Legal
Privacy policy
What DiffAudit reads, stores, and displays across login, workspace, and docs flows.
Account and identity data
When you sign in with Google or GitHub, DiffAudit reads only the minimum fields required for account identification: name, email, avatar, and provider identity.
These fields are used only to create or link your DiffAudit account, display the signed-in user, and restore access state inside the workspace.
Task and runtime data
The workspace displays task status, target model, audit metrics, and report summaries. This data is used for membership inference risk evaluation only.
Local preferences such as theme, language, default parameters, and Runtime endpoint are stored in browser-local storage so the UI can restore your last-used state.
Security boundary
DiffAudit is an audit platform. It does not automatically deploy defenses or share your model data with external services.
If email verification, API keys, or external Runtime integration are enabled, those capabilities remain bounded to the current deployment environment.