Privacy Policy

This policy explains what data ValidAnytime collects, how we use it, who we share it with, and the rights you have. Our design goal is to need as little of your data as possible.

Effective July 6, 2026

1. The short version

ValidAnytime monitors metrics you send to our hosted API and raises an alarm when one genuinely changes. To do that we only need the numeric metric values you choose to stream — for example an accuracy figure, a latency number, or an eval score. We do not need, ask for, or want your raw data, model weights, prompts, or personal information about your end users. We do not sell your personal information.

2. Who we are

ValidAnytime is operated by Compiled Intelligence, Inc. (“Compiled Intelligence”), a company registered in Delaware, United States. For your account and billing information, Compiled Intelligence is the data controller. For the Customer Data you stream to the API to be monitored, we act as a data processor on your behalf, processing it only to provide the service.

3. What we collect

  • Account and identity data. When you sign up, our authentication provider (Clerk) handles sign-in and collects your email address, name, and organization, and authentication identifiers. We use this to create and secure your account.
  • Billing data. When you subscribe to a paid plan, payments are handled by Stripe. Stripe collects and processes your payment-card details directly; we receive limited billing metadata (such as your Stripe customer ID, plan, billing country, and invoice history). We do not store full card numbers.
  • Customer Data. The metric values, labels, timestamps, and monitor configuration you submit to the API. You control what this contains; it should not include personal or regulated data.
  • Product analytics. If enabled, we use PostHog to understand how the site and product are used (events, pages, and approximate device and browser information, plus UTM parameters for attribution). Analytics is off unless configured, and we do not use it to identify you personally beyond your account.
  • Marketing list. If you subscribe to updates, we store the email address you provide and a tag indicating where you subscribed. You can unsubscribe at any time.
  • Operational and security data. Standard server and request logs (such as IP address, timestamps, and error diagnostics) used to operate, secure, and troubleshoot the service.

4. What you do not have to send us

  • Raw datasets, feature values, or model inputs and outputs.
  • Model weights, prompts, or other model internals.
  • Personal information about your end users. If a metric name or label would reveal it, leave it out — a metric only needs a value and a name.

The open-source Python SDK is a thin HTTP client for the hosted API. It sends the values you pass it to the ValidAnytime cloud, where detection runs; it does not run the engine locally.

5. How we use data

  • To provide, maintain, and secure the service and your account.
  • To process payments and manage subscriptions.
  • To respond to your requests and provide support.
  • To understand and improve the product, in aggregate and where permitted.
  • To send you updates you have asked for, and important service notices.
  • To comply with legal obligations and enforce our terms.

Where the GDPR applies, our legal bases are: performance of our contract with you (providing the service and billing); our legitimate interests (securing and improving the service); your consent (optional analytics and marketing, which you can withdraw); and legal obligation.

6. Who we share it with

We do not sell your personal information. We share data only with service providers (“subprocessors”) who help us run the service, under contracts that require them to protect it. Our current subprocessors include:

  • Stripe — payment processing and billing.
  • Clerk — account authentication and identity.
  • PostHog — product analytics (when enabled).
  • Vercel — hosting and delivery of our website.
  • Render and Neon — hosting and database for the application and API.

We may also disclose data if required by law, to protect our rights or users’ safety, or in connection with a corporate transaction, in which case we will seek to keep this policy’s protections in place. We maintain a current list of subprocessors and will provide notice of material changes to customers who ask to be notified.

7. International transfers

We are based in the United States, and our providers may process data in the United States and other countries. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

8. Retention

We keep account and billing data for as long as your account is active and as needed to comply with our legal obligations. We keep Customer Data for as long as needed to provide the monitoring you configure, and we delete or anonymize data when it is no longer needed. You can request deletion as described below.

9. Security

We use industry-standard measures — encryption in transit, access controls, and reputable infrastructure providers — to protect data. No method of transmission or storage is perfectly secure, but the fact that you send only the numeric values you choose keeps your exposure low by design.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or object to or restrict our use of your personal information, and to withdraw consent. If you are in the European Economic Area or the United Kingdom, these rights arise under the GDPR; if you are a California resident, you have rights under the CCPA/CPRA to know, delete, and correct your personal information, and to opt out of its sale or sharing (we do not sell or share it). We will not discriminate against you for exercising these rights. To make a request, email hello@validanytime.com; we may need to verify your identity. For Customer Data we process on a customer’s behalf, we will refer end-user requests to that customer.

11. Children

The service is for businesses and professionals and is not directed to children. We do not knowingly collect personal information from anyone under 16.

12. The in-browser demo

The interactive backtest on our Try it page runs entirely in your browser. Data you paste or generate there is processed on your own device for the demo and is not sent to us.

13. Data Processing Addendum

For business customers who need one, a Data Processing Addendum naming Compiled Intelligence as processor of your Customer Data is available on request — email hello@validanytime.com.

14. Changes to this policy

We may update this policy from time to time. If we make a material change, we will update the effective date above and, where appropriate, notify you.

15. Contact

Questions or requests about your data? Email hello@validanytime.com and we will respond.