⚠️ This privacy policy is a template. Consult a qualified legal professional for your jurisdiction before relying on it.
Legal

Privacy Policy

Last updated: March 20, 2026

Overview

Athelm AI ("Athelm", "we", "us") operates app.athelm.ai and athelm.ai (the "Platform"). This Privacy Policy explains what data we collect, how we use it, and your rights. Our architecture is designed with privacy as a first principle: your conversations and content never leave your server.

1. What We Collect

Account Information

When you create an account: email address, display name, password (hashed with bcrypt, never stored in plaintext), subscription tier, account creation date.

Usage Data

We collect anonymized usage signals: feature usage frequency, session duration, error rates. We do NOT collect message content, conversation history, or any content you generate. This data never touches our servers — it lives on your instance.

Billing Data

Payment processing is handled by Stripe. We store only: subscription status, plan tier, billing cycle. We never see or store full card numbers.

Technical Data

IP address (for rate limiting and security), browser type, OS (for compatibility), crash reports (opt-in, anonymized).

2. How We Use Your Data

  • Account authentication and session management
  • Processing subscription payments via Stripe
  • Sending transactional emails (account confirmation, billing receipts)
  • Improving platform performance and fixing bugs
  • Fraud prevention and abuse detection

We do NOT sell your data. We do NOT use your data for advertising. We do NOT train AI models on your content.

3. Zero-Storage Architecture

Athelm's core architecture is designed so that user-generated content — messages, documents, generated images, voice recordings, and all other creative outputs — is stored exclusively on the user's own server instance. The Architect (our AI coordination layer) learns from routing patterns and interaction cadences only — abstract behavioral signals, never content. This is not a policy choice. It is an architectural constraint.

4. Third-Party Services

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • RunPod — GPU compute for AI processing. Requests are stateless and not persisted. Subject to RunPod's privacy policy.
  • Cloudflare — DDoS protection and CDN for the marketing site. Subject to Cloudflare's privacy policy.

5. Data Retention

Account data is retained while your account is active and for 90 days after deletion (to process refunds and chargebacks). After 90 days, account data is permanently deleted. Waitlist data (email only) is retained until the waitlist closes or you request removal.

6. Your Rights

You have the right to: access your account data, export your data, correct inaccurate data, delete your account, opt out of marketing emails. To exercise these rights, contact us at privacy@athelm.ai or use the account settings in-app.

7. GDPR & CCPA

For EU residents: our legal basis for processing is contract performance (for providing the service) and legitimate interests (for security and fraud prevention). For California residents: we do not sell personal information as defined by CCPA. You have the right to know, delete, and opt-out of sale (which we don't do).

8. Cookies

We use strictly necessary cookies for authentication (session token, httpOnly). We do not use tracking cookies, advertising cookies, or third-party analytics. Our marketing site uses no cookies beyond session management.

9. Security

Passwords are hashed with bcrypt (12 rounds). Connections are encrypted via TLS. JWT tokens expire after 7 days. We use httpOnly cookies to prevent XSS token theft. We conduct regular dependency audits.

10. Contact

For privacy questions: privacy@athelm.ai. For general inquiries: support@athelm.ai. DarkHorse Codes, athelm.ai.