Privacy Policy

Version 1.0 — effective upon account creation.

1. What We Collect

• Account data: Email address, hashed password, subscription status
• Conversation data: Messages you send and AI responses, stored encrypted
• Usage data: IP addresses, browser type, API calls — for security and rate limiting

2. How We Use Your Data

• To provide and improve the service
• To authenticate you and protect your account
• To generate personalized AI responses using your conversation history
• To process payments via Stripe
• To comply with legal obligations

3. Data Security

Conversation content is encrypted at rest using AES-256-GCM with per-user derived keys. All data is transmitted over TLS 1.3. Row-level security ensures no user can access another's data.

4. Data Sharing

We do NOT sell your data. We share with: Anthropic (AI processing), Stripe (payments), Supabase (database hosting). We share with law enforcement only when legally required.

5. Your Rights (GDPR / CCPA)

You have the right to access, export, correct, and delete your data. Exercise these rights at Settings → Privacy or email privacy@yieldiq.io. We respond within 30 days.

6. Data Retention

Conversation data is retained while your account is active and deleted upon account deletion. Audit logs are retained 7 years for legal compliance.

7. Contact

privacy@yieldiq.io