← Back to AI·MS

Privacy Policy

Last updated: April 2026

1. Data We Collect

• Account data: Username, email, display name, language preference.
• Conversations: Messages you send and AI responses.
• Usage data: Number of messages, features used, login times.
• Memories: Facts you share with the AI (stored per-user).
• Files: Documents you upload.

2. How We Use Your Data

• To provide and improve the AI assistant service.
• To personalize responses using your memory and conversation history.
• To enforce subscription limits and rate limiting.
• To send password reset and verification emails.

3. Third-Party Services

• Google Gemini: Your messages are sent to Google's AI API for processing. Google's privacy policy applies.
• Ollama (fallback): When using the local AI, all data stays on our server.
• Resend: Used for sending emails. Email addresses are shared with Resend for delivery.

4. Data Storage

• Data is stored on our servers in Hetzner (Germany).
• Passwords are hashed with bcrypt and never stored in plain text.
• Database is backed up daily with 14-day retention.

5. Data Isolation

Each user's data is strictly isolated. Users cannot access other users' conversations, memories, or files. AI responses are generated using only the authenticated user's context.

6. Data Retention

• Account data: Retained until you delete your account.
• Conversations: Retained until you delete them.
• Memories: You can view and delete them at any time via the API.
• Audit logs: Retained for 90 days.

7. Your Rights

• Access your data via the API or UI.
• Delete conversations, memories, and uploaded files.
• Export your conversation history.
• Request account deletion by contacting support.

8. Security

• HTTPS encryption for all connections.
• MFA (two-factor authentication) available.
• Brute force protection on login.
• Rate limiting per user.
• Redis-backed session management.

9. Contact

For privacy concerns, contact privacy@tuwaiqorigins.xyz.