Privacy Policy

Last updated: June 18, 2026

Bare Metal AI, Inc. ("we", "us", "our") operates the BareMetalRT platform at baremetalrt.ai. This policy describes how we collect, use, and protect your information.

Information We Collect

We collect the following only when you use our hosted service — that is, when you create an account, sign in, or enable remote (relay) access. When the daemon runs offline or in air-gapped mode, none of this is collected (see Offline & Air-Gapped Use below).

Account information: Email address and name when you register.
GPU node data: GPU model, VRAM, hostname, and IP address when your daemon connects to our service.
Usage metadata: Token counts, model used, and response latency for service improvement.

Information We Do NOT Collect

Chat messages: Your conversations are processed on your own GPU and AES-256 encrypted on your device. We never store, read, or transmit your chat content. Chat history never touches Bare Metal AI servers.
Model weights: Models are downloaded directly from HuggingFace to your machine.
Browsing history: We do not track your activity outside our platform.

Offline & Air-Gapped Use

BareMetalRT runs entirely on your hardware. When the daemon is run offline, in solo mode, or with air-gap mode enabled (BMRT_AIRGAP=1), it transmits no account, node, or usage data to us — it makes no connection to Bare Metal AI at all. For deployment in classified, regulated, or disconnected environments, the no-egress guarantee and a self-serve verification procedure are documented on our air-gap & no-egress attestation page.

Software Update Checks

By default, the desktop software periodically checks our public release host (GitHub) for a newer signed installer. This request discloses your IP address and the application version to GitHub; it sends no account or usage data to us, and no update is ever downloaded or installed without your consent. This check can be disabled entirely with air-gap mode (BMRT_AIRGAP=1).

Product Feedback

When you choose to submit feedback through the app, the text you write — and any diagnostic details you opt to include — is sent to us and may be processed by a third-party AI service (Anthropic) to automatically categorize and route the report. This applies only to feedback you explicitly submit; it is entirely separate from your chat content, which never leaves your GPU. The feedback text is handled under Anthropic's commercial API terms, under which inputs are not used to train models.

How We Use Your Information

We use account and node data solely to operate the service: authenticate your daemon, route inference requests to your GPU, and monitor service health. We do not sell your data to third parties.

Data Security

All connections between your daemon and our servers use TLS encryption (HTTPS/WSS). Chat history is AES-256-GCM encrypted on your device using PBKDF2-derived keys. Passwords are hashed and never stored in plaintext. API keys are stored as SHA-256 hashes.

Data Retention

Account data is retained while your account is active. You may delete your account and all associated data at any time. Usage metadata is retained for up to 90 days.

Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us at [email protected].

Changes

We may update this policy. We will notify registered users of material changes via email.

Contact

Bare Metal AI, Inc.
[email protected]