Privacy Policy

Last updated: 13 May 2026

1. What we collect

We collect: (a) account info you provide (email, name, business URL), (b) API keys you paste in (encrypted at rest with libsodium sealed boxes — never logged), (c) the questions you ask the council, (d) usage metrics (run count, model selection, token usage).

2. What we don't do

• We do not sell your data.
• We do not use your questions to train models.
• We do not log decrypted API keys — they exist only in process memory during run execution.
• We do not share your data with third parties except as required by the council pipeline itself (Gemini / Groq / OpenRouter / OpenAI / Anthropic — and only when YOU initiate a run).

3. Third parties involved in a run

When you trigger a council run, your question is sent to the AI providers you've configured. Their privacy policies apply to those API calls — typically: not used for training when accessed via paid API, varying retention windows (Anthropic 30 days, OpenAI 30 days, Google variable).

4. Cookies + analytics

We use first-party cookies for authentication (Supabase Auth session). We do not use third-party tracking cookies. We collect basic usage analytics (no PII, aggregated only).

5. Your rights

Export your full data anytime from /app/settings (run history + decisions). Delete your account anytime — deletion is permanent and immediate, including all encrypted API keys.

6. Contact

Email privacy@aicouncil.me for any data questions.

This is a draft policy pending legal review. AI Council is operated by 313 AI Agency (Jordan).