Privacy Policy

Last updated: 2026-04-26

What we collect

  • Account data — email, password hash (Supabase Auth), API keys you create, billing address you submit to Stripe.
  • Usage metadata — per API call we record timestamp, mode (e.g. quick, perplexity_live), cost in cents, balance after, cache tier hit (L1/L2/L3 or miss), upstream success/failure status, and which providers were called. We do not store request bodies (your queries) or response bodies (the LLM answers) beyond the brief in-memory window required to deliver the call and apply refunds on partial failures.
  • Payment data — handled by Stripe. We never see or store full card numbers. We retain Stripe customer IDs and the last 4 digits of the saved card for display.

What we don't collect

  • We don't store the queries you submit or the answers we return beyond the request window.
  • We don't sell or rent your data.
  • We don't use your queries to train any AI models — neither ours (we don't train any) nor the upstream providers that run your calls.

How long we keep data

  • Usage events — retained 90 days for billing audit, then aggregated to monthly totals and the per-event rows are deleted.
  • Account data — kept while your account is active. Deleted within 30 days of account closure.
  • Stripe data — governed by Stripe's privacy policy.

Subprocessors

We use a small set of subprocessors to deliver the Service. Material subprocessors (account auth, scraping infra, billing) are documented in our security overview at /docs/security.

Cookies

We use first-party session cookies for authentication on /app. We do not use third-party tracking, analytics, or advertising cookies.

Your rights (GDPR/CCPA)

You may request a copy of your data, correct inaccurate data, or delete your account and all associated data by emailing [email protected]. We'll respond within 30 days.

Security

API keys are hashed at rest. Webhook signing secrets are encrypted using pgcrypto when configured. Database connections are TLS-only. Cloudflare Workers run inside isolated V8 isolates per request. See /docs/security for the full security overview.

Contact

Privacy questions: [email protected].