PrimaCoda AI Transparency
PrimaCoda publishes its complete AI policy, the system prompts used for every feature, and an honest disclosures section that names what it has not done yet.
Data policy
- We do not train on your data. Your contracts, case files, and chat messages are never used to train models for us or any third party.
- We do store AI inputs and outputs for 90 days for debugging and audit. Older entries are pruned automatically.
- Data deletion within 30 days upon request to hal.inc.tech@gmail.com.
Providers
- Moonshot AI (Kimi K2.5) — primary LLM for all AI features.
- Anthropic (Claude) — fallback when Kimi is unavailable.
- Tesseract — open-source OCR for scanned PDFs, runs on our servers with no third party.
Encryption
- In transit: TLS 1.3 (AES-256-GCM), HSTS enforced.
- At rest: AES-256 column-level encryption via pgcrypto on emails, names, addresses, and document content.
- Passwords: bcrypt with 12 rounds.
Honest disclosures
- PrimaCoda is not SOC 2 certified. Enterprise customers requiring SOC 2 should consider Qualia or similar.
- Full-disk encryption (LUKS) is not yet enabled — on the roadmap. Column-level encryption is active on all sensitive fields.
- AI outputs may contain errors. Always review AI-generated documents before signing or filing.
The complete list of 8 system prompts, full policy text, and live AI usage is at primacoda.halinc.tech/ai-transparency.