Privacy Policy

Last updated: May 31, 2026 · membrAIn LLC · Charlotte, NC

1. Who We Are

membrAIn LLC is an AI governance gateway company based in Charlotte, North Carolina. Our platform is accessible at getmembrain.ai. For privacy questions: [email protected].

2. Information We Collect

Account information: name, work email, company name, and password (hashed — we never store plaintext passwords). Account IDs and API keys generated during onboarding. Billing information processed by Stripe — we never see your full card number.

Usage data: AI API call metadata (timestamp, provider, model, token count, cost — not prompt content). DLP scan pattern types matched, not matched text. Agent enrollment details. IP addresses for security.

What we do NOT collect by default: the content of your AI prompts or responses. By default, membrAIn stores only metadata and DLP scan results — not prompt or response content. Full-payload retention is available solely as an opt-in feature (for example, under the Healthcare add-on with a signed Business Associate Agreement); when your organization enables it, prompt and response content is retained according to your configuration. We do not collect your employees' personal communications, and we never sell your data.

3. How We Use Your Information

Provide, operate, and improve the membrAIn platform
Send transactional emails (account creation, password reset, billing)
Detect security threats and enforce usage policies
Generate compliance reports you request
Comply with legal obligations

We do not sell your data. We do not use your data to train AI models. We do not share your data with advertisers.

4. Data Retention

Account data: retained while active, deleted within 30 days of account deletion
Audit logs: retained for the term of your subscription and configurable per contract; extended multi-year retention (e.g., to meet HIPAA recordkeeping needs) is available through the Healthcare add-on
Billing records: 7 years as required by tax law

You may request deletion of your account and all data at any time via the portal or by emailing [email protected].

5. Your Rights (GDPR / CCPA)

You have the right to access, correct, delete, export, or object to processing of your personal data. To exercise these rights, email [email protected]. We respond within 30 days.

6. Security

All data in transit encrypted with TLS 1.3
Audit logs encrypted with AES-256-GCM
Passwords hashed with bcrypt
API keys stored as hashed values only

7. Cookies

We use only essential cookies required for authentication. No tracking or advertising cookies.

8. Contact

[email protected] · membrAIn LLC · Charlotte, NC