Privacy Policy
IonSignal, Inc. (“IonSignal,” “we,” “us,” or “our”), a Delaware corporation headquartered in San Francisco, California, operates the Qiln orchestration engine and related websites located at qiln.ionsignal.com, qiln.com, qiln.ai (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you access our Services, join our waitlist, or otherwise interact with us.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, do not use the Services.
1. Scope
This Privacy Policy applies to information processed by IonSignal in connection with:
- The Qiln waitlist, marketing, and informational websites (
qiln.ionsignal.com,qiln.com,qiln.ai). - The Qiln open-source orchestration engine when used in conjunction with IonSignal-operated telemetry endpoints or hosted services.
- Communications with IonSignal personnel (e.g., support, sales, alpha-program coordination).
This Policy does not apply to:
- Third-party software, models, or workloads (e.g., LLMs, container images, game servers) that you deploy through Qiln. You are the controller of any data you process through such workloads.
- Self-hosted deployments of the open-source Qiln engine operating in air-gapped or non-telemetry modes.
2. Information We Collect
2.1 Information You Provide
- Waitlist Data: Name, email address, company affiliation, intended use case, hardware profile, and any free-text comments you submit to our waitlist or alpha-access forms.
- Account & Contact Data: Authentication credentials (where applicable), profile information, and correspondence with our team via
legal@ionsignal.com. - Feedback & Bug Reports: Diagnostic logs, screenshots, error traces, and free-form descriptions you voluntarily submit.
2.2 Information Collected Automatically
- Website Analytics: IP address, browser type and version, device identifiers, operating system, referring URLs, pages visited, session duration, and approximate geolocation derived from IP.
- Cookies & Similar Technologies: Strictly necessary cookies for session management and, where permitted, analytics cookies. See Section 9 (Cookies) below.
- Anonymized Telemetry from the Orchestration Software: Where users opt in or operate IonSignal-hosted instances, Qiln may transmit aggregated, non-identifying operational metrics including container counts, blueprint identifiers, hardware classes (e.g., GPU model family), error codes, kernel versions, and performance counters. Telemetry is designed to exclude tenant payloads, model weights, file contents, and personally identifiable information.
2.3 Information We Do Not Knowingly Collect
- Contents of workloads you orchestrate (model weights, datasets, application files, game state, prompts, or outputs).
- Biometric identifiers.
- Information from children under 16. The Services are not directed at minors.
3. How We Use Information
We use the categories of information described above for the following purposes:
- To operate, maintain, and improve the Services and the Qiln engine.
- To manage the alpha waitlist, send onboarding invitations, and communicate roadmap updates.
- To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service (including the Acceptable Use Policy).
- To comply with legal obligations, including export-control, sanctions, tax, and law-enforcement requirements.
- To conduct internal research, benchmarking, and product analytics.
- To respond to inquiries directed to
legal@ionsignal.com.
We do not use your personal information to train generative AI models.
4. Legal Bases for Processing (GDPR / UK GDPR)
For users located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under Articles 6 and 9 of the GDPR:
- Consent — for marketing communications, optional analytics, and opt-in telemetry. You may withdraw consent at any time.
- Performance of a Contract — for waitlist management and providing alpha access.
- Legitimate Interests — for security, fraud prevention, and improving the Services, balanced against your rights.
- Legal Obligation — for compliance with applicable laws (e.g., EAR, OFAC, tax).
5. How We Share Information
We do not sell your personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).
We disclose information only to the following categories of recipients:
5.1 Service Providers (Processors)
- LaunchList — waitlist management, email collection, and referral tracking.
- Amazon Web Services (AWS) — cloud hosting, storage, and DNS-01 ACME validation infrastructure.
- Email and Transactional Communications Providers — for sending onboarding and account-related emails.
- Analytics Providers — privacy-respecting web analytics, where deployed.
All service providers are contractually bound to process personal information solely for the purposes for which we engage them, in compliance with the CCPA/CPRA, GDPR, and applicable Standard Contractual Clauses.
5.2 Legal & Safety Disclosures
We may disclose information to comply with subpoenas, court orders, or other legal process; to enforce our Terms of Service; to protect the safety, rights, or property of IonSignal, our users, or the public; or in connection with investigations of suspected illegal or abusive activity.
5.3 Business Transfers
If IonSignal undergoes a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to confidentiality protections.
6. International Data Transfers
IonSignal is headquartered in the United States, and our primary processing infrastructure operates within the U.S. If you access the Services from outside the U.S., your information will be transferred to, stored in, and processed in the United States or other jurisdictions where we or our service providers operate.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- UK International Data Transfer Addendum, where applicable;
- Supplementary measures, including encryption in transit (TLS 1.3) and at rest, and contractual restrictions on subprocessors.
7. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy:
- Waitlist data: Until you request deletion or until 24 months following our general availability launch, whichever occurs first.
- Account data: For the duration of your relationship with IonSignal plus a reasonable archival period for legal and tax compliance.
- Telemetry & analytics: Up to 13 months in identifiable form; longer in fully aggregated form.
- Security logs: Up to 24 months for incident-response purposes.
8. Your Privacy Rights
8.1 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to:
- Know what personal information we have collected, used, disclosed, and the sources and purposes thereof.
- Access / Portability — request a copy of your personal information.
- Correct inaccurate personal information.
- Delete personal information we have collected from you, subject to statutory exceptions.
- Opt-Out of Sale or Sharing — we do not sell or share personal information; nonetheless, you may submit a request.
- Limit Use of Sensitive Personal Information — we do not use sensitive personal information for purposes requiring this right.
- Non-Discrimination — we will not discriminate against you for exercising any of these rights.
To exercise these rights, email legal@ionsignal.com with the subject line “California Privacy Request.” We will verify your identity using information already in our possession before acting on the request. You may also designate an authorized agent in writing.
8.2 Global Privacy Control (GPC) & Do-Not-Track
IonSignal honors the Global Privacy Control (GPC) browser signal as a valid opt-out preference signal under the CPRA. When we detect a GPC signal, we treat it as an opt-out of any “sale” or “sharing” of personal information for that browser. Because no industry consensus exists on Do-Not-Track signals, we do not separately respond to DNT headers but treat GPC as our governing signal.
8.3 EEA, UK & Swiss Residents (GDPR)
You have the right to:
- Access, rectify, or erase your personal data;
- Restrict or object to processing;
- Data portability;
- Withdraw consent at any time;
- Lodge a complaint with your local Supervisory Authority (e.g., the Irish DPC or UK ICO).
8.4 How to Submit a Request
Email legal@ionsignal.com. We will respond within 45 days (CCPA) or one month (GDPR), with extensions where permitted by law.
9. Cookies & Tracking Technologies
We use the following categories of cookies:
- Strictly Necessary — session management, CSRF protection, load balancing.
- Functional — preference storage (e.g., dark mode).
- Analytics — privacy-respecting usage metrics (only with consent in the EEA/UK).
You may control cookies through your browser settings or via our cookie banner where applicable.
10. Security
We implement industry-standard administrative, technical, and physical safeguards designed to protect personal information, including:
- TLS 1.3 encryption in transit;
- Encryption at rest for stored personal data;
- Mandatory mTLS and certificate-based authentication for orchestration endpoints;
- Zero-Trust DMZ network segmentation;
- Principle-of-least-privilege access controls;
- Regular vulnerability scanning and dependency updates.
However, the Qiln Services are in Early Alpha. No security measure is impenetrable, and you acknowledge that data loss, breach, or unauthorized access may occur. Do not transmit highly sensitive data (e.g., PHI, payment card data, classified information) through the Services during the Alpha phase.
11. Children’s Privacy
The Services are not directed to children under 16, and we do not knowingly collect personal information from minors. If we learn that we have collected information from a child under 16, we will delete it promptly. Parents or guardians may contact us at legal@ionsignal.com.
12. Third-Party Links & Open-Source Components
The Services may link to third-party websites, repositories (e.g., GitHub), or open-source dependencies. This Privacy Policy does not cover the practices of those third parties. Review their privacy policies before providing personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated Policy with a revised “Last Updated” date and, where required, by direct notice to registered users. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.
14. Contact Us
IonSignal, Inc.
Attn: Privacy
San Francisco, California, USA
Email: legal@ionsignal.com
EEA/UK users without other recourse may contact us at the same address; we will appoint an Article 27 representative if and when required.