Seven specific commitments. Not vague promises.
The text you paste lives only in memory during extraction. It is never written to disk, never logged, never saved to our database.
Our server logs strip conversation text automatically. Error reports also exclude request bodies from the extraction endpoint.
Names, phone numbers, addresses, and notes are encrypted with AES-256-GCM before they touch the database. Decryption is audit-logged.
Credit card numbers, SSN/SIN, and passport numbers are stripped from the text before it reaches the AI provider.
We use Anthropic Claude via their commercial API. Per their data policy: zero training on API inputs, 30-day retention for trust and safety, SOC 2 Type II certified.
Every time customer PII is decrypted from the database, an entry is written to the audit log with your user ID, the resource, and timestamp.
Export all your bookings as CSV. Delete individual bookings or your entire account from Settings. Hard deletes run within 30 days.
| Service | Purpose | Retention |
|---|---|---|
| Anthropic (Claude) | AI extraction | 30-day safety |
| OpenAI (fallback) | AI extraction fallback | 30-day safety |
| Neon | PostgreSQL database | Until deleted |
| Clerk | Authentication | Until account deleted |
| Upstash | Rate limiting (Redis) | Ephemeral |
| Vercel | Hosting and edge functions | Log retention: 30 days |
| Stripe | Payment processing | Per Stripe policy |
| Resend | Transactional email | 30 days |
| Sentry | Error tracking | 90 days |