How is my data protected?

EU servers, encryption, GDPR-compliant.

Database: Supabase (Postgres) in the EU region. All personal data stays inside EU borders.

Encryption: all traffic is TLS-encrypted. Passwords are hashed (bcrypt) — we never see them in plain text.

Row Level Security (RLS): every table in Supabase uses RLS rules. In practice: user A cannot read user B's data even if someone cracked a password or API key.

Anonymous users: when you use the app without signing in, saves and history go to your browser's localStorage. We have no identifier for you.

AI messages: when you chat with Claude, messages go to Anthropic's servers for processing. Anthropic does not store them for training (customer agreement).

Analytics: Vercel Analytics collects anonymized usage stats (page views, country-level data). No ads, no cross-site tracking, no third-party sharing.

Your GDPR rights: you can request a copy of your data or delete your account anytime (Profile → Account). Everything is deleted within 30 days.

Read more in the privacy policy.

Updated · 2026-07-12

Did this answer your question?

Contact us
How is my data protected? — Taival AI | Taival AI