Privacy Policy

Last updated: 2026-05-17 · Draft.

What we collect

Account data (email, name, hashed password or SSO subject), workspace metadata (name, slug), usage logs (timestamps, model tiers, token counts), and the content of conversations you create. We do not collect biometric data or location data.

What we don’t do

We don’t sell your data. We don’t use it to train third-party foundation models by default. We don’t share it with anyone except the sub-processors listed below to deliver the service.

Sub-processors

AI model providers (Anthropic, OpenAI, Google), infrastructure (Fly.io, Cloudflare R2, Neon Postgres), identity (WorkOS), payments (Stripe), email (Resend), observability (Sentry, PostHog, Axiom). A live list is maintained at /legal/subprocessors.

Your rights (GDPR / CCPA)

Request data export, correction, or deletion at any time via your account settings. We respond within 30 days. Account deletion purges all data within 30 days; backups roll off within 90.

Retention

Active accounts: data kept while the account exists. Logs: 90 days. Audit log events: 13 months.

Children

Not for use by anyone under 16.

Contact

privacy@rapidclaw.dev