where providers offer this option. We do use aggregated, de-identified pipeline data (classification accuracy, model performance metrics) to improve our own model selection and routing algorithms. This aggregated data does not contain your query text or personal information and cannot reasonably be linked to an individual.
12. International Data Transfers
Your data is processed in the United States, where our servers, infrastructure providers, and AI model providers are located. If you are accessing the Service from outside the United States, your data will be transferred to the United States, which may have different data protection laws than your country of residence. By using the Service, you consent to the transfer and processing of your data in the United States. We apply the protections described in this Privacy Policy to all user data regardless of the user’s location.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email (if you have an account) or through a prominent notice on the Service at least 30 days before the changes take effect. The “Last Updated” date and version number at the top of this policy indicate when it was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Governing Law and Dispute Resolution
This Privacy Policy is governed by and construed in accordance with the laws of the State of Nevada, without regard to conflict of law principles. Any disputes arising under or in connection with this Privacy Policy shall be resolved in accordance with the dispute resolution provisions set forth in our Terms of Service. Please refer to our Terms of Service for applicable arbitration, venue, and jurisdiction provisions.
15. Data Controller
Sibyl Technologies Inc. is the data controller responsible for your personal information under this Privacy Policy.
Sibyl Technologies Inc.
3301 NE 1st Ave, Suite M704
Miami, FL 33137
United States
16. Contact Us
For privacy-related questions, to exercise your rights, or to file a complaint, contact us at:
Sibyl Technologies Inc.
General Support: support@sibylsays.com
Security Vulnerabilities: support@sibylsays.com
Address: 3301 NE 1st Ave, Suite M704, Miami, FL 33137
Website: https://sibylsays.com
We aim to respond to all privacy inquiries within 30 days.
If we have not adequately addressed your concerns, you may also contact the Federal Trade Commission (FTC) at https://www.ftc.gov or your state attorney general’s office.
16.1 Enterprise Customers
Enterprise customers requiring a Data Processing Agreement (DPA), subprocessor list, or security documentation may contact us at support@sibylsays.com with the subject line “Enterprise DPA Request.”