Privacy Policy
Last updated: 2026-07-07
Plain Language: This is written in plain language on purpose. It's the real policy, not a summary of a hidden one. We don't collect more data than we show here, and we don't sell personal data.
1. What We Collect
Account Information
When you sign up:
- Email address (required)
- Name (optional)
- Password (hashed — we don't store the plain text)
Usage Events
We collect events like:
- Pages you visit
- Articles you read
- Buttons you click
- Time spent on the platform
- Device type and browser
AI Playground Inputs & Outputs
When you use the AI playground:
- We send your prompt to the LLM provider (Fireworks, OpenRouter, or your own API key)
- The LLM processes it and returns an output
- We don't permanently store your inputs/outputs by default, but providers may (per their policies)
- If you save a conversation, we store it in your account
User-Generated Content
Recipes, outcome stories, and comments you publish are stored and displayed publicly (or privately, if you mark them as private).
BYOK API Keys
If you provide your own API keys (for OpenAI, Anthropic, etc.), we store them encrypted in your account. The plaintext key is never logged or shared.
2. Why We Collect It
- To provide the service: Email and account data let you log in and use the platform
- To improve the platform: Usage events help us see which features are popular and where people get stuck
- To personalize your experience: We use your activity to recommend content and features that might interest you
- To track and measure: Analytics help us understand how the platform is used
- To comply with law: We may need to retain data for legal or regulatory reasons
3. How Long We Keep It
- Account data: As long as your account exists, plus 30 days after deletion
- Usage events: 90 days by default (older data is aggregated and anonymized)
- Saved conversations: As long as you keep them
- Published content: As long as you keep it published
- Deleted content: Permanent deletion happens within 30 days (but backups may persist longer)
5. Your Rights (DPDP & GDPR)
Digital Personal Data Protection (DPDP) Act — India
If you're in India, you have the right to:
- Access: Request a copy of your personal data
- Correction: Request that we fix inaccurate data
- Deletion: Request permanent deletion of your account and data
Visit /me/export to download your data or /me/delete to request deletion.
General Data Protection Regulation (GDPR) — EU
If you're in the EU, you have additional rights:
- Right to access, correct, delete (same as DPDP)
- Right to restrict processing — we won't use your data for profiling
- Right to data portability — export in a standard format
- Right to object — opt out of marketing emails anytime
Use /me/export or contact us at [email protected] to exercise these rights.
7. We Don't Sell Data
We never sell, trade, or rent your personal data. Period. Our business model is based on building great products, not monetizing user data.
8. Contact Us
For privacy questions or to exercise your rights:
- Email: [email protected]
- Use the export/delete endpoints:
/me/exportor/me/delete
We'll respond within 30 days.
Changes to This Policy
We may update this policy. We'll notify you of significant changes via email or through the platform. Your continued use means you accept the updates.