Privacy Policy

1. Data Controller

The data controller is Coetus.AI (also referred to as "we" or "the Service"), reachable at privacy@coetus.ai.

2. Data We Collect

We collect the following categories of personal data:

• Registration data: name, email address, password (encrypted), registration date.
• Usage data: prompts submitted, responses received, AI models used, token consumption, conversation history.
• Payment data: processed by Stripe. We do not store card data. We only receive payment confirmation and billing-related information.
• Technical data: IP address, browser type, language, timezone, access logs.

3. Purpose and Legal Basis

4. Retention

• Account and conversations: until account deletion, or 3 years from last activity.
• Payment logs: 10 years for tax compliance.
• Technical logs: 90 days.

5. Third Parties

• Supabase Inc. (USA) — authentication and database. Privacy Policy →
• Stripe Inc. (USA) — payment processing. Privacy Policy →
• Resend Inc. (USA) — transactional email. Privacy Policy →
• Anthropic PBC, OpenAI LLC, Google LLC, Mistral AI SAS — prompt processing via API. Prompts are transmitted to providers per their API terms. We do not use your data to train models.

All transfers to third countries (USA) are governed by GDPR-compliant safeguards (Standard Contractual Clauses or equivalent).

6. Your Rights

Under GDPR (Arts. 15–22) you have the right to access, rectify, erase, port, restrict, and object to the processing of your data, and to withdraw consent at any time. Contact us at privacy@coetus.ai.

7. Cookies

For detailed information on cookies and local storage, see our Cookie Policy.

8. Security

We implement appropriate technical and organisational measures including TLS encryption, password hashing, role-based access control, and access logging.

9. Changes

We may update this policy. For material changes we will notify you by email or via a notice on the site.