Privacy Policy

Last updated: [[LEGAL_UPDATED]]

This is a template — have it reviewed by legal counsel before launch.

This Privacy Policy explains how [[COMPANY_LEGAL_NAME]] (“we,” “us,” or “our”) handles information in connection with the AI WorkForce OS managed gateway and related online services. The desktop app is local-first: when you bring your own provider keys, your requests go directly from your machine to the provider you chose, and we are not involved.

What we collect

Account information. Your email address and name, which you provide when you create an account.
Authentication data. Credentials needed to sign you in securely — for example, a salted password hash (never your plaintext password) and any access tokens you generate for the gateway.
Usage metadata. For requests made through the managed gateway, we record metadata such as token counts, the model used, and timestamps. We use this to meter credits, show you your usage, prevent abuse, and operate the Service.
Billing information. Subscription and payment processing are handled by Stripe. We receive limited billing details (such as your plan, status, and the last digits of your card from Stripe) but we do not store your full payment card number.

What we do not do

We do not sell your personal data, and we do not use your content to train models.

By design, the gateway proxies your requests to the upstream model providers and stores only usage metadata about each request. Our usage records keep token counts and the model used — not the contents of your prompts, messages, or model responses. This is a deliberate design choice: we meter what we need to bill and operate the Service, and nothing more.

Cookies

We use only essential cookies — primarily the session cookie that keeps you signed in and secures your account. We do not use analytics or advertising cookies. See our Cookie Notice for details.

Third parties

We rely on a small number of service providers to operate the Service:

Stripe — payment processing and subscription management.
Our email provider — transactional email such as verification and account notifications.
Upstream model providers — Anthropic, OpenAI, Google, and OpenRouter, to which gateway requests are routed so they can generate responses. Your gateway requests are subject to those providers’ own terms and privacy practices.

Your rights

You are in control of your data. From your Account settings you can export your data and delete your account at any time — self-service, without contacting us. Deleting your account removes your account record and associated data, subject to limited retention described below. Depending on where you live, you may also have rights to access, correct, or restrict processing of your personal data; you can exercise these by contacting us.

Data retention

We keep account and usage metadata for as long as your account is active and as needed to provide the Service. We retain certain records — for example, billing and usage records — for as long as required to meet legal, accounting, and tax obligations, after which they are deleted or anonymized. When you delete your account, we remove or anonymize your data except where we are required to keep it.

International transfers

We and our service providers may process data in countries other than the one in which you live. Where data is transferred across borders, we rely on appropriate safeguards as required by applicable law to protect your information.

Contact

For privacy questions or requests, contact [[COMPANY_LEGAL_NAME]] at [[CONTACT_EMAIL]].