Privacy Policy

Last updated: March 29, 2026

What We Collect

Account data: Email address, name (optional), GitHub ID (if using OAuth).

Usage data: Request counts, token usage, credit consumption, timestamps.

Request logs: We store truncated versions of prompts and responses (first 2,000 characters) for billing accuracy and service improvement. Full prompts and responses are not permanently stored.

Payment data: Processed by Stripe. We do not store credit card numbers.

How We Use It

• Authenticate you and manage your account
• Track credit usage and enforce billing limits
• Improve the service (aggregate usage patterns, not individual prompts)
• Send you important account notifications

Third Parties

Your prompts are sent to AI providers to generate responses:

• OpenAI — processes prompts for GPT models
• Anthropic — processes prompts for Claude models
• Stripe — processes payments
• AWS — hosts our infrastructure

Each provider has their own privacy policy governing how they handle data.

Data Retention

Account data is retained while your account is active. Request logs are retained for 90 days. Usage summaries are retained for 12 months. You can request deletion of your data at any time.

Your Rights

• Access: Request a copy of your data
• Deletion: Request deletion of your account and data
• Export: Download your usage data

Security

All data is encrypted in transit (TLS) and at rest (AWS encryption). API keys and secrets are stored in AWS Systems Manager Parameter Store with encryption. Authentication uses JWT tokens with 30-day expiry.

Contact

Privacy questions? Email privacy@hiro-labs.dev