Privacy Policy

Last updated: 16 July 2026

This Privacy Policy explains how aggrai ("we", "us") collects, uses, and shares information when you use aggrai (the "Service"). By using the Service you agree to the practices described here.

1. Information we collect

We collect the following categories of data:

  • Account data: when you create an account, your email address and a securely hashed password (handled by our auth provider).
  • Questions and selections: the questions you ask, the AI models you choose, and the resulting responses.
  • Conversations & memory: if you're signed in and continue a comparison, we save the conversation thread — your follow-up questions and the answers — so you can return to it across devices. You can also set an optional memoryprofile (how you like answers written — length, tone, background, interests). If you switch on “Learn from my conversations” (off by default), we additionally store short facts aggrai infers from your chats. All of this is per-account and can be reviewed, edited or cleared in Settings → Memory.
  • Plan and billing: the tier you're on (Free, Pro, or Premium) and any related transactional records.
  • Technical & analytics data: only with your consent, a pseudonymous per-browser id, your IP address and coarse device/browser type — used to understand usage and catch errors. If you reject analytics we do not store these, and any IP address we do store (with consent) is erased within 90 days. Separately, we always process an approximate country from your connection to choose a language variant, under our legitimate interest (see “If you reject analytics” below).
  • Cookies & local storage: strictly-necessary cookies to keep you signed in and to remember your cookie choice, plus optional analytics — error monitoring and the pseudonymous usage identifiers above — that run only with your consent (see the table below). We do not use advertising or cross-site tracking cookies.
Cookie / storagePurposeCategory
sb-* (Supabase)Keeps you signed in.Strictly necessary
aggrai_consent_v1Remembers your cookie choice.Strictly necessary
Sentry (error monitoring)Reports crashes so we can fix them. Loads only after you Accept; manage it any time in Settings → Cookies & tracking.Analytics (optional)
aggrai_anon_id (local storage)A pseudonymous per-browser id so we can tell anonymous visitors apart. Written only after you Accept; removed if you Reject.Analytics (optional)
aggrai_session_id (session storage)Groups your activity within a single browser tab. Written only after you Accept; cleared when the tab closes or you Reject.Analytics (optional)

If you reject analytics, we switch off the items marked “optional” above and clear their identifiers. We still process what we genuinely need to run aggrai: your account (to sign you in and provide your history), the questions you ask and the models you run — with their token and cost accounting — and a coarse country to choose a language variant. Those records carry no per-visitor id, IP address or device profile, and we rely on our legitimate interest in operating and securing the Service (and, for account data, on performing our contract with you). Signing in is unaffected by this choice.

2. How we use it

  • To provide and operate the Service (routing your question to the models you selected, returning their answers).
  • To tailor answers when you continue a conversation, by including the memory preferences and any learned facts you have chosen to store (Settings → Memory) in the prompt sent to the model. Your first question in a thread is not personalised this way, and memory is never used to train models.
  • To enforce tier limits and prevent abuse.
  • To improve the Service — for example by caching responses to common questions so they load instantly for everyone, and by logging how our internal question classifier categorised your input so we can tune it over time.
  • To respond to support requests submitted via our contact form (stored with your name, email and message until we've replied).
  • To respond to support requests and security incidents.
  • To comply with legal obligations.

We do not sell your personal data and we do not use your personal questions to train our own models.

Note: your recent comparisons are also kept in your browser tab's session storage so you can switch between them instantly. That data never leaves your device and is cleared when you close the tab.

3. Third-party AI providers

When you submit a question, the question text and your model selection are forwarded to the third-party AI providers you chose, via the OpenRouter routing service. Each provider processes that question under its own privacy policy. Avoid submitting confidential or personally identifying information in your questions.

Current providers may include:

4. Service providers we use

We rely on a small number of trusted providers to run the Service. These providers process data on our behalf only as required to deliver their service:

  • Supabase — account authentication and database.
  • Vercel — application hosting and edge runtime.
  • Cloudflare — DNS and tunnel.
  • Sentry — error monitoring.
  • OpenRouter — AI model routing (see section 3).
  • Stripe — payments (when paid plans are enabled).

5. Caching of common questions

To keep the Service fast and affordable we cache the responses to common example questions and reuse them across users. Cached responses are not tied to your account and do not include any personal identifiers.

6. Data retention

  • Account data is retained for as long as your account is active. On account deletion it is removed within 30 days, except where we must retain it to comply with legal obligations.
  • Cached example responses are retained for up to 24 hours and refreshed periodically.
  • Saved conversations and your memory profile are retained until you delete the conversation, clear your memory, or delete your account. Both are included in your data export and erased when you delete your account.
  • Operational logs (errors, abuse signals) and any IP address stored with your consent are retained for up to 90 days, after which IP addresses are automatically erased.

7. Security

We use reasonable technical and organisational measures to protect your data: HTTPS in transit, password hashing via our auth provider, access controls, and regular updates. No system is perfectly secure; we cannot guarantee absolute security.

8. Your rights

Depending on your jurisdiction you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. You can download a copy of your data or permanently delete your account yourself at any time from Settings → Privacy & data. To exercise these rights another way, email privacy@aggrai.com. We may need to verify your identity before responding.

9. International transfers

Our infrastructure providers operate globally; your data may be transferred to and processed in countries other than your own, including the United States and the European Union. Where required, transfers rely on standard contractual clauses or equivalent safeguards.

10. Children

The Service is not intended for children under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced via the Service or by email; the "Last updated" date at the top of the page always reflects the current version.

12. Contact

Questions, requests, or complaints? Email privacy@aggrai.com.


This document is a starting draft and should be reviewed by qualified legal counsel before relying on it in production.