Privacy Policy

This policy explains what information Aiphagy collects, why we collect it, and how we handle it. We've tried to write it in plain language. If anything is unclear, email us at admin@aiphagy.com.

Who we are

"Aiphagy", "we", "our", and "us" refer to the operators of aiphagy.com and the Aiphagy application at app.aiphagy.com. The service is currently in private beta.

What we collect

Account data. When you sign up, we collect your email address, a display name, and authentication identifiers from our auth provider (Clerk).

Workspace content. Anything you upload, generate, or configure inside the application — characters, templates, generated media, comments you ingest into the Vector Memory — is stored on Cloudflare R2 and Postgres infrastructure that we control.

Billing data. Payment information is handled by Stripe. We never see or store your card details. We retain a Stripe customer ID and high-level subscription state.

BYOK API keys. If you provide a third-party API key for an AI generation provider, we store it encrypted at rest and use it only to make generation requests on your behalf.

Operational logs. We log basic request metadata (IP, timestamp, route, response status) for security and debugging. Logs are retained for up to 30 days.

What we don't collect

• We don't sell your data to third parties.
• We don't train AI models on your content.
• We don't run advertising or third-party trackers on the application.

Cookies & analytics

The marketing site at aiphagy.com uses Cloudflare Web Analytics, which is cookieless and aggregates traffic at the edge. No personal identifiers leave your browser.

The application at app.aiphagy.com uses authentication cookies set by Clerk to keep you signed in, and PostHog to record anonymized product events that help us improve the app. You can disable PostHog tracking in your account settings.

Where data lives

Workspace content is stored on Cloudflare R2 (object storage) and Neon Postgres. Both providers operate data centers in the European Union and United States. Access to production data is restricted to a small number of operators behind two-factor authentication.

Your rights

You can export or delete your workspace at any time from your account settings, or by emailing admin@aiphagy.com. If you're in the EU/UK, you have the rights granted by GDPR (access, rectification, erasure, portability). We honor those requests within 30 days.

Subprocessors

We use a small number of vetted third parties to operate the service:

• Cloudflare — DNS, CDN, R2 object storage, Pages
• Railway — backend hosting
• Neon — Postgres database
• Clerk — authentication
• Stripe — payment processing
• Resend — transactional email
• Sentry — error tracking
• PostHog — product analytics
• Third-party AI generation providers (only when you supply a BYOK key)

Changes to this policy

If we change this policy in a way that affects your rights, we'll notify you by email at least 14 days before the change takes effect.

Contact

Questions, requests, complaints — admin@aiphagy.com.