AIAnchor logoAIAnchor

Legal

Privacy Policy

Last updated: May 2025

AIAnchor is operated by the owner of AIAnchor, referred to as "AIAnchor," "we," "us," or "our."

1. What we collect

We collect the minimum information needed to operate the Service:

  • Account data — your email address and hashed password, managed by Supabase Auth
  • Project content — project names, descriptions, memory entries, Build Path phases and checkpoints, and Memory Inbox items you create
  • Subscription data — your plan, billing status, and Stripe customer and subscription IDs
  • AI Tool Bridge metadata — token label, creation date, last used date, and a SHA-256 hash of the token. Raw tokens are shown once at creation and never stored.
  • Consent records — when you create an account, we record the date, terms version accepted, IP address, and browser information for legal compliance
  • Waitlist data — if you join the waitlist, we store your email, project description, AI tool preference, and willingness-to-pay response
  • Usage data — counts of projects and memories for plan limit enforcement
  • Technical and security logs — IP addresses, request metadata, browser and device information where available, error logs, and security events. Used for security, debugging, and fraud prevention.
  • Page view data — anonymized page view data via Vercel Analytics (pages visited, country, device type). No cookies are used for this and no personal data is stored.

We do not collect browser fingerprints, track cross-site behavior, or use advertising identifiers.

2. How we use your data

Your data is used solely to:

  • Authenticate and identify your account
  • Store and display your project memories and context exports
  • Enforce plan limits and process subscription payments
  • Send transactional emails (account confirmation, password reset)
  • Understand what users are building, to guide product improvements

We do not use your content to train AI models. We do not sell your data to third parties.

3. Third-party processors

We use the following sub-processors to operate the Service. Each processes only the data necessary for their function:

Supabase

Authentication, database storage, and row-level security for all user data. Hosted on AWS infrastructure.

Stripe

Payment processing and subscription management. Card numbers and payment details are handled entirely by Stripe and never touch our servers.

Resend

Transactional email delivery. Your email address and the content of confirmation or reset emails are processed by Resend.

Vercel

Application hosting, edge network, and analytics. Vercel processes request logs and may store IP addresses in accordance with their privacy policy. Vercel Analytics collects anonymized page view data without cookies or personal data.

Cloudflare Turnstile

Bot protection on the waitlist form. Turnstile processes browser environment signals to distinguish humans from bots. No personal data is sold or used for advertising. Subject to Cloudflare's privacy policy.

4. External AI tools

AIAnchor exports your project context as text for you to copy into external AI tools such as Claude, ChatGPT, Cursor, Codex, Gemini, or others. When you paste AIAnchor-generated context into those tools, that content is processed under those tools' own terms of service and privacy policies. AIAnchor does not control external AI tools and is not responsible for how they handle the information you provide to them.

5. Data retention

Your account data is retained for as long as your account exists. To request account deletion, contact us at support@aianchor.dev. We will delete your project data, memories, and associated content within 30 days of your request.

Stripe retains billing records for the period required by financial regulations. Resend retains email logs per their own retention policy.

6. Security

We use row-level security (RLS) in our database to ensure users can only access their own data. Passwords are hashed by Supabase Auth and are never stored in plaintext. API tokens are stored as SHA-256 hashes — the raw token is shown once and never stored. All data is transmitted over HTTPS.

7. Your rights

You can:

  • Export your project context at any time from within the app
  • Delete individual memories or entire projects from the dashboard
  • Request full account deletion by contacting us

If you are located in the EU or UK, you have rights under GDPR/UK GDPR including:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Erasure — request deletion of your data
  • Portability — request an export of your data in a portable format
  • Objection or restriction — object to or restrict certain processing

To exercise any of these rights, contact us at support@aianchor.dev. We will respond within the timeframes required by applicable law.

8. Children's privacy

AIAnchor is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us and we will promptly delete it.

9. Cookies

We use a session cookie set by Supabase for authentication. We do not use advertising cookies or third-party tracking cookies.

10. Contact

For privacy questions or data requests, contact us at support@aianchor.dev.