Privacy Policy
Last updated: March 15, 2025
This Privacy Policy describes how AssistAI ("we", "us", or "our") collects, uses, and protects information when you use our AI assistant platform. We take your privacy seriously and are committed to transparency about our data practices.
1. Information We Collect
Account information: When you register, we collect your email address, name, and password (stored as a secure hash).
Conversation data: Messages you send to AI assistants and responses generated are stored to provide conversation history and improve your experience.
Uploaded files: Documents you upload to the knowledge base (PDF, DOCX, TXT, MD) are stored and processed to enable AI-powered responses.
Usage data: We collect anonymized data about how you use the platform, including API call counts, token usage, and feature interactions.
Technical data: IP addresses, browser type, and access logs collected automatically for security and performance purposes.
2. How We Use Your Information
We use collected information to:
- Provide and operate the AI assistant platform
- Process your messages through AI language models
- Maintain conversation history and knowledge bases
- Calculate usage metrics and enforce plan limits
- Send transactional emails (account verification, billing)
- Improve platform security and performance
- Comply with legal obligations
3. AI Processing & Third-Party Providers
To generate AI responses, your messages are sent to third-party AI providers. Depending on your configuration, this may include:
- Google AI (Gemini) — messages are processed under Google's API Terms of Service. Google does not use API data for training.
- OpenRouter — acts as a routing layer and passes requests to underlying providers (Google, Anthropic, OpenAI). Content is not stored by OpenRouter.
- Anthropic (Claude) — if enabled, subject to Anthropic's usage policies.
- OpenAI (GPT-4o) — if enabled, subject to OpenAI's usage policies.
Important: AI providers receive message content to generate responses. Do not share sensitive personal data (passwords, payment card numbers, government IDs) in conversations.
4. Data Storage & Security
Your data is stored using Supabase, a SOC 2 Type II certified database platform with:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Row-Level Security (RLS) — users can only access their own data
- Automated backups
- Infrastructure hosted in EU/US data centers
Files uploaded to the knowledge base are stored in Supabase Storage with access restricted to the account owner.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes.
We share data only with:
- Service providers necessary to operate the platform (Supabase, Vercel, AI providers listed above)
- Law enforcement when required by law or to protect the rights and safety of users
6. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Conversations and messages are deleted within 30 days
- Uploaded files are deleted from storage immediately
- Anonymized usage statistics may be retained for up to 2 years
- Billing records are retained as required by applicable law (typically 7 years)
7. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Objection — object to processing of your data
- Restriction — request limitation of data processing
To exercise any of these rights, contact us at support@ai-assist-xi.vercel.app.
8. Cookies
We use essential cookies only — for authentication session management. We do not use tracking or advertising cookies.
9. Children's Privacy
Our platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. Continued use after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions or requests:
AssistAI