Privacy Policy

Effective date: May 29, 2025

1. What We Collect

We collect only what we need to run the service:

  • Email address — used for account creation and login via Supabase Auth. We do not collect your name, phone number, or any other personal identifier unless you voluntarily provide it.
  • Conversation history — your questions and the AI's responses are stored in your account so you can revisit past conversations. You can delete any conversation at any time from within the app.
  • Usage data — we track how many messages you have sent in the current period in order to enforce daily limits. This is a simple message count, not content.
  • Log data — our servers automatically record request metadata (IP address, timestamp, HTTP method) for security monitoring and debugging. These logs are retained for up to 30 days.

2. How We Use Your Data

  • To authenticate you and maintain your account
  • To provide conversational AI responses to your queries
  • To enforce fair usage limits
  • To monitor for abuse, security incidents, and service health
  • To improve the service over time (in aggregate, not individually)

We do not sell your data. We do not use your conversations to train AI models. We do not share your personal information with advertisers.

3. Third-Party Services

Running Psychospace requires some trusted third-party infrastructure. Here is what each service sees:

  • Supabase — hosts our database and authentication. Your email address and conversation history are stored here. Supabase is SOC 2 Type II certified.
  • OpenRouter — routes your query to an AI language model for generation. Your query text is sent to OpenRouter. Their privacy policy applies to that data.
  • Tavily — powers live web search when we fetch current information to supplement an answer. Your query text may be sent to Tavily. Their privacy policy applies.
  • Vercel — hosts the frontend. They process request metadata as part of serving the application.
  • Railway — hosts the backend API. They process request metadata as part of running the server.

4. Data Storage and Security

Your data is stored in Supabase's infrastructure. We use row-level security (RLS) so that your conversations are only accessible to your own authenticated account — not to other users, and not to us through the standard application layer. Access to production data is restricted to essential engineering operations only.

5. Cookies and Tracking

Psychospace uses session cookies issued by Supabase Auth to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. There is no cross-site tracking.

6. Data Retention

Your account and conversations are retained as long as your account is active. If you delete a conversation, it is permanently removed from our database. If you delete your account, all associated data (conversations, messages, usage records) is deleted in accordance with our database cascade rules.

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Delete your conversations directly within the app
  • Request deletion of your entire account and all associated data
  • Receive a copy of your data (upon request)

To exercise any of these rights, email us at hello@psychospace.ai. We will respond within 30 days.

8. Children

Psychospace is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as the service evolves. We will update the effective date at the top when we make changes. Continued use of Psychospace after changes are posted constitutes acceptance of the updated policy.

10. Contact

Questions or concerns about your privacy? Email us at hello@psychospace.ai