Privacy Policy

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and other information you provide during registration
• Content: Datasets, documents, prompts, and other content you upload or create using the Service
• API Keys: Third-party API keys you provide (encrypted and stored securely)
• Payment Information: Billing address and payment method information (processed by third-party payment processors)
• Communications: Information you provide when contacting us for support or inquiries

Newsletter Subscription: By signing up for an account, signing in, or using ShinRAG, you agree to receive newsletters, marketing communications, product updates, and other promotional materials from us via email. We will use your email address to send you these communications. You may opt-out of receiving marketing emails at any time by using the unsubscribe link provided in our emails or by contacting us directly at nikola@shinrag.com. Please note that even if you opt-out of marketing communications, we may still send you service-related emails (e.g., account updates, security notifications, transaction confirmations).

We automatically collect certain information when you use the Service:

• Usage Data: Token usage, API calls, feature usage, and other metrics
• Log Data: IP address, browser type, device information, access times, and pages viewed
• Cookies and Tracking: Information collected through cookies and similar tracking technologies
• Error Reports: Technical information about errors or crashes

We use the following third-party services that may collect, process, or store your information:

• Vercel: Hosting and deployment services. Vercel may collect technical information, IP addresses, and usage data. See Vercel's privacy policy at vercel.com/legal/privacy-policy
• Railway: Infrastructure and cloud services. Railway may process server logs, IP addresses, and system metrics. See Railway's privacy policy at railway.app/legal/privacy
• Clerk: Authentication and user management. Clerk processes authentication data, user profiles, and session information. See Clerk's privacy policy at clerk.com/legal/privacy
• Lemon Squeezy: Payment processing and subscription management. Lemon Squeezy processes payment information, billing details, and transaction data. See Lemon Squeezy's privacy policy at lemonsqueezy.com/privacy
• Resend: Email delivery services. Resend processes email addresses and email content for delivery purposes. See Resend's privacy policy at resend.com/legal/privacy-policy
• OpenAI: AI model services and language processing. When you use platform-provided API keys or AI features, OpenAI may process your queries, prompts, and related data to generate responses. See OpenAI's privacy policy at openai.com/policies/privacy-policy
• Anthropic: AI model services and language processing. When you use platform-provided API keys or AI features, Anthropic may process your queries, prompts, and related data to generate responses. See Anthropic's privacy policy at anthropic.com/privacy

These third-party services have their own privacy policies and terms of service. By using our Service, you acknowledge that your information may be processed by these providers in accordance with their respective policies.

Important Note on AI Model Providers: When you use AI features through platform-provided API keys, your queries, prompts, and related content may be sent to OpenAI or Anthropic for processing. These providers may use your data to train their models unless you opt out through their respective privacy settings. If you use your own API keys, your data will be processed according to the terms and privacy policies of the AI provider you choose.

We use the collected information for the following purposes:

• To provide, maintain, and improve the Service
• To process transactions and manage your subscription
• To authenticate your identity and manage your account
• To enforce usage limits and subscription tiers
• To send you service-related notifications and updates
• To respond to your inquiries and provide customer support
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our Terms of Service
• To analyze usage patterns and improve our Service (using aggregated, anonymized data)
• To send you newsletters, marketing communications, product updates, and promotional materials (you may opt-out at any time)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal bases:

• Contract Performance: To fulfill our contract with you and provide the Service
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Consent: Where you have provided consent for specific processing activities
• Legal Obligations: To comply with applicable laws and regulations

We have entered into Data Processing Agreements (DPAs) with our third-party service providers (Vercel, Railway, Clerk, Lemon Squeezy, Resend, OpenAI, and Anthropic) to ensure they process your personal data in accordance with GDPR requirements and our instructions. These agreements require our service providers to implement appropriate technical and organizational measures to protect your personal data and to process it only for the purposes we specify.

We do not sell your personal information. We may share your information in the following circumstances:

5.1. Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Vercel: Cloud hosting, deployment, and content delivery services
• Railway: Infrastructure, database hosting, and backend services
• Clerk: Authentication, user management, and identity verification services
• Lemon Squeezy: Payment processing, subscription management, and billing services
• Resend: Email delivery and transactional email services
• OpenAI: AI model services and language processing capabilities
• Anthropic: AI model services and language processing capabilities
• Analytics and monitoring services
• Customer support tools

These providers are contractually obligated to protect your information and use it only for the purposes we specify. However, they may also process your information in accordance with their own privacy policies and terms of service, which you should review separately.

5.2. AI Model Providers

When you use platform-provided API keys or AI features, your queries, prompts, and data may be processed by third-party AI model providers, including OpenAI and Anthropic. These providers have their own privacy policies and terms of service. When you use your own API keys, your data will be processed according to the terms and privacy policies of the AI provider you choose (OpenAI, Anthropic, or others).

Data Processing by AI Providers: AI model providers may use your queries and prompts to train and improve their models unless you opt out through their respective privacy settings. We recommend reviewing the privacy policies of OpenAI and Anthropic to understand how they process your data, especially if you have concerns about data usage for model training.

5.3. Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Respond to valid legal requests

5.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of sensitive data in transit and at rest
• Secure storage of API keys using industry-standard encryption
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. Some information may remain in backup systems for a limited period.

Depending on your location, you may have the following rights regarding your personal information:

8.1. Access

You have the right to request access to your personal information and receive a copy of the data we hold about you.

8.2. Rectification

You have the right to request correction of inaccurate or incomplete personal information.

8.3. Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal information, subject to legal retention requirements.

8.4. Restriction of Processing

You have the right to request restriction of processing of your personal information in certain circumstances.

8.5. Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format.

8.6. Objection

You have the right to object to processing of your personal information based on legitimate interests.

8.7. Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

8.8. Opt-Out (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Limit Use of Sensitive Information: You have the right to limit the use of sensitive personal information

To exercise your CCPA/CPRA rights, please contact us using the information provided in Section 15.

To exercise these rights, please contact us at nikola@shinrag.com. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security.

Note: Some of these rights may be limited in certain circumstances, such as when we have a legal obligation to retain your information or when your request would affect the rights of others. We will inform you if we cannot fulfill your request and explain the reasons why.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically, our third-party service providers may process your data in various jurisdictions:

• Vercel: May process data in the United States and other jurisdictions
• Railway: May process data in the United States and other jurisdictions
• Clerk: May process data in the United States and other jurisdictions
• Lemon Squeezy: May process data in the United States, United Kingdom, and other jurisdictions
• Resend: May process data in the United States and other jurisdictions
• OpenAI: May process data in the United States and other jurisdictions
• Anthropic: May process data in the United States and other jurisdictions

When we transfer personal data from the EEA or UK to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your personal data receives an adequate level of protection. Our third-party service providers are also required to implement similar safeguards where applicable.

By using our Service, you consent to the transfer of your information to these countries and jurisdictions, subject to the safeguards described above.

We use cookies and similar tracking technologies to:

• Maintain your session and authenticate your identity
• Remember your preferences and settings
• Analyze usage patterns and improve the Service
• Provide security features

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service.

13.1. RIGHT TO MODIFY: We reserve the right, in our sole and absolute discretion, to modify, update, amend, change, or replace this Privacy Policy at any time, for any reason, with or without prior notice to you. This right includes, but is not limited to, the ability to change our data collection practices, data processing methods, third-party service providers, data retention policies, or any other aspect of this Privacy Policy.

13.2. NOTICE OF CHANGES: We will make reasonable efforts to notify you of material changes by posting the updated Privacy Policy on this page and updating the "Last updated" date. For significant changes that materially affect your rights or our data practices, we may also notify you by email or through the Service. However, we are not obligated to provide advance notice of all changes, and some changes may take effect immediately upon posting.

13.3. YOUR AGREEMENT TO CHANGES: By continuing to access or use the Service after any changes to this Privacy Policy are posted, you expressly agree to be bound by the modified Privacy Policy. If you do not agree to the modified Privacy Policy, you must immediately stop using the Service and terminate your account. Your continued use of the Service following any changes constitutes your acceptance of those changes and your agreement to be bound by the updated Privacy Policy, regardless of whether you have reviewed the changes.

13.4. YOUR RESPONSIBILITY: It is your sole responsibility to review this Privacy Policy periodically for any changes. We recommend checking this page regularly to stay informed of any updates. You acknowledge that you will not receive individual notice of every change to this Privacy Policy.

13.5. APPLICABILITY: Changes to this Privacy Policy will apply to all information collected before and after the effective date of the changes, unless otherwise stated. Changes will apply to all users, including those with active subscriptions, free accounts, or trial periods.

13.6. NO WAIVER: Our right to modify this Privacy Policy at any time is absolute and cannot be waived. Any attempt to limit or restrict this right is void and unenforceable.

13.7. HISTORICAL VERSIONS: We may, but are not required to, maintain historical versions of this Privacy Policy. If you wish to review a previous version, please contact us.