Vol 01 · Issue A
← Home
02Privacy Policy

Last updated April 21, 2026

Privacy Policy.

What we collect, how we use it, and how to opt out.

§01

What we collect

  • Account data — name, email, auth identifiers. Managed by Clerk.
  • Chat content — messages and responses, session titles.
  • Billing data — Stripe customer/subscription IDs. We do not store card numbers.
  • Usage data — tokens, timestamps, model identifiers, estimated cost.
  • Research traces — anonymized interaction excerpts. Opt-out available.
  • Technical data — IP for rate limiting, user-agent, logs kept up to 30 days.
§02

How we use it

  • Operate the Service and respond to your requests.
  • Bill you (if applicable) and prevent abuse.
  • Study sycophancy, pragmatics, and epistemic state in large language models. Core research purpose of the project. You can opt out.
  • Comply with legal obligations.

We do not sell personal data. We do not use chat content to train our own models, nor share it with third-party model trainers.

§03

Third parties

  • Clerk — authentication.
  • Stripe — payment processing.
  • OpenRouter — routes requests to LLM providers; default is zero-retention where available.
  • Neon (Postgres, Frankfurt) — durable data.
  • Upstash (Redis) — rate limits and ephemeral caches.
  • Hetzner — application hosting.
§04

Research opt-out

Toggle research use from the chat header or Settings. When disabled, no new research records are stored.

§05

Your rights

Subject to your jurisdiction (GDPR, CCPA, etc.), you may:

  • Access, correct, delete your personal data
  • Export your chat history
  • Withdraw research consent
  • Object to automated processing

Email contact@suncostlabs.com from the address on your account.

§06

Data retention

  • Account + chat data: while account exists; deleted within 30 days of account deletion.
  • Usage records: up to 24 months.
  • Billing records: as required by tax law (≈7 years).
  • Request logs with IP: 30 days.
  • Research traces: indefinite in anonymized form unless you request deletion.
§07

Cookies

We use cookies set by Clerk for authentication. We do not use third-party advertising or tracking cookies.

§08

Security

TLS in transit, provider-level encryption at rest. No system is perfectly secure; we disclose material breaches per applicable law.

§09

Children

The Service is not directed to children under 13.

§10

Changes

Material changes will be announced in the product or by email. The “last updated” date reflects the current version.

§11

Contact

contact@suncostlabs.com

Starter document — review with counsel before relying on it for regulated operation.