Privacy Policy

Last updated: February 23, 2026

This Privacy Policy explains how cAIr ("we", "us", "our") collects, uses, and protects your information. It applies to the cAIr website, app, and related services. By using cAIr you agree to the practices below.

1. What we collect

• Account info: name, email, and Google account ID, received via Emergent Google Auth when you sign in.
• Conversations: your messages, agent replies, attached files/images, and metadata (timestamp, agent used, latency).
• Usage: pages viewed, agents clicked, anonymized visitor ID for cross-device attribution.
• Billing: when you purchase credits, Stripe processes your card. We never see or store your card number. We retain a record of the transaction (amount, package, status, Stripe IDs).

2. How we use it

• Run the service: route your queries to specialist agents, save your conversations, render your Year-in-cAIr retrospectives.
• Improve cAIr: aggregated analytics on agent usage (no PII shared externally).
• Communicate: optional email digests, gift recipient notifications, and end-of-year recap emails. Each email contains an opt-out link.
• Process payments: Stripe handles checkout; we record completion.

3. What we share

• Sub-processors: OpenAI / Anthropic / Google (LLM providers) process your message text to generate agent replies. Stripe processes payments. Resend delivers transactional email when enabled. Emergent Auth handles login.
• Public content: if you click "Share" on a conversation or retrospective, the shared link is publicly readable until you revoke it.
• We do not sell your data. We do not show ads.

4. Where data lives

cAIr stores conversations and account data in MongoDB. Uploaded files and large audio (podcast TTS) are stored in MongoDB GridFS. Hosting is provided by Emergent on a managed Kubernetes infrastructure.

5. Retention

• Conversations are retained while your account is active and for up to 12 months after you delete it (for backups + abuse review).
• Payment records are retained for 7 years per tax / accounting law.
• You can request deletion any time by emailing the address in §10.

6. Your rights (GDPR / CCPA)

You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email the address in §10. We will respond within 30 days.

7. Cookies + local storage

cAIr uses a small number of cookies and localStorage entries strictly for session continuity (login, visitor attribution, disclaimer acknowledgment). We do not use third-party advertising cookies.

8. Children

cAIr is not intended for users under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete the account.

9. Security

Sessions are bound to HTTP-only cookies + localStorage tokens. All traffic is HTTPS. Stripe handles card data in PCI-compliant infrastructure. No system is perfectly secure; report concerns to the email in §10.

10. Contact

Questions, deletion requests, or security reports: cairapp77@gmail.com.

11. Changes

We will post any change to this policy on this page and update the "Last updated" date. Material changes will be announced via in-app notice or email.