Transparency is a core tenet. Here's what we do — and what we don't do — with your data, plus the threat model we operate under and how to reach us if you find something broken.
The short list. If a datum isn't on it, we aren't holding it.
On the marketing side: no Discord IDs, no wallet addresses, no chain-analysis surveillance. No payment data is handled on any marketing page; payments only enter the system through the routed-orders flow once that launches.
Shipping addresses are stored only on routed orders, encrypted at rest, and purged 90 days post-fulfillment. There is no standing buyer profile; if you route two orders six months apart, the second one starts from scratch on the address field.
We assume adversaries including hostile regulators, competing proxies, and compromised vendors — any one of whom has an incentive to make our data unreliable, our users identifiable, or our infrastructure compromised. Planning for all three keeps us honest about scope.
The chat bot's data layer is read-only — it cannot mutate the corpus or any user record. Order routing, once it launches, will be single-purpose-scoped: the routing service will never have read access to the chat corpus or the research surface, and vice-versa. Fewer joins, fewer blast radii.
Email security@titratelab.com with reproduction steps, affected surface, and your preferred contact method. A PGP key will be published post-launch; until then, TLS to that address is the channel.
We respond within 72 hours for confirmed vulnerabilities, and within 5 business days for everything else. If you miss a response window, resend with [RESEND] in the subject line.