Privacy Policy
Last updated: January 22, 2026
Overview
At ALLM.one, we believe in minimal data collection. We only collect what is necessary to provide our DeepThink service and process payments. This policy explains exactly what data we collect, how we use it, and your rights.
Data We Collect
Account Information
- Email address (from OAuth provider)
- OAuth provider ID (Google or Apple identifier)
- Credits balance
Usage Data
- IP address (hashed using SHA-256, never stored in plain text)
- User agent (browser and device information)
- Timestamps of account activity
Payment Data
Payment processing is handled entirely by Stripe. We receive:
- Email address associated with payment
- Purchase amount and timestamp
- Stripe customer and payment IDs
We never see or store your full credit card number, CVV, or billing address.
Chat Prompts
Your chat prompts are sent directly to OpenRouter's API for processing by AI models. We do not store your prompts or AI responses in our database. Your conversations are transient and not retained after the session.
Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Authentication | Email, profile ID |
| Apple OAuth | Authentication | Email, user ID |
| OpenRouter | AI/LLM inference | Chat prompts (not stored) |
| Stripe | Payment processing | Email, payment amount |
Each service has its own privacy policy. We encourage you to review them.
Cookies and Storage
Essential Cookies
| Name | Purpose | Duration | Type |
|---|---|---|---|
| session | Authentication | 7 days | HttpOnly, Secure |
Marketing Attribution Cookies
We use cookies to understand how users find our website. These cookies help us measure the effectiveness of our marketing efforts and improve our services.
| Name | Purpose | Duration | Data Collected |
|---|---|---|---|
| source | Track referral source | 30 days | Marketing source identifier from URL parameter |
| click_id | Track marketing campaign clicks | 30 days | Click identifier from URL parameter |
Important: These cookies do not collect any personal information. They only store anonymous referral source identifiers and click IDs from URL parameters to help us understand which marketing channels bring visitors to our site. This data is used solely for marketing attribution analysis.
Local Storage
- Theme preference (light/dark/system) - stored locally in your browser only
What We Do NOT Collect
- No third-party analytics (no Google Analytics, Mixpanel, etc.)
- No tracking pixels or web beacons
- No behavioral tracking or profiling
- No location data or GPS coordinates
- No browser fingerprinting
- No advertising identifiers
- No selling or sharing of data with advertisers
Data Retention
- Account data is retained while your account is active
- You may request account deletion at any time
- Payment records are retained for legal and tax compliance
- Chat prompts are not retained after your session
Your Rights
You have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your account and data
- Export your data in a portable format
- Withdraw consent for data processing
To exercise any of these rights, please contact us.
Security
We implement appropriate technical measures to protect your data:
- All data transmitted over HTTPS
- IP addresses hashed with SHA-256
- HttpOnly session cookies to prevent XSS attacks
- Regular security reviews and updates
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our website or sending you an email. Your continued use of the service after changes indicates acceptance of the updated policy.
Contact
For questions about this Privacy Policy or to exercise your data rights, please contact us.