Last updated: May 15, 2026
The Service collects information strictly necessary for its operation: (a) registration data (email address, hashed password); (b) session data (temporary tokens, authentication cookies); (c) conversation history stored in an encrypted database; (d) usage metadata (models used, timestamps, usage counters). We do not collect biometric information, precise location data, or sensitive data as defined by data protection regulations.
Collected information is used exclusively to: (a) provide and maintain the Service; (b) authenticate users; (c) maintain user conversation history; (d) improve Service quality; (e) comply with legal obligations. We do not sell, rent, or share personal information with third parties for marketing purposes.
Data is stored on servers with encryption in transit (TLS) and at rest. Passwords are stored hashed with bcrypt. Sessions use cryptographically secure tokens with automatic expiration. We implement reasonable security measures to protect data, although no system is completely secure.
User queries are processed by third-party artificial intelligence models (AI infrastructure providers). These queries are transmitted to said providers to generate responses. Model providers have their own privacy and data retention policies. We do not guarantee that model providers will not retain or process data in accordance with their own terms.
Conversation data is retained while the user's account is active. Deleted conversations are marked as "soft delete" and retained for a period of 90 days before permanent deletion, for legal compliance and recovery upon legitimate requests. Session data expires automatically according to configured periods (TTL).
The user has the right to: (a) access their personal data; (b) request correction of inaccurate data; (c) request deletion of their account and associated data; (d) export their data in machine-readable format; (e) withdraw consent at any time. To exercise these rights, contact: privacy@viciousbyte.com
The Service uses strictly necessary session cookies for authentication and service operation. We do not use tracking cookies, third-party analytics, or fingerprinting technologies. Session cookies are deleted upon logout or expiration.
Data may be processed on servers located in different jurisdictions. By using the Service, the user consents to the transfer of data to jurisdictions that may have different levels of data protection. We take reasonable measures to protect data regardless of jurisdiction.
The Service is not directed to individuals under 18 years of age. We do not intentionally collect information from minors. If a parent or guardian discovers that a minor has provided personal information, they should contact us for immediate deletion.
We reserve the right to modify this Privacy Policy at any time. Changes will be posted on this page with the update date. Continued use of the Service after publication of changes constitutes acceptance of the modified policy.
For privacy and data protection inquiries: privacy@viciousbyte.com