Policy // Privacy
Collect less. Explain the rest.
Last updated July 14, 2026
This draft describes the application's intended data flow. Replace company identity, contacts, subprocessors, jurisdictions, and retention periods before launch.
Data we process
- Account data: email, display name, password hash, plan, and billing-provider identifiers.
- Web chat: conversation titles, message content, selected model, and timestamps.
- Web-chat agent tools: search queries, requested page URLs, tool timing/status, and retrieved web material used to produce an answer.
- Developer API: hashed key, prefix, model, token counts, latency, status, and request ID. Direct API prompt text is not persisted by the application.
- Security data: session hashes, IP-derived rate-limit signals when deployed at the edge, and abuse or incident records.
Why we process it
We process data to authenticate users, provide chat history and inference, enforce quotas, bill paid plans, secure the service, investigate abuse, comply with law, and improve reliability.
Providers and transfers
Postgres hosting, model inference, payments, email, observability, and edge protection may be supplied by subprocessors. When agent tools are enabled, the application sends search queries to the configured Exa MCP service and requested page URLs to the configured Jina Reader service. Those providers can process request metadata and returned web content under their own terms; retrieved material may also appear in the assistant message stored with the conversation. The public developer API does not invoke these agent tools. List the actual vendors, locations, retention settings, and data-processing terms before production traffic.
Agent-tool cautions
Do not include secrets, sensitive personal data, private links, or access tokens in a web-search request. Retrieved pages are untrusted and may contain inaccurate content or prompt-injection instructions; the application treats them as evidence rather than authority, but no automated defense is perfect.
Retention and controls
Add working export and deletion flows before claiming self-service privacy rights. Define retention for deleted chats, backups, usage ledgers, fraud evidence, and legal holds. Revoke API keys immediately when requested.
Contact
Replace this section with the operator's legal name, postal address, privacy email, data-protection contact where required, and jurisdiction-specific rights instructions.