Veto Chamber Research
Research consent and prompt handling.
Plain-language disclosure of what happens to the prompts you submit to the Veto Chamber and the homepage instant test.
What we collect
Two paths.
If you consent
- - Your prompt text, after PII scrubbing.
- - Verdict and metadata (level, scenario, attack class, model version).
- - Hashed fingerprint (browser canvas + locale - not your IP).
- - A SHA-256 hash of the prompt for deduplication.
If you do not consent
- - We still return the verdict to you.
- - We store the verdict, level, scenario, and timestamp only.
- - We do not store the prompt content.
How PII scrubbing works
Before storage, not after.
Before any prompt is written to storage we run pattern-based redaction for: credit-card numbers (Luhn-validated), email addresses, phone numbers, API keys and secret tokens, BIP39 seed phrases, IBANs, US SSNs, India PAN / Aadhaar, generic EU national IDs, IPv4 and IPv6 addresses. Each match is replaced with a tagged placeholder (for example, [REDACTED_EMAIL]). The list of redaction types that fired is stored alongside the scrubbed text so we can audit accuracy. The raw prompt is never written to storage.
Why we collect this
To make the gate better.
NukonAI is training a runtime security model named nukonai-threat-8b. Real attack attempts - and real benign prompts - are the most useful signal for that model. We use stored prompts to evaluate detector coverage, label new attack classes, and tune the semantic layer. We do not sell prompts to third parties.
Your rights
Opt out anytime.
- - You can revoke consent at any time by clearing the
nai_research_consentcookie or by emailingakhil@nukonai.com. - - You can request deletion of any prompts associated with your fingerprint hash.
- - DPDP / GDPR / CCPA data subject access requests: reply within 30 days.
Retention
Bounded.
Stored prompts roll over after 99,999 entries (oldest first). For long-term training datasets we re-scrub and de-duplicate before any extract is exported to a model-training environment.