Notice at collection
We collect the categories below to provide, secure, bill, support, measure, and improve Cybernetic Physics services. We do not sell personal information or knowingly share it for cross-context behavioral advertising.
Categories, sources, and purposes
Identifiers and contact details
Name, email address, GitHub username, GitHub user id, avatar URL, phone number if you contact us by phone, newsletter email, and marketing lead details you submit.
Account creation, authentication, support, product updates, lead follow-up, and security.
GitHub OAuth and workspace data
GitHub organization and team membership, role claims, workspace memberships, and account status. The auth worker uses GitHub access during login to verify membership and does not intentionally store GitHub access tokens.
Sign-in, authorization, workspace routing, admin eligibility, and team sync.
Product content
Workflow prompts, steering messages, uploaded photos or videos, simulation scenes, environments, artifacts, logs, screenshots, traces, and viewer/session metadata.
Run cloud robotics workflows, provide GPU sessions, save environments, debug failures, and support your workspace.
Access credentials you configure
SSH public keys and fingerprints, API key names, prefixes, scopes, metadata, and audit records. We do not display stored API key secrets after creation.
Let you connect approved tools to sessions and workspace APIs.
Billing and usage
Stripe customer and checkout identifiers, subscription status, credits, spend limits, invoices, usage amounts, and billing events. Stripe processes payment card details; we do not store full card numbers.
Process payments, grant or meter credits, enforce guardrails, prevent billing abuse, and keep accounting records.
Device, analytics, and security data
IP-derived request metadata, browser/device type, pages viewed, clicks, referrers, UTM parameters, PostHog distinct/session ids, feature-flag variants, crash/error classes, server logs, and WebRTC quality metrics.
Operate, secure, debug, measure, and improve the services without putting raw prompt text, OAuth codes, API keys, or full email addresses in analytics payloads.
Who we are and what this policy covers
Cybernetic Physics Inc. builds cloud robotics, simulation, agent workflow, and developer-tool services at cyberneticphysics.com and related subdomains. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our public site, read our docs or blog, sign in, join a workspace, use the platform, contact us, or subscribe for updates.
This policy covers the public website, authenticated control plane, API, docs, blog, signup and lead intake flows, GPU session tooling, workflow builder, billing settings, admin surfaces, and related services that link to this page.
Information we collect
We collect information you provide, information generated when you use the services, information from GitHub and Stripe when you connect or pay through those providers, and technical information from browsers, devices, servers, and product analytics.
We do not ask you to submit sensitive personal information. Do not upload government identifiers, health data, financial account secrets, biometric identifiers, private keys, passwords, or personal data about other people unless you have the right to do so and it is necessary for your permitted use of the services.
How we use information
We use information to provide and secure the services, authenticate users, route users to the right workspace, run cloud compute, save and retrieve artifacts, process billing, communicate with you, improve product quality, measure experiments, debug incidents, prevent abuse, comply with law, and enforce the User Agreement.
We use PostHog for first-party product analytics, feature flags, experiments, and masked session recording. Inputs are masked, network bodies and headers are not recorded, and custom analytics events are designed to avoid raw OAuth codes, access tokens, API keys, SSH private material, full email addresses, raw prompts, raw lead text, and full viewer URLs.
How we disclose information
We disclose information to service providers and subprocessors that help us operate the services, to workspace members according to workspace permissions, to comply with law, to protect rights and safety, and in connection with corporate transactions.
We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of people under 16.
Infrastructure and hosting providers
Cloudflare, object storage, database, GPU/session, logging, and queue providers.
Hosting the site, API, auth worker, storage, GPU sessions, workflow execution, logs, and delivery.
Authentication, billing, analytics, and communications providers
GitHub, Stripe, PostHog, and email or support tooling we use.
OAuth sign-in, payment processing, product analytics, feature flags, experiments, support, legal notices, and product updates.
Workspace members and admins
Workspace/team records, run/session/job metadata, artifacts, and settings visible inside your workspace.
Let teams collaborate and let admins manage their workspace.
Legal, safety, and business transfers
Information needed to comply with law, protect rights and safety, investigate abuse, or complete a merger, financing, acquisition, or asset transfer.
Legal compliance, fraud prevention, abuse response, safety, and corporate transactions.
Retention
We keep personal information for as long as needed to provide the services, maintain security and auditability, comply with legal and accounting obligations, resolve disputes, enforce agreements, and operate backups. Product content such as workflows, uploaded files, sessions, environments, logs, and artifacts may remain in a workspace until deleted by you, your workspace admin, an automated retention process, or us under the User Agreement.
Newsletter and marketing lead records remain until you ask us to delete them, unsubscribe support is added, or we determine they are no longer useful. Billing records may be retained as required for tax, accounting, fraud prevention, and compliance.
Your choices and privacy rights
Depending on where you live, you may have rights to request access, correction, deletion, portability, or restriction of personal information, or to object to certain processing. California residents may request to know, delete, correct, and limit certain uses of personal information, and may opt out of sale or sharing if applicable. We do not discriminate against you for exercising privacy rights.
To make a request, email [email protected]. We may need to verify your identity and workspace relationship before acting on a request. Authorized agents should identify the person they represent and provide proof of authorization.
Security
We use administrative, technical, and organizational measures intended to protect personal information, including authenticated API access, scoped workspace permissions, token scrubbing, limited analytics payloads, masked session recording, and provider-managed payment processing.
No internet service is perfectly secure. You are responsible for protecting your account, API keys, SSH keys, devices, browser sessions, and workspace access. Contact us promptly if you believe your account or workspace has been compromised.
Children
The services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information to us, contact us and we will take appropriate steps to delete it.
International use
We operate from the United States and use service providers that may process information in the United States and other countries. If you use the services from outside the United States, you understand that your information may be processed in countries with privacy laws different from those where you live.
Changes to this policy
We may update this Privacy Policy as our services, vendors, legal obligations, or data practices change. When we make material changes, we will update the effective date and may provide additional notice through the site, dashboard, or email.