Privacy Policy

1. Data We Collect

• Account data: Name, email address (via Clerk authentication)
• Usage data: Feature usage counts, subscription status
• Query logs: Anonymized and sanitized query content for audit purposes
• Payment data: Processed exclusively by Dodo Payments — we never store card details

2. No PHI Storage

We do not store patient health information (PHI). Our PHI detection system actively blocks inputs containing identifiable patient data such as national IDs, passport numbers, or medical record numbers. Anonymized query logs are retained for audit and service improvement purposes (see §4 Data Retention below).

3. No AI Training

Your queries and inputs are never used to train AI models, including OpenAI models. We use the OpenAI API with data processing agreements that prohibit training on customer data.

4. Data Retention

Anonymized audit logs and chat history are retained for up to 6 months for service improvement and compliance purposes. After 6 months, records are automatically deleted. You may request earlier deletion at any time (see §6 Data Deletion).

5. Third-Party Services

We use the following third-party services to operate Vela:

• OpenAI — AI language model processing
• Clerk — User authentication
• Dodo Payments — Payment processing (Merchant of Record)
• Sentry — Error monitoring and performance tracking (no PII collected)
• PostHog — Anonymous product analytics
• Neon — Database hosting
• Fly.io — Application hosting

6. Cookies

We use essential cookies for authentication session management (via Clerk). We do not use advertising or tracking cookies.

7. Data Deletion

To request deletion of your account and associated data, email us at support@an-tho.com. We will process your request within 30 days.

8. Contact

For privacy-related inquiries: support@an-tho.com