Privacy Policy

We collect the following categories of data:

• Account data. When you sign in with Google, we receive your email address and a unique account identifier from Google. We do not receive or store your Google password.
• Prompts and outputs. The prompts you submit, the AI model responses we receive, and the judgments produced for each run. These are stored so you can review your history and share runs by link.
• Usage data.Counters tracking how many comparisons you’ve run against your plan limits, your current plan, and welcome-bonus state.
• Billing data. If you subscribe to Pro, Stripe processes your payment. We receive a customer ID, subscription ID, and current subscription state — never your card number, CVC, or full billing details.
• Technical data. Standard server logs including IP address, browser type, and request timestamps. Used for security, abuse prevention, and debugging.

• To operate the service — running comparisons, storing history, enforcing plan limits.
• To authenticate you and secure your account.
• To process payments and manage subscriptions.
• To communicate essential service messages (billing, security, policy changes).
• To investigate abuse, fraud, or violations of our Terms.
• To improve Lightbrew — analyzing aggregate usage to understand what features matter.

We do not sell your personal data. We do not use your prompts or outputs to train our own models.

Lightbrew runs on top of several third-party services. When you use Lightbrew, some of your data is processed by these providers under their own privacy terms:

• Google — authentication (OAuth sign-in).
• Supabase — database and session storage.
• Upstash — rate limiting and usage counters.
• Stripe — payment processing and subscription billing.
• Vercel — application hosting and delivery.
• AI providers — when you submit a prompt, we forward it to the selected AI providers (currently OpenAI, Anthropic, and Google) to generate responses and to our judging model. Each provider processes your prompt under its own privacy and data-use terms.

Prompts and outputs are transmitted to AI providers to produce responses. Providers may temporarily log prompts and outputs for safety and abuse monitoring under their respective policies. We do not control those providers’ retention or use of data beyond the commercial terms under which we access their APIs, which currently prohibit use of customer data for training their foundation models [REVIEW: verify against each provider’s current API terms].

• Free plan — run history is retained for 30 days, after which individual runs are removed from your history.
• Pro plan — run history is retained for as long as your account is active.
• Account data — retained while your account exists. Billing records may be retained longer where required by law [REVIEW: typically 7 years for tax records].
• Server logs — retained for up to 30 days for security and debugging.

Lightbrew uses a small number of cookies and browser storage items:

• Authentication cookies that keep you signed in (set by Supabase on our behalf).
• Local storage entries used to remember your preferences (selected models, preset, prompt draft) across sessions.

We do not use third-party advertising or cross-site tracking cookies.

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you. To exercise any of these rights, email support@lightbrew.ai from the address associated with your account.

You can delete your account at any time by emailing us. Deletion removes your profile, run history, and usage records. Billing records may be retained for tax and audit purposes as described above.

We use industry-standard safeguards — encrypted connections (TLS), encrypted storage, narrow access controls, and hardened payment handling via Stripe. No internet service is perfectly secure; if you believe your account has been compromised, email support@lightbrew.ai right away.

Lightbrew is not directed at children under 13, and we do not knowingly collect data from children. If you believe a child has provided us information, please email us so we can remove it.

Lightbrew operates from the United States, and the third-party processors listed above may process data in other countries. By using Lightbrew you consent to the transfer of your data to jurisdictions that may have different data-protection rules than your own.

We may update this policy to reflect changes in our service or in applicable law. If we make material changes we will update the “last updated” date above and, where appropriate, notify you by email or in-app notice.

Questions about this policy? Email support@lightbrew.ai.