Richard

Privacy Policy

Last updated: March 2026

1. What We Collect

  • Account information: email address, authentication provider
  • Profile information you provide during onboarding (age, income, role, risk posture, goals)
  • Conversation content: messages you send and AI responses
  • Usage data: message counts, token counts, timestamps
  • Billing data: managed through Stripe; we do not store card numbers
  • Support submissions via the Contact form

2. How We Use Your Data

  • To provide and operate the Service
  • To personalize AI responses using your profile
  • To enforce usage limits and process billing
  • To respond to support requests
  • To detect abuse and maintain security

3. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We share data only with:

  • Supabase — database and authentication (EU/US infrastructure)
  • OpenAI — AI response generation (your messages are sent to OpenAI's API)
  • Stripe — payment processing
  • Vercel — hosting and edge infrastructure
  • Resend — transactional email delivery
  • Upstash — rate limiting (IP addresses only, not conversation content)

4. Conversation Confidentiality

Your conversations are stored securely and are intended to be accessible only to you. We do not routinely review or monitor the content of user conversations.

Access to conversation data by authorized personnel may occur only when strictly necessary to: (a) maintain or improve the functionality, security, or reliability of the service; (b) investigate suspected abuse, fraud, or violations of our terms; or (c) comply with legal obligations or valid law enforcement requests. Such access is limited, logged, and restricted to authorized individuals with a legitimate operational purpose. We do not access conversations for marketing, advertising, or general browsing purposes.

Note: Messages you send are processed by OpenAI's API. OpenAI's own privacy policy applies to that processing. We use the API with settings that do not allow OpenAI to use your data for model training (API data is not used for training by default per OpenAI's policy).

5. Data Retention

We retain your data as long as your account is active. You may request deletion of your account and associated data by contacting us via the Contact form.

6. Security

We use industry-standard security measures including encrypted connections (TLS), row-level security on all database tables, and service-role key isolation. No system is 100% secure; use the Service accordingly.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. Depending on your jurisdiction, additional rights may apply.

8. Changes

We may update this Privacy Policy. Material changes will be communicated via email or prominent notice on the Service.

9. Contact

Privacy questions: Contact.