Privacy Policy

1. What We Collect

When you use RTLM, we collect the following:

• Account information: username, email address, and a securely hashed password.
• Prompts and responses: the questions you ask and the responses generated by all models.
• Votes and feedback: your rankings and ratings of model responses.
• Usage metadata: timestamps, selected providers, and response latency.

2. How We Use Your Data

Your data is used to:

• Operate the platform: authenticate you, store conversation history, and display the leaderboard.
• Improve the RTLM model: prompts and model responses submitted through the platform may be reviewed and used as training data to improve the RTLM model and overall service quality. This is a core part of how the platform works -- your usage directly makes the model better.
• Analyze performance: votes and latency data help us understand which models perform best and where improvements are needed.

3. Third-Party AI Providers

When you query models from OpenAI, Anthropic, Google (Gemini), or xAI (Grok), your prompts are sent to those providers' APIs. Their handling of that data is governed by their own privacy policies, not ours. We recommend reviewing their policies if this concerns you.

We do not control how third-party providers store or process the prompts we send on your behalf.

Important: We recommend you do not include sensitive client data, personally identifiable information (PII), classified information, or real target details in prompts, as this data may be processed by third-party providers outside our control. Use sanitized or hypothetical scenarios when possible.

4. What We Don't Do

• We do not sell your data to third parties.
• We do not use tracking cookies or third-party analytics.
• Your email is stored solely for account recovery and important service notifications. We will not spam you.

5. Data Retention

Conversation data, responses, and votes are retained indefinitely to support model improvement and leaderboard integrity. If you want your data deleted, contact us and we will remove your account and associated data within 30 days of your request.

6. Security

Passwords are hashed with bcrypt. The platform runs over HTTPS. Database access is restricted to the application layer. We take reasonable measures to protect your data, but no system is perfectly secure.

7. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law. Notification will be sent via the email address associated with your account.

8. Your Rights

Depending on your location, you may have rights regarding your personal data under applicable privacy laws:

• California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
• European Economic Area residents (GDPR): You have rights to access, rectification, erasure, restriction of processing, data portability, and objection. Our lawful basis for processing is legitimate interest (operating and improving the Service) and consent (account creation).

To exercise any of these rights, contact the platform administrator using the information below.

9. Changes to This Policy

We may update this policy as the platform evolves. Continued use after changes are posted constitutes acceptance. We'll make reasonable efforts to highlight significant changes to active users.