Your Privacy,
Our Priority

When you use CloudGPT, we collect the following categories of information to provide and operate our Service:

• •Account Information: Email address, display name, and authentication data collected when you register (managed via Clerk)
• •Usage & API Data: API requests, model selection, token consumption, request metadata, response times, and error logs used for billing and service quality
• •Log & Technical Data: IP addresses, browser type, device identifiers, operating system, referral URLs, and timestamps of Service interactions collected automatically
• •Payment Information: Billing address and payment method metadata processed securely by Stripe. We never receive, see, or store your full card number or CVV.
• •Support Communications: Any messages, emails, or correspondence you send to our support or legal teams
• •Analytics Data: Optional product usage analytics collected via PostHog. This is opt-in and can be disabled at any time in your account Privacy Settings.

We use your personal data only for specific, legitimate purposes, and only to the extent necessary:

• •Processing your API requests and routing them to appropriate AI providers (contract performance)
• •Calculating usage, managing subscriptions, and processing billing (contract performance)
• •Sending transactional communications, including receipts, usage alerts, and security notifications (contract performance & legitimate interest)
• •Monitoring for abuse, fraud, policy violations, and security threats to protect users and infrastructure (legitimate interest)
• •Improving the reliability, performance, and features of the Service (legitimate interest)
• •Complying with legal obligations, court orders, and lawful requests from regulatory authorities (legal obligation)
• •Product analytics and feature improvement via PostHog, only where you have provided opt-in consent (consent)

We do not sell, rent, or trade your personal information to third parties. We do not use your data for targeted advertising or cross-context behavioral tracking.

We retain your personal data only as long as reasonably necessary for the purposes described in this policy or as required by law:

• •Account Data: Retained while your account is active, plus up to 90 days following a verified account deletion request to allow for dispute resolution and legal compliance
• •Billing & Financial Records: Retained for up to 7 years to satisfy financial reporting, tax, and legal obligations
• •API Request Logs: Retained on a rolling 30-day basis for operational and billing verification purposes, then automatically purged
• •Prompt Content: Not stored or logged after API request processing is complete, unless you have explicitly enabled a logging or conversation history feature in your account settings
• •Support Communications: Retained for up to 2 years to maintain service quality and continuity
• •Analytics Data: Retained in aggregated and anonymized form for up to 12 months after collection

We implement commercially reasonable and industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction:

• •All data in transit is encrypted using TLS 1.3 or higher
• •API keys are stored using one-way cryptographic hashing; full plaintext keys are never retained after initial creation
• •Access to production systems and personal data is restricted to authorized personnel via role-based access controls and multi-factor authentication
• •Security monitoring, audit logging, and anomaly detection are in continuous operation
• •Prompt content submitted via the API is not persisted after processing (unless logging is explicitly enabled by you)

No system is completely secure. While we work diligently to protect your data, we cannot guarantee absolute security. If you believe your account or data has been compromised, contact us immediately at fricker2025@gmail.com.

We use cookies and similar tracking technologies to operate and improve the Service. The following types of cookies may be used:

• •Strictly Necessary Cookies: Required for core functionality including authentication (Clerk), session management, and security. These cannot be disabled without impairing Service functionality.
• •Analytics Cookies (Optional): We use PostHog to collect anonymized product usage data to understand how features are used and to improve the Service. This is opt-in only. You may enable or disable this at any time in your account Privacy Settings.
• •No Advertising Cookies: We do not use third-party advertising networks, retargeting pixels, or behavioral tracking cookies for commercial advertising purposes.

You may manage cookie preferences through your browser settings at any time. Blocking essential cookies may prevent you from using the Service.

We share your data with the following trusted third-party service providers only to the extent necessary to provide the Service. These parties process data under their own privacy policies and applicable data processing agreements:

• •AI Providers (OpenAI, Anthropic, Google, and others): Your prompts and inputs are forwarded to these providers to generate responses. They process data under their own terms of service and privacy policies, which we encourage you to review.
• •Clerk: Provides authentication, identity management, and session security infrastructure. Your auth data is governed by Clerk's Privacy Policy.
• •Stripe: Processes all payment transactions under PCI-DSS Level 1 compliance. We never receive or store your full payment card details.
• •Supabase: Provides database infrastructure for storing account and usage data. Data is stored and protected within their secure cloud environment.
• •PostHog: Optional product analytics provider. Analytics data collection only occurs with your explicit opt-in consent and can be revoked at any time in your account settings.

We may also disclose your personal data when required to do so by law, court order, subpoena, or lawful governmental or regulatory authority, or where we believe disclosure is necessary to prevent fraud, protect our rights, or protect the safety of users.

CloudGPT is based in the United States. When you use our Service from outside the US, please be aware of the following:

• •Your personal data may be transferred to, stored on, and processed on servers located in the United States and in other countries where our third-party service providers operate
• •For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and other appropriate legal mechanisms, for cross-border data transfers
• •These countries may have data protection laws that differ from or provide less protection than the laws of your country of residence
• •By using the Service, you acknowledge and consent to the transfer, storage, and processing of your data in the United States and other applicable jurisdictions

Depending on your location, you have certain rights regarding your personal data. To exercise any right, contact us at fricker2025@gmail.com. We will respond within 30 days (extendable to 60 days for complex requests). We may verify your identity before processing requests.

• •Access: Request a copy of all personal data we hold about you
• •Deletion (Right to Erasure): Request permanent deletion of your account and associated personal data, subject to legal retention requirements
• •Portability: Receive your personal data in a structured, commonly used, machine-readable format
• •Correction (Rectification): Request correction of inaccurate or incomplete personal information
• •Restriction: Request that we restrict how we process your data under certain circumstances (GDPR)
• •Objection: Object to processing of your personal data based on our legitimate interests (GDPR)
• •Withdraw Consent: Where processing is based on consent (e.g., analytics), you may withdraw consent at any time without affecting the lawfulness of prior processing
• •CCPA Rights (California Residents): Right to know what personal information is collected, right to delete, right to correct, and right to opt out of the sale of personal information. We do not sell personal information.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

CloudGPT is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13 years of age.

• •You must be at least 13 years old to create a CloudGPT account; users between 13 and 18 require verifiable parental or legal guardian consent
• •If we discover that we have inadvertently collected personal data from a child under 13, we will take prompt steps to delete it from our records
• •If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at fricker2025@gmail.com

Questions or concerns about our privacy practices? We're here to help.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by sending an email to the address on file or by displaying a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of the Service following any update constitutes your acceptance of the revised policy.