Privacy Policy

Effective Date: March 27, 2026
Last Reviewed: March 27, 2026

InferenceBench ("we," "us," "our") operates the website inferencebench.io(the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Platform. It applies to all users worldwide and is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the UK Data Protection Act 2018, and other applicable data protection laws.

1. Data Controller

InferenceBench is the data controller responsible for your personal data. For questions or requests regarding this policy, contact us at privacy@inferencebench.io.

2. Information We Collect

2.1 Information You Provide Voluntarily

  • Community Submissions: If you submit pricing reports, benchmark data, or experience reports through our crowdsource features, we collect the data you provide.
  • Contact Information: If you contact us via email, GitHub, or other channels, we collect the information you include in your correspondence.

2.2 Information Collected Automatically

  • Server Logs: Standard web server logs including IP address, browser type, operating system, referring URL, pages visited, and timestamps. Logs are retained for a maximum of 90 days and are used solely for security monitoring, abuse prevention, and aggregate analytics.
  • Performance Data: Anonymous page load times and error rates for service reliability monitoring.

2.3 Information We Do NOT Collect

  • We do not require accounts, registration, or login.
  • We do not use third-party tracking cookies, advertising pixels, or behavioral analytics.
  • We do not collect payment information, social security numbers, or government-issued identifiers.
  • We do not fingerprint devices or engage in cross-site tracking.

2.4 Client-Side Storage

Calculator configurations, saved scenarios, theme preferences, and UI settings are stored exclusively in your browser's local storage. This data never leaves your device and is not transmitted to our servers.

3. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases as defined by GDPR Article 6:

  • Legitimate Interest (Art. 6(1)(f)): Server logs for security monitoring and service reliability.
  • Consent (Art. 6(1)(a)): Community submissions and voluntary contact. You may withdraw consent at any time.
  • Contract Performance (Art. 6(1)(b)):Processing necessary to provide the Platform's functionality.

4. How We Use Your Information

  • Provide, operate, and maintain the Platform
  • Monitor and prevent security threats, fraud, and abuse
  • Improve Platform accuracy, performance, and features
  • Respond to your inquiries and support requests
  • Comply with legal obligations and enforce our Terms of Service
  • Generate aggregate, de-identified analytics (never individual profiling)

5. Data Sharing and Disclosure

We do not sell, rent, trade, or monetize your personal data. We may share data only in the following circumstances:

  • Service Providers: Hosting infrastructure providers operating under data processing agreements (DPAs) with appropriate safeguards.
  • Legal Requirements: When required by law, court order, or governmental regulation, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with equivalent privacy protections.

6. Third-Party Services

The Platform integrates with external APIs for data accuracy:

  • GPU Cloud Provider APIs — for real-time pricing updates
  • HuggingFace API — for model information and benchmark data

These integrations are server-side only. No user data is transmitted to these services. Each third-party service operates under its own privacy policy.

7. International Data Transfers

If your data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Data Processing Agreements with all service providers

8. Data Retention

  • Server logs: Automatically purged after 90 days
  • Community submissions: Retained until you request deletion or the data is no longer necessary
  • Support correspondence: Retained for up to 12 months after resolution
  • Client-side data: Controlled entirely by you through your browser settings

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

GDPR Rights (EU/EEA/UK Residents)

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17):Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing
  • Right to Lodge a Complaint: File a complaint with your local Data Protection Authority (DPA)

CCPA/CPRA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and shared
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, contact privacy@inferencebench.io. We will respond within 30 days (GDPR) or 45 days (CCPA). We may request verification of your identity before processing requests.

10. Data Security

We implement technical and organizational security measures including:

  • TLS 1.2+ encryption for all data in transit
  • Content Security Policy (CSP), HSTS, X-Frame-Options, and additional OWASP-aligned security headers
  • Read-only container filesystem with minimal attack surface
  • Principle of least privilege — containers run as non-root with dropped capabilities
  • Regular security reviews and dependency auditing
  • No storage of passwords, API keys, or credentials in client-facing code

11. Children's Privacy

The Platform is not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it. If you believe a child has provided us with personal data, please contact privacy@inferencebench.io.

12. Do Not Track

The Platform does not track users across third-party websites. We honor Do Not Track (DNT) browser signals. Because we do not engage in tracking, the Platform behaves the same regardless of DNT settings.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Platform features. Material changes will be communicated through a prominent notice on the Platform at least 30 daysbefore they take effect. The "Effective Date" at the top indicates the latest revision. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For privacy inquiries, data requests, or complaints:

  • Email: privacy@inferencebench.io
  • Website: inferencebench.io

We aim to resolve all privacy-related inquiries within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.