Privacy Policy

Our Core Privacy Promise

At TwistyChat, absolute privacy is mathematically built into the foundation of our application. All of your chats, documents, canvas nodes, and AI context are encrypted locally on your device using AES-GCM-256 via the WebCrypto API before they are synced to our servers.

This means TwistyChat's server administrators cannot read your chats under any circumstances. We hold zero decryption keys.

We absolutely do not sell any telemetry, user data, or behavioral profiles to third-party data brokers or advertisers.

What We Collect

To safely provide you with sync features and operate the business, we collect the bare minimum analytical and operational data:

• Authentication Info: Your email address and a mathematically salted hash of your password. For OAuth (Google), we only collect the email address provided by your provider.
• Encrypted Payload: Your canvas layout, chats, and uploaded raw text is kept as an encrypted binary blob in our Cloudflare KV systems. We cannot decrypt it.
• Usage Thresholds: We collect and store numerical API credit allocations (e.g. `$2.40 / $7.00`) based on the length of inference text you forward to Ultra models.
• Payment Logic: If you upgrade to a paid tier (Pro or Ultra), we process transaction metadata via Stripe. We do not store your credit card numbers on TwistyChat servers.

What We DO NOT Collect

The following practices are permanently blocked from our platform's operations:

• No Plaintext Contexts: We do not log or store you or the AI assistant's human-readable prompts/responses, except transiently in computer RAM for exactly the duration needed to proxy the prompt to the backend AI model (for $10 Ultra Tier users).
• No Advertising Trackers: We do not include Facebook Pixels, massive third-party analytics (e.g. Google Analytics), or behavioral trackers anywhere on the canvas workspace.
• No Third-Party Selling: Under absolutely no circumstances will any piece of your email, billing, or technical telemetry be packaged or sold to marketers.

Our Service Providers

We integrate with a small ring of trusted providers to support infrastructure operations. In our $10 Ultra Tier, your decrypted prompt is sent dynamically over TLS transit exclusively to top-tier LLM inference providers like Together AI, Cerebras, or OpenRouter for token generation. These external endpoints process the inferences in real-time, but per their respective API agreements, do not train their foundational LLMs on user prompts.

Our global content delivery, domain DNS, and Durable Object ledgers are secured completely by the Cloudflare Edge computing network.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

hello@twistychat.com