Back to appAI Dashboard

Privacy Policy

Last updated: February 27, 2026

1. Introduction

This Privacy Policy explains how AI Dashboard ("the Service"), operated by Buddiner ("we", "us", "our"), collects, uses, stores, and protects your personal information. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and display name. If you use social login (e.g., GitHub, Google), we receive your public profile information from the respective provider.

2.2 Chat and Conversation Data

We store your chat messages, conversation history, and AI-generated responses to provide the Service. This data is associated with your account and is accessible only to you.

2.3 Memories and Preferences

The Service may store persistent memories about your preferences, facts, and instructions that you share during conversations. These are used to personalize your experience across sessions.

2.4 API Keys

If you choose to provide API keys for third-party AI providers, they are encrypted using AES-256-GCM encryption before storage. Keys are never stored in plaintext and are decrypted only at the time of use to make API calls on your behalf. Each key is bound to your user ID as additional authenticated data (AAD).

2.5 Documents and Files

When you upload documents for the knowledge base (RAG), the file content is processed into text chunks and stored as vector embeddings. Original files are stored securely in cloud storage and are accessible only through your account.

2.6 Usage Data

We record token usage, model selection, and message counts for your analytics dashboard. This data is used solely to provide you with usage insights and is not shared externally.

3. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Service
  • Authenticate your identity and secure your account
  • Personalize your experience through stored memories
  • Display your usage analytics and estimated costs
  • Process your AI requests using your provided API keys
  • Improve the Service and fix bugs

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase with Row Level Security (RLS) policies ensuring that each user can only access their own data. Key security measures include:

  • AES-256-GCM encryption for API keys with per-user authenticated data
  • Row Level Security (RLS) policies on all database tables
  • Security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
  • HTTPS-only transport for all data in transit
  • Rate limiting on API endpoints to prevent abuse
  • Input validation and sanitization on all user-submitted data

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. Your data is shared only in the following limited circumstances:

  • AI providers: Your messages are sent to the AI provider you select (e.g., OpenAI, Anthropic) using your own API key. These providers have their own privacy policies.
  • Shared conversations: If you explicitly share a conversation via a share link, the conversation content becomes accessible to anyone with the link.
  • Legal requirements: We may disclose information if required by law or in response to valid legal requests.

6. Cookies and Authentication

The Service uses essential cookies for authentication session management (via Supabase Auth). We do not use tracking cookies, advertising cookies, or any third-party analytics services. The only cookies stored are those necessary for maintaining your authenticated session.

7. Your Rights

You have the right to:

  • Access your personal data through your account settings and conversation history
  • Delete your conversations, memories, API keys, and uploaded documents at any time
  • Correct your account information through your profile settings
  • Revoke API keys you have stored through the settings page
  • Request deletion of your account and all associated data by contacting us

8. Data Retention

Your data is retained for as long as your account is active. Deleted conversations, memories, and files are permanently removed from our systems. If you request account deletion, all associated data will be permanently removed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us via GitHub.

See also: Terms of Service