Effective Date: December 17, 2025 | Last Updated: December 17, 2025
Summary
- Cloud version: We store your data securely. You can export or delete anytime.
- BYOK: BYOK keys are encrypted at rest and used only to call providers on your behalf.
- BYOD preview: Own-database storage is not generally available yet; cloud accounts use managed storage.
- Self-hosted: You control everything. Nothing leaves your infrastructure.
What Data We Collect
Account Information
- Email address (for authentication)
- Name (optional, for personalization)
- OAuth connections (Google, GitHub if you use them)
Usage Data
- Conversations and messages (encrypted at rest)
- Notes, tasks, and projects you create
- Memory extractions (facts from conversations)
- Token usage and costs (for billing and transparency)
- Encrypted BYOK API keys if you enable BYOK
What We Don't Collect
- Browsing history or tracking cookies
- BYOD database contents while BYOD remains in preview
How We Use Your Data
- Provide the service: Store and sync your conversations
- Memory features: Extract and recall facts you've shared
- Cost tracking: Show you exactly what you're spending
- Improve the product: Aggregate, anonymous usage metrics
Third-Party Services
We use these services to operate blah.chat:
- Neon Postgres: Database (privacy policy)
- Clerk: Authentication (privacy policy)
- Vercel: Hosting and AI Gateway (privacy policy)
- AI Providers: OpenAI, Anthropic, Google, etc. (each has their own privacy policy)
Your Rights
- Export: Download all your data anytime
- Delete: Remove your account and all associated data
- Access: See exactly what data we have about you
- Portability: Get your data in machine-readable format
Data Retention
- Active accounts: Data kept as long as your account is active
- Deleted accounts: Data permanently deleted within 30 days
- Memories: Expire after 90 days by default (configurable)
Security
- All data encrypted in transit (TLS 1.3)
- All data encrypted at rest (AES-256)
- SOC 2 compliant infrastructure (Neon, Clerk, Vercel)
- No plaintext storage of sensitive data
GDPR Compliance
If you're in the EU, you have additional rights under GDPR. We comply with all requirements including data portability, right to erasure, and data processing agreements with our subprocessors.
Contact
Questions about privacy? Email us at blah.chat@bhekani.com
For self-hosted instances, see the full self-hosted privacy policy on GitHub.