DRAFT — pending legal review. Placeholder text written by the engineering team. Will be replaced by lawyer-reviewed text before public launch.

Privacy Policy

Last updated: 2026-05-01 (draft)

1. What we collect

  • Account information. Username, email address, password (stored as a salted hash — we never see the plaintext), optional profile name, phone number, avatar.
  • Content you create. Chat messages, uploaded documents (PDFs, DOCX, spreadsheets), generated reports, presentations, and any forms you fill through the Service.
  • Operational data. Login timestamps, IP address (for rate limiting and abuse prevention), session identifiers, error reports.

2. How we use it

We process your data solely to provide the Service: respond to your chats, search your uploaded content, generate documents on your request, prevent abuse, and send transactional notifications (e.g. password reset). We do not sell your data, we do not use it to train AI models, and we do not show you ads.

3. Where it lives

  • Application database (PostgreSQL). Account info, chat history, document metadata. Sensitive fields (chat message contents, AI task descriptions, slide HTML) are encrypted at rest using application-level Fernet encryption.
  • Vector store (Chroma). Embeddings of your uploaded content used for semantic search. Scoped per user — your embeddings are never queryable by anyone else.
  • File storage. Uploaded files and generated documents, served only via authenticated, ownership-checked URLs.

4. Third-party processors

We share your data with the following processors strictly to provide the Service:

  • Google (Gemini API). Receives your chat messages and the contents of any document you ask the AI to process. Google processes this data under their API Terms and does not retain it for model training.
  • Vercel. Hosts the web frontend.
  • Sentry. Receives error events and breadcrumbs (no message content) for diagnostic purposes.

5. Your rights

Under GDPR and similar laws, you have the right to:

  • Access — download a copy of your data via the Profile page (data export feature).
  • Correct — update your account information at any time.
  • Delete — delete your account from the Profile page. This permanently removes your data, including chat history, uploaded documents, generated content, and embeddings.
  • Object / Restrict — email support@cherif-agriculture.slashai.ai for processing-restriction or objection requests.

6. Retention

We retain your data for as long as your account is active. When you delete your account, we permanently remove your content within 30 days. Backups containing your data are purged within 90 days. We may retain a minimal record of your account ID for legal compliance (e.g. responding to an abuse report).

7. Cookies

We use a single strictly-necessary cookie (auth_token) to keep you logged in. It is HttpOnly (not readable by JavaScript) and Secure (only sent over HTTPS). We do not use tracking, analytics, or advertising cookies.

8. Children

The Service is not directed to children under 16. If we learn we have collected data from a child under 16, we will delete it.

9. Contact

For privacy questions or to exercise any of your rights: privacy@cherif-agriculture.slashai.ai.