Privacy Policy
Valid from: June 2026
1. Principles
LogicBasis processes only the data strictly required for system operation, access management, billing, security, and user‑requested functionality.
The following applies:
- no data is shared for advertising
- no data is sold
- no behavioural profiling
- no use of data for model training
2. Data Categories
2.1 Account Data
- email address
- authentication identifiers
- account status (Supabase Auth)
2.2 User Content
- Room: user‑generated messages, session state, conversation history
- Market: usage and billing metadata only (no content or text storage)
2.3 Technical Data
- IP address
- device and browser information
- timestamps
- technical access and request logs
2.4 Billing Data
Processed exclusively through Stripe. LogicBasis stores only:
- payment status
- subscription status
- transaction references
No raw payment data is stored.
2.5 Security Data
- hashed API keys
- access tokens
- rate‑limit identifiers
- abuse‑prevention and integrity signals
3. Processing in Subsystems
Room
Room stores conversation history and session state to enable continuous use. Data is isolated per user (Row‑Level Security). No external analysis, no training, no profiling.
Market
Market processes only:
- account metadata
- usage counters
- credit balances
- billing information
Market does not store text inputs, model outputs or conversation history. Temporary processing occurs only for execution, security or diagnostics. All payments are handled entirely through Stripe.
4. Purpose of Processing
- service delivery and system operation
- authentication and access control
- billing and subscription management
- system integrity, monitoring and abuse prevention
- security and fraud detection
No additional purposes are pursued.
5. Third‑Party Services & Subprocessors
LogicBasis uses the following service providers:
- Supabase — authentication, database, row‑level security
- Stripe — payment processing and billing
- Vercel — hosting and infrastructure
- OpenAI — processing of text inputs for response generation
OpenAI processes inputs only for real‑time response generation. Inputs are not used for training or model improvement.
Data may be processed outside Switzerland (EU, USA). Protection is ensured through Standard Contractual Clauses and established compliance frameworks.
6. API Security
- API keys are stored only in hashed form
- keys are bound to user accounts
- validation occurs server‑side
- abuse protection, rate‑limits and integrity checks are active
- no sensitive keys or secrets are exposed to clients
7. Storage & Retention
Storage Rules
- account data: retained until account deletion
- Room data: retained until user deletion or account termination
- billing data: retained according to legal and accounting obligations
- API keys: stored only in hashed form
- technical logs: retained for a maximum of 30 days (unless required for security cases)
Deletion
Users may request deletion at any time. Legal retention obligations remain unaffected.
8. Data Disclosure
Data is shared only with essential service providers required to operate LogicBasis systems.
No data is shared for advertising. No data is shared without a legal basis.
9. User Rights
- access their data
- request correction
- request deletion
- request data export
Requests may be sent to: contact@logicbasis.ch