Privacy Policy

This Privacy Policy describes how Local RAG Application ("we", "us", or "our") collects, uses, and discloses your information when you use our application. We prioritize your privacy and have designed this application to give you full control over your data.

1. Key Privacy Principles

• Local-First Application
  Our application is designed as a local-first tool where your data primarily remains in your browser and is not transmitted to our servers unless explicitly authorized by you.
• User-Controlled API Access
  Any external API services (like OpenAI, Google, Anthropic, etc.) are only accessed using API keys that you provide directly. We do not store these API keys on our servers.
• Data Transparency
  We clearly indicate when data leaves your browser, where it's going, and why.

2. Information We Collect

Our application collects and processes the following types of information:

2.1 Information You Provide:

• Content You Upload
  Documents, text, audio files, or any other content you upload to the application for analysis or processing. The information is never sent to our servers, but may be sent to the LLM provider you chose (see below). All the information you upload is kept in your local machine.
• API Keys
  External service credentials (like OpenAI, Google, Anthropic, etc.) that you provide to enable specific features. These API keys are stored in your browser's localStorage and are not transmitted to our servers.
• Queries and Interactions
  Questions, prompts, and other interactions you have with the application's interface.

2.2 Information Sent to External Services:

• Content Sent to AI Services
  When you use features that require external AI services (like OpenAI, Anthropic, etc.), your queries and relevant content may be sent to these services using the API keys you provide.
• Content Sent to Cloudflare
  When using features that require our Cloudflare Workers (such as fetching from external APIs), certain data may be processed through Cloudflare's infrastructure.

3. How We Use Your Information

We use the information collected for the following purposes:

• To Provide Core Functionality
  Processing your content, queries, and interactions to deliver the application's features.
• To Connect With External Services
  Using your provided API keys to connect with external services that enhance the application's capabilities.
• To Improve the Application
  Analyzing usage patterns and performance metrics to enhance the application's functionality and user experience.

4. Data Storage and Protection

Our application uses a combination of local and remote processing:

• Your authentication data
  We use Clerk for your authentication, at least for this initial version of the application. Please refer to their privacy policy for more information: https://clerk.com/privacy.
• Payment data and provisioned api keys
  We use Stripe for payment processing. Your payment information is handled by Stripe and is subject to their privacy policy: https://stripe.com/privacy. Upon payment, you are provisioned with API keys that are stored in your browser's localStorage. These keys are used to access LLM providers like OpenAI, Anthropic, and others.
• Local Storage
  Most of your data is stored locally in your browser's IndexedDB and localStorage. This includes uploaded documents, processing results, and your API keys.
• Remote Processing by AI models
  This application has important features delivered by AI systems that involve remote processing of your data. This means that if you decide to use AI features your data will be sent to the AI providers for processing. You can always decide what to send and what not to send, and you can also choose not to use these features at all.
• Data Storage and Security
  We only store your data in your browser and no data is ever sent to our servers. We implement industry-standard security measures to protect your data, including encryption in transit (we would love to say that your data is encrypted at rest, too, but we have no data to encrypt, as your data is never sent to us). However, please note that no method of transmission over the internet is 100% secure.
• Cloudflare Workers
  Some features utilize Cloudflare Workers for processing. When using these features, data is transiently processed through Cloudflare's infrastructure but is not persistently stored. Cloudflare Workers are governed by Cloudflare's Privacy Policy, which you can view at: https://www.cloudflare.com/privacypolicy/
• Third-Party Services
  When you use features that connect to external services (like OpenAI, Anthropic, Openrouter, etc.), your data is processed according to those services' privacy policies.

5. Google API Services User Data Policy

Our application adheres to the Google API Services User Data Policy. When you use features that involve Google APIs (such as Fetching your data from Google Drive):

• Limited Use
  The application allows a user to access his/her own Google user data for the purposes described in this privacy policy and permitted by the user, and only for the limited purposes described in this privacy policy. For your Google Drive data in particular, any data is stored in browser if you decide to fetch the data to process in the application.
• No Transfer or Sale
  We do not sell Google user data, nor do we transfer it to others except as necessary to provide and improve the features explicitly requested by users.
• No Advertising
  We do not use Google user data for advertising purposes.
• Limited Retention
  We retain Google user data only as long as necessary to provide the service requested by the user, and all data is stored locally in the user's browser.

6. Your Rights and Choices

You have full control over your data:

• Data Deletion
  You can delete your data at any time using the application's 'Reset System' feature, which clears all locally stored data. We recommend you do so when you share your computer or if your computer can be accessed by others.
• API Key Management
  You can add, remove, or update your API keys at any time.
• Service Disconnection
  You can disconnect from external services at any time.
• Account deletion
  You can delete your account at any time from your account settings.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at app@ncdata.eu.