DRAFT · v1.0Pending counsel review. Not legally binding until effective date stated below. Last revised May 20, 2026.
Legal · Privacy

Privacy Policy

Effective:May 20, 2026 Last updated:May 20, 2026 Version:v1.0 · Draft

01Overview

Plain-English summary

We collect what we need to run the platform, route experts to tasks, pay people, and prove compliance. We do not sell personal information. We do not use customer or expert work product to train general-purpose foundation models. China-bound engagements stay on China-region infrastructure with no cross-border egress. You can ask what we hold, ask us to delete it, or opt out of analytics — see §11 Your Rights.

Teehoo AI ("we", "our", "Teehoo AI") builds infrastructure for human-in-the-loop AI evaluation. This Privacy Policy describes what information we collect when you use our platform, website, and services, how we use it, and the choices you have.

Data Controller. Teehoo AI is operated by Fullhouse Asset Management LLC, a California limited liability company headquartered in Los Angeles, California, USA ("Teehoo AI", "we", "our"). A Delaware C-corporation may be established as a successor contracting entity in the future, in which case this page will be updated and the change communicated per §15 Changes to This Policy. For China-region engagements operated under our PRC affiliate, the controller / personal-information-handler is disclosed in the China-region engagement contract.

We take the position that compliance-native operations are not optional for the AI era. The practices below describe what we do today; certifications that are in progress are explicitly disclosed as such — we will never claim certifications we have not earned.

02Scope & Applicability

This policy applies to:

Specific engagements may carry additional contractual privacy terms; in case of conflict, the engagement contract prevails.

Cohort & jurisdiction routing. Whether a given dataset, engagement, or expert is processed under US, EU, or China law depends on the engagement contract and the expert's cohort. Cross-border routing is explicitly bound — see §07 Data Residency and the Cohort Routing page.

03Information We Collect

Information you provide

Information we collect automatically

Engagement-scoped data

Evaluation tasks, expert outputs, audit trails, and customer-uploaded data are processed strictly within the scope of the engagement contract. We do not use customer or expert work product to train general-purpose models.

Sensitive Personal Information (CPRA / PIPL "sensitive PI")

For certain workflows we collect categories defined as sensitive personal information under the California Privacy Rights Act and equivalent definitions under PIPL Art. 28 / GDPR Art. 9:

Sensitive PI is used only for the disclosed purpose, retained per §08 Retention, and never used for cross-context behavioral advertising. California residents may limit use of sensitive PI — see §12 Do Not Sell / Share.

04How We Use Information

What we don't do. We do not sell personal information. We do not use customer engagement data to train general-purpose foundation models. We do not share expert identity with customers without explicit consent or contractual scope. We do not engage in cross-context behavioral advertising.

05Sharing & Disclosure

We share information only in the following circumstances:

06Sub-processors

The categories and named entities below are material sub-processors that process personal information on Teehoo AI's behalf. All operate under written data-processing agreements with confidentiality, security, and compliance flow-down obligations. Customers receive notice of material changes at least 30 days in advance per the engagement DPA.

Sub-processorPurposeData categoryRegion
Amazon Web ServicesCloud infrastructure · global engagementsAccount · log · engagement dataUS · EU
Google Cloud PlatformCloud infrastructure · global engagementsAccount · log · engagement dataUS · EU
Tencent CloudCloud infrastructure · China-bound engagements onlyAccount · log · engagement dataPRC
SupabaseApplication database · authAccount · auth · profileUS
CloudflareCDN · DNS · WAF · static hostingLog · session · cookieGlobal edge
StripePayment processing · payouts to expertsPayment · tax ID · bank infoUS · EU
WiseCross-border expert payoutsPayment · bank infoGlobal
ResendTransactional emailEmail · message bodyUS
Google WorkspaceInternal email · docs · calendarComms · business recordsUS
Google Analytics 4Aggregated web analytics · consent-gatedPseudonymous usageUS
Anthropic / OpenAI / GoogleLLM inference for platform features · zero-retention API tierPrompt content per engagement scopeUS

An always-current machine-readable list is maintained at teehooai.com/sub-processors (publishing on or before public launch). Enterprise customers may subscribe to email notifications of changes.

07Data Residency & Transfers

Engagements requiring jurisdictional data residency are bound to in-region infrastructure per the contract:

08Retention

We retain information only as long as necessary for the disclosed purpose, legal/contractual obligations, and dispute resolution. Specific windows by data category:

Data categoryRetentionBasis
Account profile (name, email, credentials)Lifetime + 90 days after deletion requestService operation · account recovery window
Identity verification documentsVerification window + 30 daysDiscarded after verification unless retention required by tax/AML law
Tax records (1099-NEC, W-9, W-8BEN equivalents)7 yearsIRS / equivalent tax authority requirements
Expert work product & engagement deliverables5 years (or per engagement contract)Customer audit · regulatory traceability
Audit logs (access, authentication, sensitive operations)3 yearsSOC 2 / ISO 27001 alignment · incident investigation
Payment records7 yearsAccounting · tax reporting
Support inquiries / communications3 yearsDispute resolution · service quality
Marketing contact dataUntil opt-out + 30 daysUser consent withdrawal
Server logs (IP, request, timestamp)90 days hot · 13 months coldSecurity · abuse investigation
Aggregated, deidentified analyticsIndefiniteNo longer personal information after deidentification

On account deletion: account profile is anonymized within 90 days; data categories with longer regulatory windows (tax, audit, payment) are retained per the schedule above and then deleted.

09Security

Architectural practices in place:

Certification status: SOC 2 and ISO 27001 alignment in progress; not yet certified. We disclose certification status accurately and do not claim certifications we have not earned. See our Security & Compliance page for full architectural disclosure.

10Automated Decision-Making

We use automated and semi-automated processing in the following areas:

Under GDPR Art. 22 / CPRA / PIPL, you have the right to: (i) request human review of any decision that materially affects you, (ii) contest the outcome, and (iii) receive an explanation of the logic involved. To exercise these rights contact privacy@teehooai.com.

11Your Rights

Depending on your jurisdiction, you may have the right to:

To exercise these rights, contact privacy@teehooai.com. We respond within 30 days or the period required by applicable law. We will verify your identity before fulfilling sensitive requests.

12Do Not Sell / Share (CCPA / CPRA)

Teehoo AI does not sell personal information for money and does not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act / California Privacy Rights Act.

California residents nonetheless have an absolute right to direct that we not sell or share their personal information, and to limit the use of sensitive personal information to those purposes necessary to provide the service. To exercise these rights:

We will not discriminate against you (in service, price, or quality) for exercising any privacy right.

13Cookies & Tracking

We use a minimal set of cookies for session management, security, and analytics. We do not deploy third-party advertising trackers. Cookies set on first visit:

CookiePurposeDurationParty
teehoo_sessionSession authentication; required for sign-in flows.Session1st party
teehoo_csrfCross-site request forgery protection.Session1st party
teehoo_consentStores your cookie consent preferences.12 months1st party
_ga, _ga_*Google Analytics 4 aggregate usage measurement. Loaded only after consent.13 months3rd party
__cf_bmCloudflare bot management.30 minutes3rd party (CDN)

You can withdraw consent at any time via the cookie banner footer link. Strictly necessary cookies (session, CSRF, consent record) operate without consent as permitted by ePrivacy Directive Art. 5(3).

14Children's Privacy

The Teehoo AI platform is not directed at children under 16. We do not knowingly collect information from minors. If you believe a minor has provided us information, contact privacy@teehooai.com for prompt removal.

15Changes to This Policy

We update this policy as the service and applicable law evolve. Material changes will be communicated by email to active users or via prominent notice on the site at least 14 days before taking effect. Continued use after the effective date constitutes acceptance. A change log will be maintained at teehooai.com/privacy/changelog.

16Contact & Controller

Data Controller

EU / UK Representative

Teehoo AI does not currently target the EU or UK markets as a primary commercial cohort. Where an engagement nonetheless brings us within the scope of GDPR Art. 27 / UK GDPR Art. 27, we will appoint a representative before processing begins and disclose the representative's contact details to affected data subjects in the engagement notice. Until such an engagement is in place we do not maintain a standing EU / UK representative. EU / UK residents who wish to contact us in the interim may write directly to privacy@teehooai.com.

Privacy team & supervisory authority

California residents may also contact the California Privacy Protection Agency (cppa.ca.gov). EU / EEA residents may contact their local data protection authority. PRC residents may contact the Cyberspace Administration of China through the channels published at cac.gov.cn.