Privacy Policy
Last updated: 2026-05-11
1. What we store
Your row in public.users holds: email (from Google sign-in), role, terms-acceptance timestamp, plus a JSONB blob of your model preferences. We also store:
- Provider credentials — encrypted at rest with AES-GCM using a key that lives only in the server environment. The plaintext is decrypted only in memory during a request.
- Request usage logs — model, provider, token counts, latency, cost, timestamp, status. Prompt text and completion text are NOT logged.
- Plugin embeddings — only if you install
claude-contextorsupermemoryand explicitly send content through them. Strictly partitioned per-user.
2. What we don't store
- Prompt contents.
- Completion contents.
- Any data sent to upstream providers beyond the usage metadata above.
3. Third parties
Every /v1/* call is forwarded to the upstream provider you configured. Their privacy policy applies to the prompt and completion text passing through. We do not share your data with any other third party.
4. Cookies
One signed session cookie from Neon Auth (Better Auth under the hood). No analytics cookies, no third-party trackers.
5. Deleting your data
Delete your account from the Settings page and ON DELETE CASCADE wipes every row keyed to your user_id. There is no soft-delete and no recovery — the only copy of your data is what's in the database when you click delete.