When you use AI features, your messages are sent to the AI provider you selected (Anthropic, OpenAI, or Google). These providers process your messages to generate responses. Your data is not used for model training by any of these providers when accessed via their APIs.
Your API key is encrypted at rest and only decrypted server-side when making requests to the provider.
Your data is retained for as long as your account is active. You can delete all your data at any time using the "Delete My Account" option in your profile settings. Account deletion is immediate and irreversible.
We use encryption in transit (HTTPS) and at rest for sensitive data like API keys. Authentication is handled by Supabase Auth with support for multi-factor authentication. Sessions use secure, HTTP-only cookies with refresh token rotation.
For privacy-related questions or concerns, please open an issue on the project repository or contact the project maintainer.