tutle.ai

Privacy Policy

Last updated: September 30, 2025

🔒 Zero-Knowledge Guarantee

Tutle.ai operates with a zero-knowledge architecture. This means we fundamentally cannot access your conversation content because we never store it.

Your chats are processed in real-time and immediately discarded. Only usage metadata (message counts, token usage, timestamps) is stored for billing and quota management.

Data Flow Architecture

┌─────────────────────────────────────────────────────────────┐
│  YOUR BROWSER (Local Storage Only)                         │
│  • Chat history stored in IndexedDB                         │
│  • You control retention and deletion                       │
│  • Never synced to server                                   │
└────────────────────┬────────────────────────────────────────┘
                     │ HTTPS Request
                     │ (Your message)
                     ▼
┌─────────────────────────────────────────────────────────────┐
│  TUTLE.AI SERVER (Ephemeral Processing)                    │
│  • Validates auth & quotas                                  │
│  • Streams to AI provider                                   │
│  • Returns response immediately                             │
│  • NO CONTENT STORAGE                                       │
└────────────────────┬────────────────────────────────────────┘
                     │ Streams to
                     ▼
┌─────────────────────────────────────────────────────────────┐
│  AI PROVIDER (OpenAI with Data Retention Disabled)         │
│  • Processes with no-retain flags                           │
│  • Does not use for training                                │
│  • Returns tokens in real-time                              │
└─────────────────────────────────────────────────────────────┘
                     │ Streamed Response
                     ▼
                  Back to Your Browser

What We Store

✅ We DO Store:

Account Information: Clerk user ID, email, username, plan tier
Usage Metadata: Message counts, token counts, timestamps per billing period
Billing Records: Payment status, subscription history, plan changes
Audit Events: Login events, rate limit hits, quota exceeded events (no content)

❌ We DO NOT Store:

Chat Content: Your messages, prompts, or AI responses
Conversation History: No chat logs, archives, or backups
Session Data: No persistent session state beyond authentication
Content Logs: Server logs scrub all message content

Data Retention Policy

Chat Content: Immediately discarded after delivery (0 seconds retention)

Usage Metadata: Retained for current billing period + 90 days for billing disputes

Account Information: Retained while account is active + 30 days after deletion

Audit Events: Retained for 1 year for security and compliance

Local History: Under your control in browser storage; you can clear anytime with /clear command

Your Privacy Rights

Right to Access: View your usage data anytime with the /usage and /account commands

Right to Delete: Clear local history with /clear; delete account through Clerk settings

Right to Export: Export usage metadata via API (contact support)

Right to Opt-Out: Stop using service at any time; no chat content is retained anyway

GDPR & CCPA Compliance: We minimize data collection to only essential billing and usage information

Third-Party Services

Clerk (Authentication & Billing): Handles authentication, user management, and subscription billing

OpenAI (AI Provider): Processes chat requests with data retention disabled and no training flags enabled

Neon (Database): Stores only metadata (no chat content); encrypted at rest and in transit

Vercel (Hosting): Edge runtime for performance; standard access logs with content scrubbing

Security Measures

All connections use HTTPS/TLS encryption
Content Security Policy prevents XSS attacks
Rate limiting and quota enforcement prevent abuse
No content logging or monitoring of conversations
Regular security audits and dependency updates
Immediate garbage collection of processed content

Contact & Questions

If you have questions about our privacy practices or want to exercise your privacy rights:

Email: privacy@tutle.ai
View source code: github.com/tutle-ai (transparency by design)
Review audit logs: Type /account in the terminal

← Return to terminal