Privacy

What we collect

• Your email and password hash (so you can sign in).
• API keys you choose to add (Anthropic, GoHighLevel, X, etc.) — stored encrypted at rest using AES-256-GCM.
• The content you create or upload — drafts, transcripts, audio/video files, posts.
• Engagement data — feed items pulled on your behalf, actions you take on them.
• Basic usage logs — IP address (for rate limiting), timestamps, error reports.

What we DON'T do

• We do not sell your data.
• We do not train models on your content.
• We do not share your data with third parties except as needed to fulfil your requests (e.g. sending a draft to GoHighLevel when you click Post).
• We do not have access to your plaintext API keys after you save them — they are encrypted with a key only the server holds.

Third parties you connect

When you connect Anthropic, GoHighLevel, X, etc., your prompts and posts flow through those services on your behalf. Their privacy policies govern their handling.

Data retention

Your data stays in your workspace until you delete it. When you delete your account, all associated rows in our database are removed within minutes. Media files in your tenant folder are removed on the next nightly cleanup.

Your rights

You can export everything we hold on you as JSON from Settings → Danger zone → Export. You can delete your account from the same screen.

Contact

Questions or requests: tomas@choros.io