Safety & Privacy
01 — Core Pillars of Privacy
Data Minimization
We only collect what is strictly necessary to provide the service.
Transparency
You should never have to guess how your data is being used.
User Control
Tools to export, delete, or restrict your data are built-in, not buried.
Security Excellence
Using industry-leading encryption and threat detection.
02 — Data Collection & Usage Logic
Understanding what happens behind the scenes is crucial. The table below categorizes the types of data we interact with.
| Data Category | Examples | Purpose | Retention Period |
|---|---|---|---|
| Identity Data | Email, Username, IP Address | Account security and session management. | Duration of account life. |
| Interaction Data | Prompts, Feedback, Settings | Improving model accuracy and personalization. | 18–24 months (de-identified). |
| Technical Data | Browser type, Latency logs | Troubleshooting and system optimization. | 30–90 days. |
| Sensitive Data | Financial info, Health (if provided) | Specifically encrypted; never used for training. | Immediate encryption / Short-term. |
03 — How We Protect Your Conversations
Encryption Standards
In Transit: All data is encrypted using TLS 1.2+ (Transport Layer Security) to prevent man-in-the-middle attacks.
At Rest: Data stored on our servers uses AES-256 encryption, the same standard used by banks and government agencies.
The Anonymization Pipeline
Before any data is used to improve our systems, it undergoes a scrubbing process. Personal identifiers are detected and redacted before data reaches the research database.
Example: If a user types, “My name is John Doe and I live in New York, help me with my taxes,” our safety filters identify and redact “John Doe” and “New York” before the data reaches the research database.
04 — Advanced Safety Measures
Automated Classifiers
These scan for Prohibited Content — hate speech, self-harm, or illegal acts — before any data is processed or stored.
Differential Privacy
A mathematical technique that adds “noise” to datasets. This allows us to learn patterns from a crowd without being able to identify a single individual.
P(M(D₁) ∈ O) ≤ eε · P(M(D₂) ∈ O)
The probability of an outcome O is nearly identical whether or not a specific individual’s data is included.
Red Teaming
We hire ethical hackers to try and “break” our privacy protocols to find vulnerabilities before bad actors do.
05 — Your Rights & Controls
Data Portability
You can request a full export of your interaction history at any time. We provide this in standard .json or .csv formats.
The “Forget Me” Option
Under GDPR and CCPA regulations, you have the Right to Erasure.
Individual Deletion: Delete specific chats.
Account Deletion: Permanently wipe all associated data from our active production databases within 30 days.
06 — Third-Party Sharing Policies
We do not sell your personal information to data brokers. Sharing only occurs in these specific scenarios:
Legal Compliance: When served with a valid legal warrant or subpoena.
Service Providers: Infrastructure partners (like cloud hosting) who are contractually bound to the same privacy standards.
Safety Emergency: To prevent imminent physical harm or threats to public safety.
07 — Enterprise & Corporate Data Governance
For professional environments, the “Safety” definition shifts from general privacy to Intellectual Property (IP) Protection and Compliance.
The Enterprise “Zero-Retention” Policy
No Training on Corporate Data: Unlike consumer versions, prompts and outputs from Enterprise accounts are never used to train the underlying models.
Workspace Isolation: Your data is siloed within your organization's instance. Information from "Company A" can never leak into the responses of "Company B."
Compliance & Certifications
| Standard | Description | Relevance |
|---|---|---|
| ISO/IEC 27001 | Information Security Management | Ensures systematic risk management. |
| SOC 2 Type II | Trust Services Criteria | Independent audit of security and confidentiality. |
| GDPR | General Data Protection Regulation | Protects the rights of EU-based employees and clients. |
| HIPAA | Health Insurance Portability | (Optional) Compliance for medical/healthcare professionals. |
08 — Educational Safety & Student Privacy
When tools are used in a classroom setting (K–12 or Higher Ed), we apply a specialized safety layer designed for minors and academic integrity.
Student Privacy Protections (COPPA & FERPA)
COPPA Compliance: We do not collect personal information from children under 13 without verifiable parental/school consent.
FERPA Alignment: Data is handled in accordance with the Family Educational Rights and Privacy Act, ensuring student records remain confidential and are only used for educational purposes.
Academic Integrity & Content Filtering
Strict Age-Appropriate Filtering: Our "Safety Classifiers" are tuned to a higher sensitivity for educational licenses, blocking adult content, extremist views, and age-inappropriate language.
Anti-Plagiarism Guardrails: While we assist in learning, we provide tools for educators to understand how AI is used in the writing process to maintain academic honesty.
Proactive Mentorship Tone: The AI is programmed to act as a tutor, not a shortcut, encouraging critical thinking by providing explanations rather than just final answers.
09 — Comparative Security Framework
How your data is treated based on the environment.
| Feature | Individual (Free/Pro) | Corporate (Enterprise) | Educational (School) |
|---|---|---|---|
| Model Training | Optional (Opt-out available) | Strictly Prohibited | Strictly Prohibited |
| Admin Controls | Self-managed | Centralized IT Dashboard | School/District Admin |
| Data Ownership | Shared/User | 100% Client Owned | Managed via FERPA |
| Safety Filters | Standard | Custom Professional | Maximum/Age-Strict |
Security Summary
End-to-End Encryption (Transit)
SOC2 Type II Compliance
Multi-Factor Authentication (MFA) Support
Regular Independent Security Audits
Pro Tip
For maximum privacy, avoid sharing sensitive Personally Identifiable Information (PII) like Social Security Numbers or credit card details directly in chat interfaces, even with high-level encryption.