Privacy Policy

NO WARRANTIES: We make NO representations, warranties, or guarantees regarding the privacy, security, or confidentiality of any data you submit to this service, including but not limited to:

• Data breaches: Your data may be exposed, intercepted, leaked, or stolen at any time
• Unauthorized access: We cannot guarantee that your conversations will remain private or secure
• Third-party exposure: Data sent to AI providers (OpenAI, Anthropic, Google, etc.) is subject to their own policies and practices over which we have NO control
• Encryption failures: Any encryption implemented may fail, be compromised, or be improperly configured
• Data retention: We make no guarantees about how long data is retained or that deletion requests will be honored
• Compliance: No representation is made that this service complies with GDPR, CCPA, HIPAA, or any other privacy regulation

We may collect, store, process, or expose the following data (list is not exhaustive and may change without notice):

YOUR DATA IS SHARED WITH THIRD PARTIES. By using this service, you acknowledge and accept that:

• All conversations are sent to third-party AI providers (OpenAI, Anthropic, Google, etc.) and are subject to their privacy policies
• We have NO control over how these providers handle, store, or use your data
• Payment data is processed by third-party payment providers (Rapyd)
• We may share data with other third parties at our discretion without notice
• Third parties may use your data for training AI models, analytics, or other purposes
• We are NOT responsible for third-party data breaches, misuse, or policy changes

ASSUME YOUR DATA IS NOT SECURE. While we may implement various security measures, we make NO guarantees that:

• Your data will be encrypted at rest or in transit
• Encryption will be properly implemented or unbreakable
• Unauthorized parties cannot access your data
• We will detect or notify you of security breaches
• Security vulnerabilities will be patched promptly or at all
• Our systems are protected against attacks or failures

DO NOT submit sensitive, confidential, or legally protected data to this service.

Current Encryption Implementation:

• Server-side encryption (default): All messages and conversation titles are encrypted at rest in our database using AES-256-GCM encryption
• Transport encryption: All data is transmitted over HTTPS/TLS
• Privacy-focused logging: Sensitive data is automatically sanitized from logs using our safeLog utility
• Client-side encryption (optional, in development): Additional zero-knowledge encryption option where keys never leave your browser

Important Limitations:

• Server-side encryption means the server holds the encryption key - this is NOT zero-knowledge encryption
• Encryption protects data at rest but does not prevent server-side access or breaches
• Conversations are sent to third-party AI providers (OpenAI, Anthropic, Google) where they are processed per those providers' policies
• Encryption implementation may have vulnerabilities or may be improperly configured
• We make no representation that our encryption meets any particular security standard

The disclaimers above still apply: we are NOT liable for data breaches, encryption failures, or security incidents even though encryption is implemented.

We make NO guarantees about:

• How long your data will be retained
• Whether deletion requests will be honored
• Whether "deleted" data is truly removed from all systems
• Whether backups containing your data will be destroyed
• Whether third parties will delete data we've shared with them

Assume that any data you submit may be retained indefinitely and cannot be fully deleted.

YOU are responsible for:

• Determining whether this service is appropriate for your use case
• Understanding and accepting all privacy and security risks before use
• NOT submitting any data you cannot afford to lose or have exposed
• Complying with all applicable laws regarding data protection
• Reading and understanding the privacy policies of all third-party AI providers
• Assuming ALL risk of data loss, exposure, or misuse

WE ARE NOT LIABLE FOR ANY PRIVACY BREACHES, DATA LOSS, OR SECURITY INCIDENTS.

To the maximum extent permitted by law, we shall NOT be liable for any damages arising from:

• Data breaches, leaks, or unauthorized access to your data
• Loss, corruption, or exposure of conversations or account information
• Third-party misuse of your data
• Failure to delete data as requested
• Security vulnerabilities or system compromises
• Non-compliance with privacy regulations (GDPR, CCPA, etc.)
• Any other privacy or security-related claims

We may change this privacy policy at any time without notice. Your continued use constitutes acceptance of any changes. We are NOT obligated to notify you of changes.

For privacy-related questions or concerns, you may attempt to contact us via the repository issues. We make NO guarantees about response times or whether inquiries will be addressed.