Privacy Policy

We collect authentication information returned through Google sign-in, including name, email address, and Google account identifiers.

We store chat inputs, generated outputs, conversation context, selected model information, conversation titles, attachments, and attachment storage metadata needed to operate the product.

We store usage and billing data such as message counts, input and output token totals, usage timestamps, plan type, billing state, and Stripe customer or subscription identifiers used for quota enforcement and billing operations.

We store policy consent records, including accepted document versions, locale, and user agent, as evidence of consent.

We use cookies for locale preference, theme preference, and the pre-sign-in policy consent flow. At the time of this version, this repository does not include advertising cookies or analytics SDKs.

Collected information is used for authentication, account management, storing chat history, generating AI responses, storing and serving attachments, enforcing usage limits, billing operations, and support.

It is also used to prevent abuse, investigate incidents, maintain security, retain evidence of policy acceptance, deliver important notices, and improve product quality and reliability.

The service does not use user inputs or outputs to train, retrain, or fine-tune its own models. Additional explanation and official references for external AI providers are listed on the Security page.

The service integrates with Google authentication, Stripe, OpenAI, Anthropic, Google Gemini, and Supabase Storage. The current destinations, transmitted data, and purposes are also described on the External Transmission page.

Google receives account information for authentication and account creation. Stripe receives customer identifiers, plan information, and subscription state for billing and subscription management.

AI model providers receive chat content submitted by the user, conversation context required to generate a response, selected model metadata, and attachment contents. When search-enabled responses are used, provider-backed search tools may also be invoked.

Supabase Storage receives attachment files and the metadata required to store and serve them.

Account data, chat history, attachments, usage records, and consent records are retained for as long as reasonably necessary to provide the service, verify identity, respond to security issues, handle billing matters, and comply with legal obligations.

When a user deletes an account, the account, chats, messages, and stored attachment data in the service are targeted for deletion. Some information may still be retained where required for legal compliance, accounting, fraud prevention, dispute handling, or similar legitimate needs.

Information that is no longer needed may be deleted or anonymized. Deletion across backups or external provider logs may take additional time.

The operator implements reasonable safeguards such as authentication, access control, least-privilege handling, log review, and secret management to reduce the risk of leakage, loss, tampering, or unauthorized access.

External processors and service providers are used only to the extent necessary to operate the service, and their security terms or service conditions may be reviewed as part of that use.

Users may request disclosure, correction, addition, deletion, suspension of use, or similar handling of retained personal data as permitted by applicable law. See the Privacy Requests page for the request channel and process.

Users may also delete their account from the in-product settings screen. Some requests may be limited where legal exceptions, retention duties, identity-verification issues, or technical constraints apply.

Users should exercise their own judgment before submitting confidential, sensitive, or business-critical information.

AI outputs are not automatically guaranteed to be accurate, complete, lawful, or appropriate for a specific purpose, so users must verify important uses on their own.

This Policy may be updated when necessary.

If material changes are made, notice will be provided through the service or another reasonable method, and renewed consent may be requested when necessary.