Skip to main content

PRIVACY POLICY

Last updated: April 5, 2026

Coolhand Labs, Inc. Privacy Policy Effective Date: April 5, 2026 | Last Updated: April 5, 2026 --- 1. INTRODUCTION Coolhand Labs, Inc. ("Coolhand," "we," "us," or "our") operates an LLM observability and optimization platform (the "Platform") accessible at coolhandlabs.com and via API. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Platform and our website. Coolhand serves business customers ("Clients")—including enterprises, developers, and resellers—who use our Platform to log, monitor, and optimize their own large language model (LLM) API traffic. Our Clients may in turn serve their own end users. This Policy explains our data practices with respect to both Clients and, to the extent applicable, the end users of Client applications. By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use. --- 2. SCOPE AND RELATIONSHIP TO CLIENT AGREEMENTS This Privacy Policy applies to: • information you provide to us directly when creating an account, contacting support, or otherwise interacting with Coolhand; • usage and technical data generated through your use of the Platform; and • data submitted to the Platform by Clients in connection with their LLM inference workflows ("Client Data"), including inference request and response logs and end-user feedback. Where Coolhand processes Client Data that includes personal information or protected health information (PHI) on behalf of a Client, Coolhand acts as a data processor (or, where applicable, a Business Associate under HIPAA). The Client is the data controller responsible for its end users' data. Clients who handle PHI must execute a Business Associate Agreement ("BAA") with Coolhand prior to submitting any PHI to the Platform. To the extent a Client collects data from their own end users and routes it through the Platform, that Client is responsible for providing appropriate notice to, and obtaining any required consents from, those end users under applicable law. --- 3. INFORMATION WE COLLECT 3.1 Account and Registration Data When you register for the Platform, we collect information such as your name, email address, company name, and billing information. This information is used to create and manage your account and to communicate with you about the Platform. 3.2 Client Data (LLM Logs and Feedback) When a Client uses the Platform, Coolhand receives and stores the inference requests and responses that the Client routes through the Platform ("LLM Logs"). LLM Logs may contain any data that a Client or their end users include in prompts or receive in responses—including, potentially, personal information, business-confidential content, code, documents, images, or PHI. The content of LLM Logs is determined entirely by the Client and their end users; Coolhand does not control or dictate what data Clients submit. We also collect feedback data generated by end users of Client applications (e.g., thumbs-up/thumbs-down ratings, comments on LLM outputs). Feedback may be attributed to a pseudonymous identifier (such as a hashed user ID or random string) provided by the Client. Coolhand does not independently collect, request, or verify personally identifiable information about end users. 3.3 Usage and Technical Data We automatically collect technical information about how you interact with the Platform, including: • IP address and device/browser information; • API request metadata (timestamps, model identifiers, token counts, latency); • feature usage patterns and navigation data within the Platform dashboard; and • error logs and diagnostic information. This data is used to operate, maintain, and improve the Platform. 3.4 Communications Data If you contact us for support or other purposes, we retain records of those communications, including email content and any attachments, to respond to your inquiry and improve our support operations. 3.5 Feedback Widget Coolhand makes available an open-source feedback widget (licensed under Apache 2.0) that Clients may deploy within their own applications to collect end-user feedback on LLM outputs. When a Client deploys the widget, feedback submitted through it is transmitted to Coolhand's Platform as Client Data. Clients are responsible for ensuring that the widget is deployed only in applications directed to users who are 18 years of age or older, and for providing appropriate notice to their end users about data collection through the widget. --- 4. HOW WE USE INFORMATION We use the information we collect for the following purposes: 4.1 Platform Operations To provide, operate, and maintain the Platform, including processing LLM Logs and generating optimization insights and recommendations for Clients. 4.2 Client-Specific Optimization We use a Client's own LLM Logs and feedback data—without stripping or de-identifying it—to generate optimization insights specific to that Client's workflows. This data is used solely to improve that Client's experience and is not combined with data from other Clients for this purpose. 4.3 Platform-Wide Improvement We use aggregated, de-identified data derived from usage across the Platform—including de-identified LLM Log data and feedback signals—to improve Coolhand's models, algorithms, and services broadly. Before any Client Data is used for cross-client purposes, Coolhand applies de-identification measures designed to ensure that the data cannot reasonably be used to identify a specific Client, their end users, or any individual. PHI is de-identified in accordance with HIPAA's de-identification standards (45 C.F.R. § 164.514) before any such use. 4.4 Account and Billing Management To manage your account, process payments, communicate about plan features and changes, and provide customer support. 4.5 Security and Compliance To detect, prevent, and respond to security incidents, fraud, abuse, and violations of our Terms of Service; and to comply with applicable legal obligations. 4.6 Communications To send you service-related notices (including material changes to this Policy or our Terms of Service), respond to support inquiries, and—where you have not opted out—to send product updates and other communications related to the Platform. --- 5. DATA RETENTION LLM Logs are retained for a default period of 90 days from the date of ingestion, unless a longer retention period has been agreed in writing between Coolhand and the Client (e.g., via a Data Retention Addendum or Enterprise agreement). After the applicable retention period, LLM Logs are deleted from Coolhand's systems in the ordinary course. Account and registration data is retained for the duration of the Client relationship and for a reasonable period thereafter as required by applicable law or legitimate business purposes (such as tax and financial record-keeping). Clients on Paid plans may export their LLM Logs during the applicable retention period via the Platform. Free-tier Clients do not have log export functionality. Clients with active BAAs should note that HIPAA requires Coolhand to retain certain records relating to PHI for a minimum of six (6) years from the date of creation or the date it was last in effect, whichever is later. BAA-specific obligations supersede the default 90-day log retention period for records subject to that requirement. --- 6. SHARING AND DISCLOSURE OF INFORMATION Coolhand does not sell personal information. We disclose information only in the following circumstances: 6.1 Service Providers We engage third-party service providers to assist in operating the Platform, including cloud infrastructure (currently Google Cloud Platform), payment processors, and analytics tools. These providers are contractually obligated to process information only on our behalf and in accordance with our instructions. 6.2 Resellers and Channel Partners If you access the Platform through a Coolhand-authorized reseller or channel partner, that reseller may have access to account-level information (such as usage metrics) as necessary to support your use of the Platform. Resellers are required to ensure that their end clients are made aware that the Platform is powered by Coolhand and that end clients agree to Coolhand's Terms of Service and this Privacy Policy. 6.3 Legal Requirements and Protection of Rights We may disclose information if required to do so by law, regulation, legal process, or governmental request; to enforce our Terms of Service or other agreements; to protect the rights, property, or safety of Coolhand, our Clients, or others; or in connection with fraud prevention or security investigations. 6.4 Business Transfers In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of Coolhand's assets, information held by Coolhand may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy. 6.5 With Consent We may share information for any other purpose with your prior consent. --- 7. HIPAA AND PROTECTED HEALTH INFORMATION Certain Clients may submit PHI to the Platform in connection with their use of Coolhand's services. Where Coolhand receives and processes PHI on behalf of a Client that is a Covered Entity or Business Associate under HIPAA, Coolhand acts as a Business Associate and the parties must execute a BAA prior to any PHI being submitted. Coolhand maintains administrative, physical, and technical safeguards designed to protect PHI in accordance with HIPAA's Security Rule. Clients must not submit PHI to the Platform without first executing a BAA with Coolhand. Submission of PHI without an executed BAA is a material violation of the Terms of Service. For PHI-specific data handling questions, please contact: legal@coolhandlabs.com. --- 8. DATA SECURITY Coolhand implements commercially reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. Our infrastructure is hosted on Google Cloud Platform and follows GCP's security best practices, including encryption at rest and in transit. Where the Platform is shared infrastructure, Coolhand implements logical data separation controls to prevent one Client's data from being accessible to another. Clients with heightened data isolation requirements should contact us to discuss Enterprise plan options. No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your information, we will notify you as required by applicable law. --- 9. CHILDREN'S PRIVACY The Platform is directed solely to businesses and their authorized personnel. Coolhand does not knowingly collect personal information from individuals under the age of 18. Clients who deploy Coolhand's feedback widget or otherwise route end-user data through the Platform are required to ensure that their applications are not directed at users under 18 and to comply with all applicable laws regarding the privacy of minors, including the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently received personal information from a user under 18, we will delete such information promptly. To report a potential violation, please contact legal@coolhandlabs.com. --- 10. GEOGRAPHIC SCOPE The Platform is currently offered to Clients located in the United States and Canada. Coolhand's infrastructure is hosted in the United States. By using the Platform, Clients outside the United States acknowledge that their information will be transferred to, stored, and processed in the United States. Coolhand does not currently offer services to Clients subject to the EU General Data Protection Regulation (GDPR) or the UK GDPR. Clients who are subject to GDPR or equivalent international privacy frameworks should contact us before using the Platform. --- 11. YOUR PRIVACY RIGHTS Coolhand's direct relationships are with business Clients, not with the end users of Client applications. Accordingly: • If you are a Client (or an authorized user of a Client account), you may access, update, or delete your account information by logging into the Platform or contacting support@coolhandlabs.com. • If you are an end user of a Client's application and wish to exercise privacy rights (such as access, correction, or deletion) with respect to data submitted about you to the Platform, please contact the Client directly. The Client, as data controller, is responsible for responding to such requests. Where Coolhand receives a privacy rights request directly from an end user that pertains to Client Data, we will direct the requestor to the appropriate Client and, where required by law, cooperate with the Client in fulfilling the request. California residents who are Clients or authorized Client personnel may have additional rights under the California Consumer Privacy Act (CCPA) with respect to personal information Coolhand holds about them in our capacity as a business. Please contact legal@coolhandlabs.com to exercise any such rights. --- 12. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time. If we make material changes, we will notify Clients by email to the address associated with their account at least 30 days before the changes take effect. The updated Policy will be posted at coolhandlabs.com/privacy-policy with a revised effective date. Continued use of the Platform after the effective date of an updated Policy constitutes acceptance of the revised terms. --- 13. CONTACT INFORMATION Questions about this Privacy Policy or Coolhand's data practices should be directed to: Coolhand Labs, Inc. Legal and Privacy legal@coolhandlabs.com coolhandlabs.com
← Back to Home