Privacy Policy

Effective date: March 11, 2026 · Last updated: April 4, 2026

Octomil, Inc. (“Octomil,” “we,” “us,” or “our”) operates the Octomil platform, including the website at octomil.com, the web dashboard at app.octomil.com, the Octomil companion apps for iOS and Android, the Octomil SDKs (Python, iOS, Android, Browser, Node.js), and the Octomil CLI (collectively, the “Service”).

This Privacy Policy describes how we collect, use, disclose, and protect information when you use the Service. By using the Service, you agree to the practices described in this policy.

Core principle

Octomil is designed around data minimization. Our platform enables on-device machine learning inference so that raw user data — text, images, audio, sensor readings, and any other content processed by models — stays on the end-user’s device. It is never transmitted to Octomil servers.

For teams using federated learning (an enterprise add-on), only model weight deltas (not raw data) are transmitted, and these can be protected with differential privacy and secure aggregation.

1. Information we collect

1.1 Account information

When you create an Octomil account, we collect:

  • Name and email address
  • Organization name (if applicable)
  • Authentication credentials (managed via OAuth providers such as Google or Apple, or passkeys)
  • Billing information (processed and stored by Stripe; we do not store full payment card numbers)

1.2 Device information (companion apps)

When you use the Octomil companion app on iOS or Android, we may collect device metadata to enable model deployment and optimization:

  • Device model, operating system version, and hardware capabilities (CPU, GPU, NPU, available memory)
  • App version and SDK version
  • Network connectivity status (Wi-Fi, cellular) for deployment scheduling
  • Battery level and thermal state (used locally to determine training eligibility; not transmitted unless you opt in to fleet telemetry)

1.3 Device permissions (companion apps)

The companion apps may request the following permissions, which are used only for the purposes described:

  • Camera — To scan QR codes for device pairing and to capture images for on-device vision models. Images are processed locally and are not uploaded to Octomil servers.
  • Photo library — To select photos for on-device vision and classification models. Selected photos are processed locally.
  • Microphone — To record audio for on-device speech and audio models (e.g., Whisper). Audio is processed locally and is not uploaded to Octomil servers.
  • Local network (iOS) / Wi-Fi state (Android) — To discover and pair with the Octomil CLI running on your local network via mDNS/Bonjour.

All permissions are optional and requested at runtime. The app functions with limited capabilities if permissions are denied. We do not access phone state, call logs, contacts, location, or any other sensitive device data.

1.4 Usage and telemetry data

We collect aggregated, non-personally-identifiable usage data to improve the Service:

  • API request counts and latency metrics
  • Model deployment success/failure rates
  • Feature usage patterns (which dashboard pages are visited, which CLI commands are run)
  • Error reports and crash logs (companion apps)

We use PostHog and Plausible for analytics. Plausible is cookieless and does not collect personal data.

1.5 Benchmark data (opt-in)

When you use octomil benchmark --share, you opt in to sharing anonymized performance benchmarks (tokens per second, time to first token, memory usage, device model) with the Octomil benchmark database. No model weights, inputs, outputs, or personal data are included.

1.6 Federated learning metadata (enterprise add-on)

When federated learning is enabled as an enterprise feature, Octomil receives:

  • Model weight deltas (optionally protected with differential privacy noise injection and secure aggregation)
  • Training metadata: sample counts, training duration, convergence metrics
  • Device participation status

Raw training data never leaves the device. Weight deltas cannot be reverse-engineered to reconstruct individual data points, especially when differential privacy is enabled.

2. How we use your information

  • To provide, operate, and maintain the Service
  • To authenticate you and manage your account
  • To process billing and payments (via Stripe)
  • To deploy and manage models across your device fleet
  • To aggregate federated learning updates when enabled (weight deltas only, enterprise add-on)
  • To monitor platform health and improve reliability
  • To communicate with you about your account, updates, or support requests
  • To comply with legal obligations

We do not sell your personal information. We do not use your data to train our own models.

3. How we share information

We share information only in the following circumstances:

  • Service providers — We use third-party services to operate the platform: Stripe (payments), Supabase (authentication), Cloudflare (CDN and DNS), PostHog and Plausible (analytics). These providers process data only as necessary to provide their services.
  • Within your organization — Account administrators can view organization-level usage, device fleet status, and model deployment metrics for members of their organization.
  • Cross-organization federation — If you participate in a federated learning consortium (enterprise add-on), aggregated model updates (not raw data) may be shared with other consortium members as configured by your organization administrator.
  • Legal requirements — We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

4. Data storage and security

  • Account data is stored in PostgreSQL databases with encryption at rest
  • Model artifacts are stored in Cloudflare R2 (S3-compatible object storage) with encryption at rest
  • All data in transit is encrypted via TLS 1.2+
  • API authentication uses JWT tokens with short-lived expiry and automatic rotation
  • Device tokens use a bootstrap/refresh flow with immediate revocation capability
  • Access is controlled via organization-scoped RBAC (admin, member, viewer, device roles)

For more details on our security architecture, see our Security page.

5. Data retention

  • Account data is retained while your account is active and for a reasonable period thereafter
  • Model artifacts are retained until deleted by you or your organization administrator
  • Telemetry and usage data is retained for up to 12 months in aggregated form
  • Audit logs are retained for the duration required by your plan tier (up to 1 year on Enterprise)
  • Federated learning weight deltas are retained only for the duration of the training round and discarded after aggregation

You may request deletion of your account and associated data at any time by contacting team@octomil.com.

6. Your rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data
  • Portability — Request a machine-readable copy of your data
  • Objection — Object to processing of your personal data
  • Restriction — Request restriction of processing

To exercise any of these rights, contact team@octomil.com. We will respond within 30 days.

7. Children’s privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, contact us at team@octomil.com and we will delete it.

8. International data transfers

Octomil operates infrastructure in the United States. If you use the Service from outside the United States, your account information may be transferred to and processed in the United States. By using the Service, you consent to this transfer. On-device data (model inputs, outputs, training data) is not transferred internationally as it remains on your device.

9. Cookies and tracking

  • Essential cookies — Used for authentication and session management on app.octomil.com
  • Analytics — Plausible (cookieless, privacy-focused, no personal data collected) and PostHog (functional analytics for product improvement)

We do not use advertising cookies or trackers. We do not participate in ad networks or cross-site tracking.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at: