Privacy Policy

Last updated: June 12, 2026

What we collect

• Account data — email, display name, and a bcrypt hash of your password (never the password itself).
• Billing data — handled by Stripe; we store only your Stripe customer reference, plan, and subscription status. Card numbers never touch our servers.
• Usage metering — per-request model name, token counts and cost, kept to enforce monthly allowances and show your dashboard.
• Device credentials — OAuth tokens for connected Clioloop devices, stored as SHA-256 hashes only.

What we don't collect

We do not store the content of your prompts, completions, web searches, or other tool traffic. Requests are proxied to the upstream provider and only the metering metadata above is retained.

Third parties

Your requests are forwarded to upstream providers as needed to serve them: OpenRouter (model inference), Firecrawl (web search), Browser Use (cloud browser), FAL (image/video), Stripe (payments) and Resend (transactional email). Each processes data under its own privacy policy.

Retention & deletion

Account and metering data is kept while your account exists. Email us to delete your account; backups expire within 14 days. Action tokens (verification/reset links) are single-use and expire automatically.

Where

Servers are located in the EU (Germany); transactional email is sent from an EU region. We use no advertising or analytics trackers — the only cookie is your login session.

Contact

Privacy requests: noreply@clioloop.com