Privacy by design

• Your AI provider API keys (they live in your browser only)
• Your prompts to the AI agent (they go directly from your browser to the AI provider)
• Personally identifying information beyond what you voluntarily enter
• Cross-site tracking cookies. We don’t use them.

• Aggregate, anonymous request logs at the API layer (HTTP method, status code, latency) for capacity planning. No IP addresses are stored beyond 24 h.
• If you submit data to a calc endpoint, that data is processed in-memory and discarded. We don’t persist your inputs.
• If you generate a stamped PDF, the resulting hash is stored on our backend. Your inputs are stored encrypted with your tenant’s data-encryption key (which we cannot read without your action).

We use one cookie: a CSRF token for the API endpoints. No analytics, no advertising, no fingerprinting.

The frontend is served by Cloudflare (CDN). The API runs on a Hetzner VPS. AI calls go directly from your browser to the provider you configured (Anthropic, OpenAI, etc.).

Under GDPR / CCPA / equivalent: you can request deletion of any data we hold on you by writing to privacy@austenite.org. We’ll respond within 30 days.