Privacy & Data Transparency
This is not a legal document. It is a plain-language explanation of exactly what we store, what we cannot do, and how the system works.
What we store
✓Your email — encrypted. We cannot read it without your session.
✓Your enhancement history — encrypted, linked to your account ID only.
✓Anonymized usage patterns — no identity, used to improve the service.
What we cannot do
✗Read your queries without your account being active.
✗Link your conversations to your email from a database dump alone.
✗Sell your data. The architecture prevents it — your identity and your conversation history live in separate encrypted stores.
Your rights
How it works (technical)
Three separate PostgreSQL schemas: identity (your email, tier), activity (encrypted conversations, no email), analytics (anonymized, no user ID). No foreign key constraints between identity and activity — the schemas cannot be joined by accident. Conversation content is encrypted with AES-256-GCM before storage. The encryption key lives in environment variables, not in the database.
If you have questions about our data practices, reach out via the in-app support channel.