Privacy & Intelligence
Glazyr Viz is built on the principle of Zero-Copy Privacy. We provide the optic nerve for agents without ever compromising the integrity of the host environment.
Scope & Applicability
This Privacy Policy applies to all users of the Glazyr Viz platform ("Platform"), operated by MAGNETAR SENTIENT L.L.C. ("Company", "we", "us"). It covers all products, services, and APIs provided via glazyr.com, mcp.glazyr.com, and associated infrastructure.
This policy is designed to comply with applicable United States state-level data privacy legislation, including the Iowa Consumer Data Protection Act (ICDPA, effective January 1, 2025), the California Consumer Privacy Act (CCPA/CPRA), and other 2025/2026 state privacy laws.
Zero-Copy Perception Architecture
Unlike traditional agentic scrapers that exfiltrate screenshots to third-party VLMs, Glazyr Viz operates directly within the Chromium Viz subsystem. Our architecture is designed with privacy as a foundational principle:
- Pixel data is processed within the secure POSIX shared memory buffer (
/dev/shm) and is never transmitted to external third parties. - Semantic chunking reduces the raw frame to a 461-byte context payload (98.7% token reduction) prior to any LLM inference.
- Visual analysis is processed on our secure GCP "Big Iron" infrastructure. Raw pixel data does not leave this controlled environment.
- For remote deployments, the Binary WebSocket channel uses zstd compression with end-to-end encryption.
Data Categories Collected
We collect the following categories of personal data, strictly limited to what is necessary for platform operation:
Identity Data
Public profile name, primary email address, and unique provider ID from OAuth providers (GitHub, Google). Used to provision your secure compute namespace.
Session & Authentication Data
Cryptographically signed session tokens stored in our isolated Upstash Redis ledger. Used for Zero-Trust identity verification.
Performance Telemetry
FPS, latency, throughput, and frame count metrics. Strictly decoupled from interaction content. Used to maintain 7.35ms benchmark targets.
Payment Data
Fiat: processed via Stripe (PCI-compliant, we never store card data). On-chain: wallet address for USDC transaction verification only.
Visual Frame Metadata
Frame sequence IDs, resolution, and timestamp data. Raw visual content is processed ephemerally and not persistently stored.
Analytics Data
Google Analytics collects standard web analytics (page views, session duration, device type). Governed by Google's privacy policy. You may opt out via browser settings.
Purpose of Processing
We process your data exclusively for the following purposes:
- Platform Operation: Authenticating users, provisioning compute resources, executing agent commands, and delivering vision extraction results.
- Billing & Settlement: Processing payments via Stripe and on-chain settlement, tracking frame consumption against your account balance.
- Performance Optimization: Aggregating telemetry to maintain sub-16ms latency benchmarks and system reliability.
- Security & Compliance: Monitoring for unauthorized access, enforcing rate limits, and maintaining audit logs.
We do not use your data for: AI model training, targeted advertising, behavioral profiling, or sale to third parties.
Your Rights Under State Privacy Law
Under the Iowa Consumer Data Protection Act (ICDPA), California Consumer Privacy Act (CCPA/CPRA), and other applicable state privacy laws, you have the following rights:
Right to Confirm
You may confirm whether we are processing your personal data.
Right to Access
You may request a copy of the personal data we hold about you.
Right to Delete
You may request permanent deletion of your personal data from our systems.
Right to Portability
You may obtain a portable copy of the data you have provided to us.
Right to Opt-Out of Sale
You may opt out of the sale of your personal data. We do not sell personal data.
Right to Opt-Out of Targeted Advertising
You may opt out of targeted advertising. We do not engage in targeted advertising.
Data Subject Access Requests (DSAR)
To exercise any of the rights described above, submit a request to:
support@glazyr.com
MAGNETAR SENTIENT L.L.C. • DSAR Processing Department
We will verify your identity using the email address associated with your OAuth provider. Requests will be processed within 45 days. Under the ICDPA, if we are unable to comply, we will provide a written explanation and you may appeal the decision.
Under Iowa law, controllers have a 90-day cure period to remediate identified violations before enforcement action. We are committed to prompt resolution of all privacy concerns.
Data Security & Breach Notification
We implement reasonable administrative, technical, and physical data security practices proportionate to the volume and nature of the data processed:
- Chromium Hardening: ThinLTO/CFI hardened Chromium Viz compositor with restricted memory access patterns.
- Transport Security: zstd-compressed Binary WebSocket with TLS 1.3 for all remote frame transmission.
- Session Isolation: Cryptographically signed tokens stored in isolated Upstash Redis with per-user namespacing.
- Infrastructure: GCP "Big Iron" compute with VPC isolation, IAM-restricted access, and automated security patching.
Breach Notification: Under Iowa Code Chapter 715C, any security breach compromising the personal information of 500 or more Iowa residents will be reported to the Consumer Protection Division Director within five business days of notifying affected individuals.
Third-Party Services
We integrate with the following third-party service providers. Each operates under their own privacy policies:
Stripe
Fiat payment processing. PCI-DSS Level 1 compliant. We never store payment card data.
GitHub / Google OAuth
Authentication providers. We receive only public profile name, email, and provider ID.
Google Cloud Platform
Compute infrastructure for the "Big Iron" vision pipeline. Data stays within GCP VPC boundaries.
Upstash Redis
Session and ledger storage. Encrypted at rest and in transit. Per-user namespace isolation.
Google Analytics
Standard web analytics. You can opt out via browser settings or the Google Analytics Opt-out Browser Add-on.
Base Network (Coinbase)
On-chain USDC settlement via the x402 protocol. Wallet addresses are used only for transaction verification.
Opt-Out Mechanisms
You may exercise the following opt-out rights at any time:
Performance Telemetry
Email support@glazyr.com with subject "OPT-OUT TELEMETRY" to disable aggregated performance metric collection for your account.
Google Analytics
Install the Google Analytics Opt-out Browser Add-on or enable "Do Not Track" in your browser settings.
Account Deletion
Email support@glazyr.com with subject "DELETE ACCOUNT" to permanently delete all data associated with your account, including session tokens, credit balance, and telemetry history.
Developer Rights
As a user of the Glazyr Viz platform, you retain absolute ownership of the prompts, logic, and outputs produced by your agents. We provide the infrastructure; you own the results. For audit requests, data export, or account purging, contact support@glazyr.com.