Privacy Policy

1. About This Policy

This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use the Service (the chat platform and its integrated AI models).

If you do not agree with this Policy, please do not access or use the Service.

2. Information We Collect

• Account Data: username, email address, password hash, preferred language and settings.

• Chat Content: messages, prompts and files you submit or receive.

• Usage Data: log files, device identifiers, IP address, timestamps, feature interactions and error reports.

• Cookies & Similar Tech: authentication tokens and analytics cookies (see Section 9).

3. How We Use Data

• Provide and secure the Service, including spam and abuse prevention.

• Route your prompts to third‑party model providers (e.g., OpenAI, Anthropic) to generate responses.

• Improve and debug features, analyse performance and develop new functionality.

• Send transactional messages (password resets, service announcements). Marketing e‑mails are sent only with your consent.

4. Legal Bases (GDPR)

We process your data under one or more of the following bases: consent, contract performance, legitimate interests (e.g., network security) and compliance with legal obligations.

5. How We Share Data

• Model Providers: we transmit your prompts and context to OpenAI, Anthropic or any provider you explicitly choose.

• Service Vendors: hosting, analytics, email delivery and error monitoring providers bound by contracts to process data only on our instructions.

• Legal or Safety Reasons: to comply with law, enforce Terms, or protect rights, property or safety.

• Business Transfers: as part of a merger, acquisition or asset sale with notice to you.

6. International Transfers

Your data may be transferred outside the EEA. Where required, we rely on Standard Contractual Clauses or adequacy decisions.

7. Data Retention

Account data is kept while your account is active plus 30 days. Chat content and logs are retained for 24 months unless you delete them sooner or law requires longer storage.

8. Security

We employ industry‑standard encryption in transit, at‑rest key management, access controls and routine penetration testing. No internet service is 100 % secure, so we cannot guarantee absolute protection.

9. Your Rights

• GDPR: access, rectification, erasure, restriction, objection and data portability.

• CCPA: right to know, delete and opt‑out of 'sale' or 'sharing' of personal information.

You may exercise rights from your account settings or by emailing [email protected].

10. Cookies & Similar Technologies

We use first‑party cookies for authentication and CSRF protection, plus privacy‑respecting analytics (Plausible) that do not set tracking cookies.

You can block cookies in your browser; some features may stop working.

11. Children

The Service is not directed to children under 13. We do not knowingly collect data from children. If we learn we have done so, we will delete that data promptly.

12. EU Digital Services Act Disclosures

Average monthly active recipients in the EU are published on our website and updated every 6 months, as required by Article 24 (2) DSA.

13. Changes to This Policy

We may update this Policy from time to time. If changes are material we will provide 30 days’ prior notice. Continued use after the effective date constitutes acceptance.

14. Contact

Questions or requests? E‑mail us at [email protected].