Privacy Policy

1. Introduction

This Privacy Policy describes how Tinfoil, Inc. (‘we,‘ ‘our,‘ or ‘us‘) collects, uses, and shares information about users of our AI chat service.

2. Information We Collect

2.1. Account Information:

• Email addresses
• Names
• Other information provided during account creation through Google Sign-up

3. How We Use Information

We use the collected information to:

• Provide and maintain our AI chat service
• Notify you about changes to our Service
• Provide customer support
• Send you technical notices and updates

4. Data Security

We employ industry-standard security measures to protect your data and maintain the security of our service.

5. Information Sharing

We do not share your personal information with third parties except in the following limited circumstances:

• When required by law or valid legal process
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (with notice to users)
• With your explicit consent

6. Data Collection Methods

We only collect basic account information through our Google Sign-up integration when you create an account. We do not store, record, or have access to any of your chat conversations with our AI service.

7. Cookies and Analytics

We use essential cookies only for basic website functionality. No marketing or advertising cookies are used on our website.

7.1. Analytics

We use Plausible Analytics and Cloudflare Analytics to collect anonymous usage statistics that help us improve our service. These analytics services:

• Do not use cookies for tracking
• Do not store any personal information
• Are fully GDPR compliant (see Plausible's data policy)
• Only collect aggregated metrics such as page views, visit duration, and referral sources
• Do not track users across devices or websites

Plausible Analytics is privacy-focused, open-source software that helps us understand overall traffic patterns without compromising user privacy. All analytics data is anonymized and cannot be used to identify individual users.

8. Data Privacy and Confidential Computing

Our commitment to your privacy through confidential computing:

• All AI chat conversations are processed exclusively within secure confidential computing enclaves
• The technical architecture of our system makes it impossible for us to access your chat content
• Chat data is encrypted in transit and processed within secure enclaves that prevent access by any party, including our own staff
• All inference operations are performed within the secure enclave, and data is immediately discarded after processing
• We maintain zero access to your prompts or the AI-generated responses

8.1. Data We Can Access:

• Account information (email, name) from Google Sign-up
• Usage metrics (number of requests, timestamps)
• Billing and payment information
• Service configuration changes

8.2. Data We Cannot Access:

• Content of your prompts to the AI
• AI-generated responses
• Any data processed within the confidential computing enclave

9. Security Measures

We implement comprehensive security measures to protect your data:

• Confidential computing enclaves for all AI inference operations
• End-to-end encryption for data in transit
• Secure key management and rotation
• Regular security audits and penetration testing
• Access controls and authentication for all system components

9.1. Security Incident Response:

In the event of a security incident that affects your account data, we will:

• Notify affected users within 72 hours of discovery
• Provide details about the nature of the incident
• Outline steps taken to address the situation
• Offer guidance on any actions you should take

10. Data Processing and Storage

All AI inference operations are processed within confidential computing enclaves located in data centers within the United States. We maintain the following data processing principles:

• No persistent storage of chat data or inference results
• Immediate disposal of data after processing
• No transfer of sensitive data outside secure enclaves
• No logging or monitoring of chat content

10.1. Payment Processing:

For payment processing, we use Stripe, a secure third-party payment processor. When you make a payment:

• Your payment information is collected and processed directly by Stripe
• We never store your complete credit card information on our servers
• All payment data is encrypted and processed according to PCI DSS Level 1 standards
• Stripe's handling of your payment data is subject to their privacy policy

10.2. Compliance:

While our confidential computing architecture provides strong privacy guarantees, users are responsible for ensuring their use of the Service complies with any industry-specific regulations applicable to their business (such as HIPAA, FERPA, or similar regulations).

11. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your account
• Request information about how your data is used

To exercise these rights, please contact us at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for significant changes

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Tinfoil, Inc.
Email: [email protected]