Back to home

Privacy Policy

Draft version: 2026-07-05

Beta draft — this document is still being finalized and has not been reviewed by counsel. Do not rely on it as final legal terms.

This policy covers the AI Hub web chat and API, operated by AI Hub (legal entity not yet chosen by the owner). It explains what we store, what we don't, and why — see also plan.md §2.2 and CLAUDE.md security rules for the technical backing of these commitments.

No-logs by default

No-logs by default: the content of your API requests and chat messages — prompts and model responses — is not stored on our servers by default. We do not use your prompts to train models.

Chat history

The web app's optional chat history is encrypted at rest (AES-256-GCM) and readable only in the context of your session — not by our support or admin staff. You can delete a conversation at any time; deletion is immediate, permanent, and cascades to all related records. It is not recoverable.

Third-party processors

To generate a response, the content of your request is sent to the model provider you selected (Anthropic, OpenAI, xAI, or DeepSeek) as a sub-processor, and is subject to that provider's own data-handling terms. We choose providers that state they do not use API traffic to train their models, but we do not control their infrastructure. [Lawyer: confirm sub-processor list and DPA status per provider before publishing.]

Billing metadata

What we do keep: account details (email, hashed password), which model you used, token counts, credit cost, request status, and timestamps — the metadata needed for billing, rate limiting, fraud prevention, and reconciling your balance. API keys are stored as a hash plus a short prefix for lookup; the full key is shown to you once, at creation.

Your rights

You can request a copy of your account metadata, delete your chat history, or close your account. Closing your account anonymizes your billing ledger (required for accounting/audit purposes) and hard-deletes your chat history. [Lawyer: confirm this satisfies GDPR/applicable regional rights before publishing; export tooling is not yet built.]

Contact

Privacy questions: support@ai.sherlife.net.