Last reviewed: June 26, 2026
Privacy you can point to.
Each item below is a shipped feature in the product today, not an aspiration. The full detail and your rights are in the privacy policy linked at the bottom.
Encrypted at rest
Your analyses, your questions, and their titles are encrypted in our database with authenticated AES-256-GCM envelope encryption: each value is sealed with its own key, wrapped by a master key we hold outside the database. A stolen database dump or a leaked database credential reaches scrambled ciphertext, not your words.
Only you can reach your data
Every table that holds user data uses row-level security, enforced by the database itself. One user can never read or change another user's analyses, questions, tags, links, or preferences. This is enforced by Postgres on every query, not by application code that could have a bug.
Even we don't read it by default
Our internal support and review console blanks out your question, title, and content by default. Viewing real content takes a deliberate action that requires a reason and writes one permanent log entry: who looked, whose content, which field, and why. There is no exception for the founder; the founder's own reveals are logged the same way.
Delete means delete
Deleting your account is a true hard delete, scoped strictly to you. Your analyses, tags, preferences, feedback, your saved API key if you stored one, and the operational records tied to your account are all removed, with no soft flag, no tombstone, and no shadow copy.
Take your data with you
One action downloads a complete, machine-readable JSON file of everything you own: your analyses with their full content and sources, plus tags, links, and preferences. You can also export any single analysis as Markdown, Word, or PDF. Your library is portable, not locked in.
We keep only what's needed
Your library is yours until you delete it; we never expire your content on a timer. The operational metadata we use to run and secure the service is purged automatically on per-type windows, so it does not accumulate indefinitely.
Never used to train AI
We use Anthropic's commercial API; under Anthropic's commercial terms, the content we send is not used to train Anthropic's models and is deleted on Anthropic's standard retention schedule. We send only the question and analytical context, never your name or email.
Or bring your own key
Prefer your analyses to run under your own Anthropic account? Add your own API key in Settings. It is validated, encrypted at rest, never returned, never logged, and removable anytime. Your AI data relationship is then directly with Anthropic.
What this does not do.
Strong privacy claims are only worth making if the limits are stated just as plainly. We put them here, up front, not buried.
This is not end-to-end encryption.
To analyze your question, our backend and our AI provider must read it in ordinary, readable form. Encryption at rest protects your stored data from someone who steals the database or its credentials. It does not hide your content from the running service that performs the analysis for you.
Encryption at rest protects stored data, not the running system.
The keys that decrypt your content live in our backend so it can show you your library and run analyses. Someone who fully compromised the running backend could reach decrypted content. Encryption at rest defends against stolen data; the rest of our security posture defends against a compromised live system.
We comply with lawful legal requests.
If we receive a legally valid and binding request from law enforcement or a court, we will comply. Where the law permits, we will tell the affected user. We do not hand over more than the request compels, and we push back on requests that are overbroad or improper.
Zero data retention with the AI provider is not in place.
Anthropic processes your question under its commercial terms and deletes inputs and outputs on its standard schedule, but a stricter zero-data-retention arrangement is not in place today and is model-dependent. If you want full control, use your own key.
Read the source, not just the summary.
We would rather you check than take our word for it. The privacy policy spells out your rights and how to exercise them; the security pages describe the controls in technical detail; the subprocessor list names every vendor that touches your data.