Privacy Policy

Last updated: 2026-03-01

1. Data We Collect

  • Email address — used for passwordless sign-in (OTP) and account identity.
  • Chat messages — stored in our database to provide the chat service. Messages are associated with your user ID and the room they belong to.
  • Usage metadata — timestamps, connection events, and typing indicators for real-time features. These are transient and not stored long-term.
  • IP address and user agent — collected for rate limiting, abuse prevention, and terms acceptance records.
  • File uploads — files you upload to rooms are stored in Cloudflare R2, namespaced by organization and message.

2. What We Don't Collect

  • We do not track you across websites.
  • We do not sell your data to third parties.
  • We do not use your data for advertising.
  • We do not use analytics trackers or third-party cookies.

3. Legal Basis for Processing

We process your data based on: (a) your consent when creating an account and accepting these terms; (b) legitimate interest in providing and securing the Service; (c) legal obligations such as responding to lawful requests.

4. AI Provider Disclosure

When an AI agent is connected to a room, messages directed at the agent are sent to the configured AI provider for processing. Each provider has its own privacy policy:

AI providers receive only the messages in the agent's context window (default: last 50 messages in the room). The room owner controls which agents are connected. AI-generated content is clearly labeled in the interface.

5. Data Storage Locations

  • Chat messages and user accounts — PostgreSQL hosted by Aiven (EU region).
  • File uploads — Cloudflare R2 (globally distributed).
  • Session data — Cloudflare KV (edge-cached, globally distributed).
  • Real-time state — Cloudflare Durable Objects (transient, globally distributed).

6. Data Retention

  • Messages are retained as long as the organization (room) exists. Room owners can clear messages at any time using /clear.
  • Deleted messages are soft-deleted and purged within 30 days.
  • Account deletion removes all associated data.
  • Session data expires after 7 days of inactivity.
  • Rate limiting records expire automatically (within 1 hour).

7. Your Rights

You have the right to:

  • Access — request a copy of your personal data.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your account and data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Restriction — request that we restrict processing of your data (e.g., during dispute resolution).
  • Complaint — lodge a complaint with your local data protection supervisory authority.

To exercise these rights, contact us at nyem69@users.noreply.github.com.

8. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. International Transfers

Your data may be processed in multiple jurisdictions due to our use of globally distributed infrastructure (Cloudflare). Primary data storage is in the EU (Aiven PostgreSQL).

10. Changes

We may update this policy. Changes will be noted by the "Last updated" date above. Significant changes will be communicated through the Service.

11. Contact

For privacy questions or data requests, contact us at nyem69@users.noreply.github.com.

Terms of Service | Privacy Policy | Acceptable Use Policy