Privacy PolicyPublished: March 29, 2026 · Last updated: April 22, 2026
This Privacy Policy describes how Alethe AI collects, uses, stores, and protects your personal data. By using the Service, you acknowledge that you have read and accepted this policy in its entirety.
1. Identity of the Data ControllerThe data controller responsible for processing your personal data is Eclipsco, the company operating the Alethe AI platform accessible at alethe.eclipxco.com (hereinafter "Alethe", "we", "us"). Alethe AI is a product of Eclipsco.For any questions relating to the processing of your personal data, you can contact us at: contact@eclipxco.com
2. Data We CollectWe collect only the data strictly necessary for the provision of the Service, based on the following categories:
2.1 Account Data (collected upon registration)
•Full name and email address, obtained via Google OAuth authentication
•Google profile picture (optional, displayed in your account interface)
•Unique Google identifier (Google Subject ID), used to link your Google account to your Alethe account
•Account creation date and last login date
2.2 Usage and Content Data
•Questions, prompts, and content you submit to the platform
•Complete debate history: exchanges between AI models, agreement scores, and final responses
•AI models selected, conversation mode chosen (Alethe, Friendly, Business, Health, Socratic, Debate, Custom), and debate settings
•Documents uploaded (PDF, DOCX, XLSX, TXT, etc.) — content extracted client-side and transmitted to models; files are not stored on Alethe servers
•Images uploaded (JPG, PNG, GIF, WEBP) — analyzed by Claude Vision to produce a text description; the original image is not stored on Alethe servers
•Voice transcriptions produced via the Deepgram service — audio is processed in real time and not stored
•Debates voluntarily published in the public Explorer section, including your display name as publisher
•Monthly usage quota and token consumption per debate session
2.3 Billing and Subscription Data
•Subscription plan held (Free, Pro, Ultra, Apex) and subscription dates
•Payment transaction identifiers (provided by Stripe or Moneroo — Alethe stores no banking or card data)
•Billing history and payment status
2.4 Technical, Analytics, and Navigation Data
•IP address and approximate geolocation (country level) for security and abuse prevention purposes
•Browser type, operating system version, and device type
•Server access logs (request timestamps, HTTP status codes, response times)
•Authentication session cookies (httpOnly, secure — see Section 8)
•Language preference (NEXT_LOCALE cookie)
•Behavioral analytics via PostHog: pages visited, buttons clicked, custom events (debate started, plan upgrade initiated, etc.), session recordings (all inputs masked), country of origin — used exclusively to improve the product (see Section 8)
3. Legal Bases for ProcessingEach processing activity is based on one of the following legal grounds:
•Performance of a contract: account management, provision of the debate service, quota management, billing — these are necessary for the execution of your subscription agreement with Alethe.
•Legitimate interests: security, fraud prevention, service improvement, technical logs analysis, abuse detection.
•Legal obligation: retention of billing data for accounting and tax purposes, response to lawful requests from competent authorities.
•Consent: publication of debates in the public Explorer section (voluntary action by the user, revocable at any time).
4. How We Use Your DataYour data is used exclusively for the following purposes:We do not use your data for advertising profiling, sale to third parties, or any purpose not described in this policy.
•Authenticating you and securely managing your user account
•Providing the multi-AI discussion service and all its features (Alethe, Friendly, Business, Health, Socratic, Debate, Custom modes)
•Managing your subscription plan, monthly quotas, and associated billing
•Personalizing your experience (language preferences, debate history, settings)
•Ensuring platform security, detecting and preventing fraudulent or abusive use
•Improving the Service, diagnosing technical errors, and monitoring performance
•Communicating with you about important Service updates, Terms changes, or security notifications
•Complying with our legal and regulatory obligations
5. Data Sharing with Third PartiesAlethe does not sell, rent, or exchange your personal data with third parties for commercial purposes. Your data may be shared only in the following strictly limited circumstances:
5.1 AI Model ProvidersTo generate debate responses, your questions and debate context are transmitted to the following AI model providers: OpenAI (GPT models), Anthropic (Claude models), Google (Gemini models), xAI (Grok models), and DeepSeek. Each provider processes this data in accordance with their own privacy policy and data processing agreements. We encourage you to consult their respective policies.
Important: the questions you submit are transmitted to these providers solely for the purpose of generating responses. They do not receive your account information (name, email) unless you include it explicitly in your question.
5.2 Payment ProcessorsSubscription payments are processed by Stripe or Moneroo (chosen at checkout), our third-party payment service providers. Both process your payment data (bank card, transaction details) directly and in full compliance with PCI DSS standards. Alethe receives only a transaction confirmation identifier — we store no banking data on our servers. Stripe also handles automatic subscription renewals via its recurring billing system.
5.3 Hosting InfrastructureOur platform is hosted on the following infrastructure providers: Vercel (Next.js frontend), Vultr VPS (Django backend and FastAPI debate engine), PostgreSQL database (co-located on Vultr VPS). These providers act as data processors on our behalf and are bound by data processing agreements ensuring the protection of your data.
5.4 Legal DisclosuresAlethe may disclose your data to competent authorities (law enforcement, courts, regulatory bodies) where required to do so by applicable law, court order, or to protect the rights, property, or safety of Alethe, its users, or the public. We will make reasonable efforts to notify you of such disclosures, where legally permitted.
6. Data RetentionWe retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:
•Account data (name, email, profile picture): retained for the duration of your account, then permanently deleted within 30 days of account deletion.
•Debate history — Free plan: rolling 24 hours. Debates are automatically purged beyond this window.
•Debate history — paid plans (Pro, Ultra, Apex): retained for the duration of the active subscription, then for 90 days after subscription expiry, then permanently deleted.
•Publicly shared debates: retained until you unpublish them or your account is deleted.
•Technical server logs: maximum 90 days, then automatically purged.
•Billing and payment data: 5 years from the date of the transaction, in compliance with applicable accounting and tax obligations.
•Usage quota counters: reset on the first of each month and not retained after reset.
7. Security MeasuresWe implement rigorous technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:No security system is infallible. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours, and affected users within the timeframes required by applicable regulations.
•All communications between your browser and our servers are encrypted via HTTPS/TLS (TLS 1.2 minimum)
•Authentication is managed via short-lived signed JWT tokens (Django JWT), renewed automatically
•The PostgreSQL database is hosted locally on our VPS (not publicly exposed), with restricted access
•Database access is limited to strictly necessary application services and is logged
•Server-side environment variables (API keys, secrets) are never exposed to the client
•Regular application security reviews focusing on OWASP Top 10 vulnerabilities (SQL injection, XSS, CSRF, etc.)
8. Cookies and Similar TechnologiesAlethe uses two categories of cookies: strictly necessary cookies for the operation of the Service, and analytics cookies via PostHog. We do not use advertising cookies, retargeting cookies, or profiling tools (no Google Analytics, no Meta Pixel).
8.1 Strictly Necessary CookiesThese cookies are essential for the platform to function. They cannot be disabled without preventing use of the Service.
•Authentication session cookie (authjs.session-token / __Secure-authjs.session-token): httpOnly and Secure flag, maintains your login session via NextAuth. Duration: session or up to 30 days.
•CSRF token cookie: protection against cross-site request forgery attacks. Session duration.
•Language preference cookie (NEXT_LOCALE): stores your language preference. Duration: 1 year. No personal data collected.
8.2 Analytics Cookies — PostHogWe use PostHog, a product analytics platform, to understand how users interact with the Service and improve it. PostHog collects:PostHog data is linked to your account if you are logged in (identified by email). Anonymous users are tracked by a pseudonymous session ID only. This data is used solely to improve the product and is never sold or shared for advertising purposes.PostHog is hosted in the US region. Data transfers comply with applicable international transfer mechanisms. You can consult PostHog's privacy policy at posthog.com/privacy.
•Pages visited, time spent, navigation paths
•Buttons and elements clicked (no form content captured)
•Custom events: debate started, plan upgrade initiated, debate completed, etc.
•Session recordings — all input fields are automatically masked; no typed content is captured
•Device type, browser, operating system, country (via IP — IP is not stored)
9. Your RightsUnder applicable data protection regulations (including GDPR for EU residents), you have the following rights regarding your personal data:To exercise any of these rights, contact us at contact@eclipxco.com with your full name, email address associated with your account, and a clear description of your request. We will respond within a maximum of 30 days. In complex cases, this period may be extended to 60 days with prior notification.If you believe that we have not adequately responded to your request, you have the right to lodge a complaint with the competent supervisory authority in your country of residence.
•Right of access: obtain confirmation that we process your data and receive a copy of all personal data we hold about you.
•Right to rectification: request correction of inaccurate or incomplete personal data.
•Right to erasure ("right to be forgotten"): request deletion of your personal data, subject to our legal retention obligations. You can also directly delete your account from the Settings section of the platform.
•Right to data portability: receive your personal data in a structured, commonly used, machine-readable format (JSON), and transmit it to another controller where technically feasible.
•Right to restriction of processing: request that we limit the processing of your data in certain circumstances.
•Right to object: object to the processing of your data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
•Right to withdraw consent: where processing is based on your consent (e.g., public sharing of debates), you may withdraw it at any time without affecting the lawfulness of prior processing.
10. International Data TransfersAlethe AI's infrastructure is primarily hosted on servers located in Europe (Vultr VPS). However, due to the nature of our service, certain data transfers to third countries may occur in the following cases:We encourage you to consult the privacy policies of the AI model providers to understand how they handle data transmitted to them.
•AI model providers: OpenAI, Anthropic, Google, xAI, and DeepSeek are companies headquartered in the United States. Your questions are therefore processed on servers potentially located in the United States or other countries. These transfers are carried out under standard contractual clauses or other appropriate safeguards recognized by applicable regulations.
•Vercel (frontend CDN): Vercel distributes static content globally via its CDN network. No personal user data is stored at CDN nodes.
11. Children's PrivacyThe Alethe AI Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it immediately.If you are a parent or guardian and believe that your child under 18 has provided us with personal data, please contact us at contact@eclipxco.com.
12. Changes to This PolicyWe may update this Privacy Policy at any time to reflect changes in our practices, applicable law, or our services. In the event of a material change, we will notify you in advance via in-app notification or email. The date of the most recent revision is always indicated at the top of this document.We encourage you to periodically review this policy to stay informed of how we protect your data. Continued use of the Service after a modified policy has been communicated constitutes acceptance of the revised policy.
13. ContactFor any questions, requests, or complaints regarding the protection of your personal data, you can contact us through the following channels:We commit to responding to all privacy-related requests within 30 days of receipt. To read our Terms of Service: Terms of Service
•Email: contact@eclipxco.com
•Website: eclipxco.com