Policies
The policies that govern how we build and how Studio is used.
Customer-facing policies
These govern customer use of PeerAI Studio and related services.
- Acceptable Use Policy
Permitted and prohibited uses of Studio and its AI features. Studio may not be used to generate disallowed content (per the underlying model provider's policies) or for activities prohibited by applicable law.
- Privacy Policy
How PeerAI handles operational data (license activation, optional crash reports). Customer code, prompts, and model outputs are not in scope because they don't flow to PeerAI.
Data privacy - Terms of Service
Master terms governing use of Studio and PeerAI-operated services (Marketplace, licensing).
- Data Processing Agreement (DPA)
Standard DPA available under NDA on request. Scope is limited to PeerAI's operational subprocessors.
Documents
Internal policies (summarised)
Summarised here; full documents ship with SOC 2 Type I attestation.
- Information Security Policy
Governs how PeerAI engineers protect production systems and customer-relevant infrastructure.
- Vulnerability Management Policy
Cadence (daily scans + per-release gate), severity targets (30 days for critical), and disclosure flow.
- Access Control Policy
Least-privilege access, MFA required, quarterly review for production access.
- Change Management Policy
Branch flow, code review, release security gate, signed commits.
- Incident Response Policy
Detection, classification, customer notification, remediation, post-mortem.
- Business Continuity Policy
RTO targets per service; failover and recovery procedures.
- Acceptable Use Policy (internal)
Engineering use of corporate accounts and dev infrastructure.
- Background Check Policy
Pre-employment background checks per applicable jurisdiction.