pAI-Alpha Privacy Policy (v1.2)

Updated 9 October 2025

pAI is based in Romania, European Union.

What we store on our servers

• A random user ID we generate for you.
• Google account identifier (provider_sub, a stable pseudonymous “sub” value) to link your sign-ins.
• Rate-limit counters and usage limits (request_count/limit, reasoning_request_count/limit), ad-boost counters (daily_boosts_used_tier1/2/3), and timestamps used to reset those counters.
• Refresh tokens (hashed) so you can stay signed in and rotate tokens securely. We do not store access tokens.
• We do not store your chat content in our database.

How chat content flows

Encrypted Mode (recommended): Your device encrypts messages with ECDH + AES-GCM. Our server decrypts them temporarily to run the model, does not log or store the text, then re-encrypts the reply back to your device. Cloudflare (our edge provider) sees only ciphertext and basic metadata (IP, time, size).

Plaintext Mode: Your messages are sent over TLS like any normal API call and are visible to our server in memory while processing and may be visible to Cloudflare in transit. We still do not log or store the text.

WARNING: If we are pressured by law or official authorities, we could enable our server to log data. Rest assured, previous chats aren't included because they are not stored only future chats could be logged. We also cannot assure total security of our servers, despite taking significant steps to protect them.

What third parties process

• Google Sign-In: used only to verify your account and issue our tokens. Google receives standard auth metadata.
• Google Mobile Ads (AdMob): if you watch ads for request boosts, Google may collect device identifiers, IP, coarse location, ad interactions and diagnostics per their policy.
• Cloudflare: protects our edge; sees IP address and request metadata. In Plaintext Mode it could see content; in Encrypted Mode it cannot.

Make sure to check each provider’s Privacy Policy if you have any concerns regarding your data handled by them.

On your device

If you enable “Save chat,” conversations are stored locally on your device. You can delete them in the app.

We store minimal app settings (model choice, temperature, system prompt, theme, etc.).

Uploading file feature

No file leaves your device. pAI automatically parses your file locally, on your device, extracting only the text and inputs in the chat prompt.

Thus, pAI doesn’t store a single file, and as with normal text, we don’t access it or store it.

Retention

• Refresh tokens (hashed) up to 30 days or until you sign out; rotated on refresh.
• Rate-limit/ad-boost counters reset roughly every 3 hours.
• No server-side storage of chat content.

Security

• TLS for all transport.
• End-to-end encryption option with ECDH (client ↔ server) to keep Cloudflare blind to message contents.
• We don’t sell personal data.