Privacy Policy
Privacy Policy
Last updated: June 2026
1. Information We Collect
Automatically Collected
- API request logs (anonymized, retained for 30 days)
- Usage statistics (token counts, request timestamps)
Provided by You
- Email address (provided by Stripe for billing)
- API key usage data
What We Do NOT Collect
- Conversation content (not stored on our servers)
- IP addresses (beyond what is required for abuse prevention)
- Browser fingerprints
- Third-party tracking data
2. How We Use Your Information
- To provide and maintain the Service
- To process payments (via Stripe)
- To enforce rate limits
- To prevent abuse
3. Data Storage
- Data is stored in PostgreSQL (via Supabase)
- API keys are stored as hashed values
- Usage logs are retained for 30 days, then deleted
4. Third-Party Services
- Stripe: Payment processing. See Stripe’s Privacy Policy.
- Supabase: Database hosting. See Supabase’s Privacy Policy.
5. Data Security
We implement industry-standard security measures:
- TLS encryption for all API traffic
- Parameterized SQL queries (no injection vulnerabilities)
- Timing-safe secret comparison
- No hardcoded credentials
6. Your Rights
- Request deletion of your data
- Request a copy of your data
- Opt out of non-essential data collection
7. Changes to This Policy
We will notify you of any changes to this Privacy Policy via email or through the Service.
8. Contact
For privacy-related inquiries, contact privacy@cryptgpt.co.