Privacy Policy
Last updated: April 26, 2026
Ideavory-ai is a non-commercial personal project currently in closed beta. This page explains what data we collect, why, and how you can control it. We do not process payments on this service today. The app may show planned paid tiers (for example Pro or Developer) for information only; you cannot buy them on the site until checkout is actually opened. We do not collect card or wallet data until then.
1. What we collect
| Data | Why | Stored where |
|---|---|---|
| Email address | Account identity and one-time login codes | Our application database |
| Password hash (if set) | To let you sign back in on another device | Our database, stored as a bcrypt hash (never the plain password) |
| Chat messages and uploaded images | To produce the action plan you requested | Our database (associated with your session) |
| Notes you save in the app | To sync them across your devices | Our database |
| Anonymous visitor ID (random) | Aggregate page-view counters only | Our database; not linked to your identity |
| IP address (transient) | Rate-limiting and abuse prevention | In-memory only, never persisted |
2. Analytics: what and why
We use light analytics to understand whether the service is used, which parts of the site are opened, and to spot abuse or load issues — not to run personalised advertising, sell profiles, or follow you across unrelated sites.
- First-party statistics (on our server). We store coarse counters and anonymous visitor IDs in our own database (for example page loads and how many distinct browsers we have seen) so we can show aggregate usage in the app and keep the service reliable. This is separate from the optional tools below.
- Umami (optional). When enabled, the site loads a small script from Umami (often via Umami Cloud). Umami helps us see page views, referrers, and aggregated technical context (for example device type and rough region) so we know if anyone finds the product useful. Umami is built for privacy (no ad network; typically no cookie consent banner for the same reason as with minimal analytics, depending on your jurisdiction). Details: Umami’s privacy information. You can use an ad/script blocker; core features of Ideavory-ai do not depend on Umami.
3. Third-party processors
- OpenAI — receives the text and images you send so the model can respond. OpenAI does not use API inputs to train its models. OpenAI Privacy
- Resend (email delivery provider) — delivers verification codes and account-related emails.
- Sentry (if enabled) — receives error stack traces and request metadata for debugging. Personal data is filtered out before sending.
- Render — our hosting provider; processes incoming traffic and operates the server running this site.
- Umami (if enabled) — see section 2. Page-view data is processed on Umami’s side under their terms.
We do not use third-party advertising or social “pixel” networks. If in-app purchase becomes available, A payment processor will be listed here if we add card checkout later, and this policy will be updated at least 14 days in advance before we start processing payment data.
4. Cookies and local storage
We do not use advertising or social-tracking cookies. Your browser stores a single session token in
localStorage (or sessionStorage) so you stay logged in. Notes are also kept locally so they load
instantly. If Umami is enabled, a small third-party script may load for analytics (see section 2); you can
block it in your browser without losing core functionality.
5. How long we keep data
- Account data: until you delete the account.
- Chat sessions: kept while your account is active. You can delete individual sessions or all sessions at any time from the app.
- Server logs: 30 days maximum.
6. Your rights
If you're in the EU, UK or a comparable jurisdiction, you can request:
- A copy of your data ("data portability").
- Correction of inaccurate data.
- Deletion of your account and all associated data.
- To opt out of any emails from us (we only send transactional emails by default).
Email taylerderdensigmakrytoy@gmail.com to exercise any right. We respond within 30 days.
7. Security
Passwords are stored using bcrypt. Sessions and API keys are random 256-bit tokens. Communication runs over HTTPS in production. No system is perfectly secure, but we follow industry-standard practices.
8. Children and minors
The Service is not designed for children under 13. If you are between 13 and 15 years old, you must have the consent of a parent or legal guardian before using the Service. We do not knowingly collect data from children under 13; if you believe we have, please contact us and we will delete it.
9. Changes to this policy
If we make material changes, we'll notify you in-app or by email at least 14 days before they take effect.
10. Contact
Privacy questions: taylerderdensigmakrytoy@gmail.com