Information we collect
Account and contact data: name, email address, hashed password, optional avatar and the verification codes we send to confirm those addresses.
Billing data: prepaid balance, deposit and gift-card redemption history, and the payment-method-token identifiers returned by our payment processor. We do not store full credit-card numbers on our own infrastructure — those remain with the processor.
Platform usage: request timestamps, model and endpoint called, token / unit counts, latency, status code, the API key used and the originating IP address. Used for billing, rate-limiting, abuse detection and operational analytics.
AI Inputs and Outputs: the prompts you submit to the service and the model-generated responses we return. See "Inputs and Outputs" below for how these are handled.
Device and session signals: browser user-agent, language, login records and a session ticket stored in your browser's local or session storage. Operational logs from infrastructure components (load balancer, CDN, error reporting) may contain a subset of the above.
How we use information
We use collected information to provide the service, authenticate accounts, process transactions, monitor usage, prevent abuse, respond to support requests, improve reliability and comply with legal obligations. We may also use aggregated or de-identified information for analytics and platform planning.
Inputs and Outputs
We process the prompts you send and the responses we return only to operate the service: routing requests, billing tokens or units consumed, returning the result to you and storing the conversation history that you can view in the dashboard. We do not use your Inputs or Outputs to train foundation models.
Some requests are routed to third-party AI model providers (Anthropic, OpenAI, Google, etc.). Those providers may receive the prompt and metadata required to serve the request and may apply their own retention and abuse-monitoring policies to traffic they receive. We do not control those policies; review the relevant provider's terms before routing sensitive data through them.
Operational logs that include AI traffic are retained for a limited window (typically up to 90 days) for debugging, abuse investigation and billing reconciliation; aggregated, de-identified metrics may be retained longer.
Cookies and local storage
We use first-party local storage (and a small number of strictly-necessary cookies, where present) to keep you signed in across page reloads, remember which conversation you had open, and persist UI preferences. These do not contain any third-party advertising identifier. We do not run third-party advertising or cross-site tracking cookies. Clearing your browser storage signs you out.
Sharing and disclosure
We do not sell your personal information. We share information with service providers, payment processors, infrastructure partners and upstream model providers only as needed to operate the service, complete transactions, enforce platform rules or comply with applicable law.
Categories of sub-processors we currently rely on include: payment processors (e.g. Stripe) for card deposits and chargeback handling; cloud infrastructure (compute, database, object storage) for hosting; email delivery for verification codes and security notices; and AI model providers for the actual completion of routed requests. We will provide a more detailed sub-processor list on request to support@nicosoft.dev.
International data transfers
Information may be stored or processed in countries other than the one where you are located, including the country in which our operating entity or any of our sub-processors are based. Where required by applicable law, we use contractual or other lawful safeguards to provide a comparable level of protection to your data during such transfers.
Data retention and security
We retain information for as long as reasonably necessary to operate the service, maintain records, resolve disputes, enforce agreements and meet regulatory or operational requirements. Indicative retention windows: account profile data — for the life of your account; billing records — at least seven years for tax compliance; chat conversations and AI request logs — typically up to ninety days, longer if required for fraud investigation. We use reasonable administrative and technical safeguards, but no method of storage or transmission is completely secure.
Your rights
Depending on where you live, you may have the right to access, correct, export, restrict or delete personal data we hold about you, to object to certain processing, and to withdraw consent where processing relies on it. You can request any of these by contacting support@nicosoft.dev from the email address on file. We will verify your identity before acting and respond within a reasonable timeframe.
Certain information may still be retained where required for security, fraud prevention, tax records or other legitimate business needs even after a deletion request. You also have the right to lodge a complaint with the data-protection authority in your jurisdiction.
Children's privacy
The service is not directed to children under 13, and we do not knowingly collect personal information from anyone under that age. If you believe a child under 13 has provided us with personal information, please contact us so we can promptly delete it.
Data breach notification
If we become aware of a security incident affecting your personal information, we will notify you and any required regulator without undue delay, with the timing and content of the notice meeting the requirements of the law that applies to you.
Changes to this policy
We may revise this Privacy Policy from time to time. When changes are material, we will provide reasonable advance notice through the dashboard, the registered email on file, or both. The "Last updated" date at the top of this page reflects the most recent revision; continued use of the service after that date constitutes acceptance of the revised policy.
Contact
Questions about this Privacy Policy can be sent to support@nicosoft.dev.