← Back to VINDEX

Privacy Policy

Last updated: June 26, 2026

1. Who We Are

VINDEX is operated by Allocera Intelligence LLC, a Florida limited liability company founded by Nicholas G. Baum. This privacy policy explains how we collect, use, and protect your data when you use VINDEX.

2. What Data We Collect

• Account information: Email address and hashed password (via Supabase Auth).
• Conversation content: Messages you send to VINDEX and the AI-generated responses. Stored in our database to provide the service (memory, conversation history).
• Usage data: Number of messages sent, tokens consumed, models used, response times. Used for billing, rate limiting, and service improvement.
• Payment information: Processed by Stripe. We do not store credit card numbers. Stripe handles all payment data under their own privacy policy.
• Session data: Authentication tokens stored in your browser's localStorage. No tracking cookies.

3. How We Use Your Data

• To provide the service: Your messages are sent to AI providers (Anthropic, OpenAI, Google) to generate responses.
• To maintain conversation history: Messages are stored so you can continue conversations across sessions.
• To enforce usage limits: Message counts and token usage are tracked per account per billing cycle.
• To improve routing: Anonymized response quality scores help us optimize which AI model handles which type of task.
• To process payments: Your email is shared with Stripe for billing purposes.

4. Third-Party Data Sharing

Your prompts and messages are sent to these AI providers to generate responses:

• Anthropic (Claude) — processes text and code tasks. Their API data policy: not used for training, deleted within 30 days.
• OpenAI (GPT) — processes text, image, and audio tasks. Their API data policy: not used for training, retained up to 30 days for abuse monitoring.
• Google (Gemini) — processes text, video, and search tasks. Their paid tier data policy: not used for training.
• Stripe — processes payments. Receives your email and payment method. Subject to Stripe's privacy policy.
• Supabase — hosts our database. Stores account info and conversation data. Subject to Supabase's privacy policy.

We do not sell your data to third parties. Ever.

5. Data Retention

• Conversation data is stored until you delete your account.
• Usage logs (anonymized) are retained for billing and analytics.
• AI providers retain your prompts for up to 30 days per their policies, then delete them.

6. Your Rights

• Access: You can view your conversations and usage data in the app.
• Deletion: Request account and data deletion by emailing alloceraintelligence@gmail.com. We will delete your account and all associated data within 30 days.
• Portability: Contact us to request an export of your data.
• Correction: Update your email or password through the app settings.

7. Data Security

• All API communications encrypted via TLS (HTTPS).
• Database connections encrypted via SSL.
• API keys stored with SHA-256 hashing.
• Sensitive keys encrypted at rest with Fernet (AES) encryption.
• Row-Level Security (RLS) on database — users cannot access other users' data.

8. Cookies and Local Storage

VINDEX does not use tracking cookies. We use browser localStorage to store:

• Your authentication session token (cleared on logout).
• Your conversation history (scoped to your user ID).

No third-party analytics or tracking scripts are loaded.

9. Children's Privacy

VINDEX is not intended for users under 18 years of age. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this privacy policy at any time. Material changes will be communicated via email. Continued use of VINDEX after changes constitutes acceptance.

11. Contact

For privacy questions, data deletion requests, or concerns, contact: alloceraintelligence@gmail.com