← Back to Dashboard

Privacy Policy

Portage Development Services LLC · shroud.us

Last Updated: March 30, 2026

1. Introduction

Portage Development Services LLC (“we,” “us,” or “our”) operates Shroud (shroud.us). This Privacy Policy explains what information we collect, how we use it, who we share it with, how long we keep it, and what rights you have. By using Shroud, you agree to the practices described here.

This Policy applies to all users of Shroud, including those interacting via our web interface or API, regardless of where they are located.

2. Information We Collect

2.1 Information You Provide

When you register for or use Shroud, we collect:

  • Telegram account — used for account creation, authentication, billing communications, and support
  • Payment information — processed by Stripe on our behalf; we do not store card numbers or banking credentials on our own systems
  • Account settings and preferences you configure

2.2 Usage and Technical Data

When you use our API or platform, we automatically collect:

  • API usage logs — request timestamps, endpoint accessed, HTTP status codes, and error information
  • Compute Unit (CU) consumption and token counts — for billing and account analytics
  • Session metadata — IP address, browser type, and device identifiers, used for security and fraud prevention
  • x402 transaction metadata — for programmatic and agent payments: on-chain transaction ID, wallet address, token type (TON or USDT-TON), amount, and timestamp; retained for billing verification and dispute resolution

2.3 Inference Workload Data — Confidential Compute

Shroud processes all inference workloads inside Trusted Execution Environments (TEEs). By architectural design, the content of your prompts and model outputs is not accessible to Portage Development Services LLC personnel at any point during processing.

Shroud implements a Selective Disclosure Protocol that gives you explicit control over which usage metadata is visible to the Shroud gateway (shroud-go). The TEE enforces this configuration at the hardware level. The following fields are available for disclosure, grouped by category:

Token Counts:

  • prompt_tokens — number of prompt tokens processed
  • cached_tokens — number of tokens served from cache
  • completion_tokens — number of completion tokens generated
  • reasoning_tokens — number of internal reasoning tokens (model-dependent)
  • total_tokens — total tokens consumed in the request

Timing (if measure_time is enabled):

  • proxy_start_time / proxy_end_time — gateway processing timestamps
  • worker_start_time / worker_end_time — compute worker processing timestamps

Request Metadata:

  • model — the model identifier used for the request

Debug (only when explicitly enabled):

  • worker_debug — debug output from the compute worker
  • proxy_debug — debug output from the Cocoon proxy

By default, only total_tokens and model are disclosed to the gateway (the minimum required for billing). You may disclose additional fields via SDK configuration. The complete usage dataset — all fields above — is always delivered to you via your encrypted SDK channel, signed by the TEE, and never accessible to Portage Development Services LLC personnel.

If you explicitly opt in to analytics or logging features within your account dashboard, inference metadata you choose to expose may be stored and displayed under your account.

2.4 Tool Use and MCP/RPC Logs

When you use Shroud for tool-use workloads via MCP or RPC integrations, we store the full request and response data associated with those interactions. This includes all fields described in Section 2.3 above, plus the tool call payloads and responses. This data is retained for billing verification, debugging, and service reliability for a period of 12 months, after which it is deleted or anonymized.

If you have questions about what is retained for your tool-use workloads, contact us at info@alphaton.capital.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, maintain, and improve Shroud
  • Process payments and manage your CU balance and billing records
  • Detect and prevent fraud, abuse, and security incidents
  • Send transactional emails (account verification, billing receipts, dispute alerts, service notices)
  • Respond to support requests
  • Comply with legal obligations and enforce our Terms of Service

We do not use your data to train AI or machine learning models. We do not sell your personal data to any third party.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR) and equivalent legislation:

  • Contract performance (Article 6(1)(b)) — processing necessary to provide the services you have requested, including billing, account management, and API delivery
  • Legitimate interests (Article 6(1)(f)) — fraud prevention, security monitoring, and service improvement, where these interests are not overridden by your rights
  • Legal obligation (Article 6(1)(c)) — retention of financial records and compliance with applicable law
  • Consent (Article 6(1)(a)) — where you have explicitly opted in to optional features such as inference analytics logging; you may withdraw consent at any time

5. How We Share Your Information

5.1 Payment Processor — Stripe

Payment card and transaction data is processed by Stripe, Inc., which acts as our payment processor and data processor under a Data Processing Agreement. Stripe operates under its own Privacy Policy (stripe.com/privacy).

5.2 Infrastructure and Service Providers

We may share data with trusted third-party vendors who assist us in operating the platform — including cloud infrastructure providers and transactional email services. These vendors are contractually bound to protect your data and may not use it for any purpose beyond providing services to us.

5.3 Legal Requirements

We may disclose your information where required by law, court order, regulation, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Portage Development Services LLC, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may transfer to the acquiring entity. We will notify affected users by email or prominent platform notice before such a transfer and before data becomes subject to a materially different privacy policy.

5.5 Analytics

We currently do not use third-party behavioral analytics tools (such as Google Analytics, Mixpanel, or similar services). If this changes, we will update this Policy and notify users in advance.

6. Data Retention

  • Account and billing data: retained for the duration of the account relationship, plus a minimum of 7 years to comply with applicable financial and tax record-keeping requirements
  • API usage logs and token counts: retained for 24 months, then deleted or anonymized
  • Tool-use / MCP / RPC logs (full payloads): retained for 12 months, then deleted or anonymized
  • Inference content (if you have opted in to analytics logging): retained until you delete it or close your account
  • Security and fraud prevention logs: retained for up to 12 months

When you close your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data, subject to legal retention obligations
  • Portability — request your data in a structured, machine-readable format
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting prior processing

EEA, UK, and Swiss residents additionally have the right to lodge a complaint with their local data protection authority.

To exercise any of these rights, contact us at info@alphaton.capital. We will respond within 30 days (or within 72 hours for data breach notifications where required). We may require identity verification before processing your request.

8. International Data Transfers

Shroud is operated from the United States. If you access the service from outside the United States, your personal data will be transferred to and processed in the United States, which may have data protection laws different from those in your country.

For users in the EEA, UK, or Switzerland: where we transfer personal data to the United States or other third countries, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) adopted by the European Commission, or other legally recognized transfer mechanisms under applicable data protection law.

9. Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  • Trusted Execution Environments (TEEs) providing hardware-level confidentiality for all inference workloads
  • HTTPS/TLS encryption for all data in transit
  • Encrypted channels between the SDK and TEE for all usage data
  • Access controls limiting internal access to personal data on a strict need-to-know basis
  • Stripe’s PCI DSS-compliant infrastructure for all payment processing

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify affected users and relevant authorities in the event of a personal data breach as required by applicable law.

10. Cookies

We use only functional and session cookies strictly necessary for platform operation (authentication, session management, security). We do not use advertising, behavioral profiling, or third-party tracking cookies. You may control cookie behavior through your browser settings; disabling functional cookies may impair platform functionality.

11. Children’s Privacy

Shroud is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that personal data has been collected from a person under 18, we will delete it promptly. If you believe this has occurred, contact us at info@alphaton.capital.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by posting a prominent notice on the platform, updating the “Last Updated” date at the top of this document. Where required by law, we will obtain your consent before implementing material changes.

13. Contact and Data Controller

Portage Development Services LLC is the data controller for personal data collected through Shroud.

Portage Development Services LLC

111B South Governors Avenue, Suite 25907, Dover, Delaware 19904

Email: info@alphaton.capital

Website: shroud.us

For privacy-specific requests including data subject rights, contact us at info@alphaton.capital with the subject line “Privacy Request.”