Privacy Policy
Your data, protected. Last updated January 30, 2026.
1. Information We Collect
We collect information necessary to provide and improve our Service:
Account Information
Email, name, organization details, and authentication credentials managed by Firebase.
Conversation Data
Messages exchanged through AI agents, including content, timestamps, and channel identifiers.
Documents & Content
Files you upload, their metadata, and derived content such as text extractions and embeddings.
Usage Data
Service usage patterns, API metrics, device information, and IP addresses for security purposes.
Integration Data
When you connect messaging channels (WhatsApp, Messenger, Telegram, Discord, Slack), we store encrypted OAuth tokens and channel configurations necessary for operation.
Payment Information
Payments are processed by Polar.sh. We do not store your credit card details directly—only transaction references and subscription status.
2. How We Use Your Information
We use collected information to:
- Provide and operate the Service, including AI query processing
- Deliver messages across your connected channels (WhatsApp, Messenger, etc.)
- Process payments and manage subscriptions
- Improve features, fix bugs, and ensure reliability
- Communicate service updates and respond to support requests
- Protect against fraud, abuse, and security threats
- Comply with applicable legal requirements
3. Information Sharing
We do not sell your personal information.
We share information only as follows:
- AI Providers: Queries and context are sent to AI providers (OpenAI, Anthropic, Google) to generate responses. These providers operate under agreements not to train models on customer data.
- Messaging Platforms: When you connect channels, message delivery requires sharing with WhatsApp/Meta, Telegram, Discord, or Slack as applicable.
- Service Providers: Infrastructure and payment providers bound by confidentiality obligations.
- Legal Requirements: When required by law, valid legal process, or to protect rights and safety.
- Business Transfers: In connection with any merger, acquisition, or asset sale, with notice to you.
4. Third-Party Services
Our Service integrates with third parties that have their own privacy policies:
- AI Processing: OpenAI, Anthropic, Google AI
- Messaging: WhatsApp Business (Meta), Facebook Messenger, Telegram, Discord, Slack
- Infrastructure: Firebase (authentication), MongoDB Atlas, Pinecone
- Payments: Polar.sh
Communication via WhatsApp is processed through the WhatsApp Business Cloud API. By using our WhatsApp integration, you acknowledge that messages are subject to WhatsApp's Privacy Policy and Business Policy.
5. Data Retention
We retain information as long as necessary to provide the Service and fulfill legal obligations:
- Account data: Retained while your account is active and for a reasonable period after closure
- Conversation data: Configurable by organization administrators
- Documents: Until deleted by you
- Billing records: As required by tax and accounting laws
Deleted data is removed from active systems promptly. Backup copies may persist for a limited period before automatic deletion.
6. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS) and at rest for sensitive data
- Role-based access controls
- Multi-tenant data isolation
- Regular security reviews
You are responsible for maintaining the security of your account credentials and managing user access within your organization.
Security issues: Report to security@cuneiform.chat
7. Your Privacy Rights
Subject to applicable law, you may:
- Access your data through the dashboard or upon request
- Export conversation and account data
- Delete documents, conversations, or request full account deletion
- Update your account information via profile settings
To exercise these rights, use the self-service features in your dashboard or email privacy@cuneiform.chat.
8. Regional Privacy Rights
California Residents (CCPA/CPRA)
California residents have additional rights including the right to know what personal information we collect, request deletion, and opt out of any "sale" of personal information. We do not sell personal information. Contact us at privacy@cuneiform.chat to exercise your rights.
European Economic Area (GDPR)
If you are in the EEA, you may have additional rights under GDPR including access, rectification, erasure, and data portability. Contact us to exercise these rights or if you require a Data Processing Agreement.
Other Jurisdictions
We respect privacy rights under applicable local laws. Contact us with questions about your specific rights.
9. International Data Transfers
Cuneiform Chat is operated from Bangladesh. Your information may be transferred to and processed in countries other than your own, including the United States, where our service providers operate. By using the Service, you consent to such transfers. We use appropriate safeguards for international transfers as required by applicable law.
10. Cookies & Tracking
We use cookies and similar technologies for:
- Essential: Authentication and core functionality
- Functional: Remembering your preferences
- Analytics: Understanding usage patterns
You can control cookies through your browser settings. Blocking essential cookies may affect Service functionality.
11. Children's Privacy
The Service is intended for business use and is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to have it removed.
12. Changes to This Policy
We may update this policy from time to time. For material changes, we will notify you via email or through the Service before they take effect. Your continued use after changes become effective constitutes acceptance. We encourage you to review this policy periodically.
13. Contact Us
Questions about this Privacy Policy or our practices? Reach out to us: