Effective May 27, 2026

Privacy &
Infrastructure Trust

Baritu is designed around operational ownership, controlled infrastructure generation and transparent data handling. Your infrastructure stays yours — always.

Infrastructure ownership active
No proprietary hosting required
Deploy anywhere
Foundational principle

Operational ownership by design

Baritu was built on a foundational principle that distinguishes it from most AI infrastructure platforms: the infrastructure we generate is yours, not ours. We do not require proprietary hosting environments, locked deployment runtimes or vendor-specific configurations.

Generated systems are delivered as standard engineering artifacts — Docker Compose files, editable source code, canonical schemas, deployment configurations — that run on AWS, GCP, Azure, Railway, Render or any environment that supports standard containers. No Baritu dependency required after delivery.

Full code ownership
Every file generated by Baritu belongs to you from the moment of delivery. No license restrictions on generated output.
Deploy anywhere
No platform lock-in. Generated infrastructure is platform-agnostic. You choose where it runs, now and in the future.
Fully editable output
Every service, schema and configuration file is editable with standard engineering tools. Git, CI/CD, standard review processes — all work without modification.
No runtime dependency
Generated systems operate independently of Baritu being online. Your infrastructure does not break if you stop using our platform.
Transparency

How operational data is handled

We are transparent about what data exists in the context of using Baritu, what we do with it, and — critically — what we will never do with it.

Data that may be processed in the course of using the platform includes: generation task prompts and descriptions, generation metadata (vertical type, timestamps, scores), runtime operational events, observer diagnostics, account information, and usage statistics for credit management.

What we do
Process task content to generate your infrastructure
Use anonymized, aggregated data to improve system performance
Retain task metadata to power your generation history
Apply semantic caching to reduce latency and credit cost
Delete account data within 30 days of account closure
What we never do
Sell your operational data or generated infrastructure
Share customer runtime information with third parties for commercial purposes
Claim ownership over code or systems generated for you
Lock generated infrastructure to Baritu's proprietary environment
Use task content to train external AI models without consent

Opt-out of AI training data use: You may opt out of having anonymized task content used for system improvement at any time by emailing legal@baritu.com with subject «Data Training Opt-Out». Requests are processed within 30 days and do not affect your account access or credit balance.

Infrastructure trust

Infrastructure security principles

Baritu is designed around controlled infrastructure generation, runtime observability and operational separation between environments. The following principles guide how we build and operate the platform.

Encrypted communication
All communication between the platform and users, and between internal services, uses TLS encryption in transit.
Environment isolation
Generation pipelines are stateless and isolated. Each task runs in a controlled environment that does not persist credentials or sensitive context between runs.
Secrets never persisted
API keys and credentials introduced in generation tasks are never stored, logged or retained by Baritu infrastructure.
Controlled provider access
Access to external AI providers is mediated through controlled, authenticated channels. Provider interactions are governed by Baritu's operational routing layer.

Security evolution: Baritu continues evolving its operational security and compliance practices as the platform matures. We do not claim certifications we have not yet obtained. We will communicate security milestones transparently as they are reached.

Operational transparency

External AI providers

Baritu coordinates multiple external AI providers to support infrastructure generation and operational workflows. We disclose this clearly because transparency about provider usage is part of our operational trust commitment.

Generation tasks may be processed by one or more of the following providers, selected dynamically by Baritu's operational routing layer based on task type, provider availability and performance history.

Provider Primary role Data sent Privacy policy
OpenAI Architecture planning, code generation Task prompts, generation context openai.com →
Google Gemini Default generation model, exploration Task prompts, generation context google.com →
Anthropic Claude Complex reasoning, optimization tasks Task prompts, generation context anthropic.com →
Groq / LLaMA Fast inference, debugging tasks Task prompts, generation context groq.com →
Mistral Fallback generation, exploration Task prompts, generation context mistral.ai →

Baritu does not send personally identifiable user information to external AI providers. Provider interactions are limited to task content necessary for generation. Provider selection is managed automatically by the Baritu orchestration layer — individual provider usage is not configurable by users in the current version.

Operational observability

Operational telemetry

Operational telemetry is collected to monitor runtime consistency, infrastructure reliability and system continuity. This telemetry informs platform improvements and is used to maintain operational quality across generations.

Telemetry includes generation scores (EV, SRE, Design), structural validation results, latency metrics, error fingerprints and provider performance data. Telemetry does not include personally identifiable information and is not linked to individual user identities in any operational or reporting context.

Infrastructure control

Customer infrastructure control

Customers retain full control over generated infrastructure, deployment environments and operational configurations. This is not a policy statement — it is an architectural reality of how Baritu delivers output.

Generated infrastructure remains under customer control at all times. Baritu does not require proprietary hosting environments or locked deployment runtimes. Infrastructure generated through Baritu remains editable, exportable and deployable outside the Baritu environment — permanently, without dependency on continued Baritu subscription.

Data rights

Your rights

Depending on your jurisdiction, you have specific rights regarding your personal data. To exercise any right, contact legal@baritu.com stating your right, jurisdiction and account email. All requests are processed within the timeframes required by applicable law.

Access
Request a copy of personal data we hold about you.
Rectification
Request correction of inaccurate or incomplete personal data.
Erasure
Request deletion of your personal data, subject to legal retention obligations.
Portability
Receive your personal data in a structured, machine-readable format.
Restriction
Request restriction of processing in specific circumstances defined by applicable law.
Opt-out
Opt out of AI training data use at any time. Email legal@baritu.com with subject «Data Training Opt-Out».
Browser data

Cookies & browser storage

Baritu uses a minimal set of cookies and browser storage, strictly limited to what is necessary for platform operation.

Strictly necessary: authentication session tokens, CSRF protection tokens, user preference settings (language, theme). These cannot be disabled without breaking platform functionality.

Analytics (where applicable): anonymized usage patterns to understand platform performance. No cross-site tracking. No advertising cookies. No third-party tracking pixels.

Baritu products are ad-free. We do not serve advertising and do not allow advertisers to use our platform to track users.

Global coverage

Regulatory compliance

Baritu applies data handling practices aligned with the following regulatory frameworks. Where mandatory provisions of a local law are stricter than this policy, those provisions apply.

GDPR · EU/EEA UK GDPR CCPA / CPRA · California LGPD · Brazil PIPEDA · Canada Ley 25.326 · Argentina DPDP Act · India Privacy Act · Australia

Ongoing compliance maturity: Baritu continues evolving its privacy and security practices as the platform grows. Compliance certifications (SOC 2, ISO 27001) are on our roadmap and will be announced when formally obtained — we will not claim them before that point.

Get in touch

Privacy contact

For any privacy-related question, data request or compliance inquiry, contact the appropriate channel below. We respond within the timeframes required by applicable law in your jurisdiction.

Privacy & data rights
GDPR requests, data access, rectification, erasure, portability and opt-out.
Legal & compliance
Terms questions, compliance inquiries, jurisdiction-specific requests, AI training opt-out.
Security
Security vulnerabilities, incident reports, responsible disclosure.

Privacy Policy v1.0 · Effective May 27, 2026 · Baritu Technologies · baritu.com

Questions about Baritu? Ask me

How can I help?

Baritu · FAQ

Access Baritu →
?