Last updated: 26 March 2026
This policy explains what data we collect, why, and how we handle it.
This Service is operated by an independent developer based in the United Kingdom. For the purposes of UK GDPR, the developer is the data controller for personal data collected through the Service.
2.1 Account Data (via Google OAuth) – Google ID, email, display name, profile picture URL.
2.2 Conversation & Session Data – Prompts, AI outputs, templates, bookmarks, attachments, and session metadata.
2.3 Billing Data – Stripe customer/subscription IDs, plan type, subscription status. Full card details are never stored.
2.4 API Keys – Encrypted server-side using Fernet symmetric encryption; never logged in plaintext.
2.5 Technical Data – Request metadata, user IDs, truncated user-agent. Sentry may receive error data.
2.6 Browser Local Storage – UI preferences stored on your device only.
Contract performance, legitimate interests, and legal obligation. No automated decision-making or profiling.
Account management, service provision, billing, security monitoring, and legal compliance. We do not sell or share data for marketing.
Google (OAuth), Stripe (payments), and Sentry (error monitoring) each operate under their own privacy policies.
Retained while your account is active. Deleted/anonymised within a reasonable period after account deletion, except as required by law.
Access, rectification, erasure, restriction, data portability, and objection. Contact us or lodge a complaint with the ICO at ico.org.uk.
Encryption at rest, HTTPS in transit, access controls. Beta status means absolute security cannot be guaranteed.
Browser local storage only. No third-party tracking or analytics.
Not directed at children under 13.
Updates posted with a new effective date. Continued use constitutes acceptance.
Contact the developer through the details on the Service's website.