Privacy Policy

Last updated: January 3, 2026

1. Introduction

Outchat ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Name (if provided)
  • Profile information from OAuth providers (Google, GitHub) if you choose to sign in with them

Usage Data

  • Conversation history and messages you send through the Service
  • AI model responses generated for you
  • Credit usage and transaction history
  • Feature usage patterns and preferences

Technical Data

  • IP address and approximate location
  • Browser type and version
  • Device information
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your conversations with AI models
  • Manage your account and subscription
  • Process payments through Stripe
  • Send service-related communications
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Sharing

We share your data with:

AI Model Providers

Your conversation inputs are sent to third-party AI providers (OpenAI, Anthropic, Google, xAI) to generate responses. These providers have their own privacy policies governing how they handle data.

Service Providers

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • OpenRouter: AI model routing

We do not sell your personal information to third parties.

5. Data Retention

We retain your conversation history for as long as your account is active. You can delete individual conversations at any time. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law.

Credit transaction records are retained for accounting and legal compliance purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure authentication through Supabase Auth
  • Regular security assessments
  • Access controls and audit logging

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data
  • Object to or restrict processing
  • Withdraw consent

To exercise these rights, contact us at [email protected].

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. You can configure your browser to reject cookies, but this may affect Service functionality.

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: [email protected]