Privacy Policy

Account Information: When you create an account, we collect your name, email address, and hashed password (or OAuth provider token if you sign in with Google, GitHub, etc.).

Usage Data: We collect metadata about how you use AzelaAI — chat session IDs, model selections, feature usage frequency, token counts, and performance diagnostics. We do not store raw prompts or responses beyond what is needed to display your chat history.

Chat History: Your conversations are stored securely to provide continuity across sessions. You may delete any or all chat history at any time from the Settings page.

Uploaded Files: Files and URLs you submit are processed to extract text for AI context. Raw file bytes are not permanently stored; extracted text is retained with your session data.

Payment Information: Billing is handled by Razorpay. We do not store your full card number, CVV, UPI PIN, or raw payment details. We receive a Razorpay subscription ID, customer ID, and payment status only.

Device and Log Data: IP address, browser type, operating system, referrer URL, and error logs collected automatically for security and debugging.

We use your information solely to provide and improve AzelaAI services:

• Authenticate your account and maintain your session
• Route your prompts to the AI models you select
• Store and display your chat history
• Process payments and manage your subscription
• Send transactional emails (account confirmations, billing receipts, password resets)
• Detect abuse, enforce rate limits, and protect platform security
• Improve model routing, latency, and response quality through aggregate (non-personal) analytics
• Comply with legal obligations

We do not use your prompts or responses to train any AI model — including our own or any third-party model.

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

• AI Model Providers (OpenAI, Anthropic, Google, etc.): Your prompts are forwarded to the AI model you select to generate a response. Each provider processes this under their own data use and privacy policies. We recommend reviewing them.
• Infrastructure Partners: Hosting (e.g. Vercel, AWS), database, and CDN providers process data as sub-processors under strict data processing agreements.
• Razorpay: Payment processor. Governed by Razorpay's Privacy Policy.
• Legal Requirements: We may disclose data if required by law, court order, or to protect the safety of users or the public.
• Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with prior notice to you.

AzelaAI acts as a gateway to third-party AI models. When you send a prompt, it is transmitted to the selected model provider's API. Different providers have different data policies:

• OpenAI: Prompts sent via API are not used by OpenAI to train their models (per their API data usage policy). See openai.com/privacy.
• Anthropic: API usage is not used for model training. See anthropic.com/privacy.
• Google (Gemini): API data may be subject to Google Cloud data processing terms. See cloud.google.com/terms/data-processing-addendum.
• Other providers: We route to 50+ models via OpenRouter and direct APIs. Check individual provider policies for models you use.

We recommend not submitting personally identifiable information (PII), confidential business secrets, or regulated data (HIPAA, financial PII) in AI prompts, as these are processed by third-party infrastructure.

• Chat history: Retained until you delete it or close your account.
• Account data: Retained for 30 days after account deletion to allow recovery, then permanently purged.
• Usage logs: Retained for 90 days for security and billing reconciliation.
• Payment records: Retained for 7 years to comply with financial regulations.
• Uploaded files: Extracted text retained with chat history. Original file bytes are not permanently stored.

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Bcrypt-hashed passwords (never stored in plaintext)
• Short-lived JWT session tokens with secure, httpOnly cookie storage
• Rate limiting and abuse detection on all API endpoints
• Regular dependency audits and vulnerability scanning

No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to info@azelaai.com.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and associated data. You can also self-serve from Settings → Account → Delete Account.
• Portability: Request an export of your data in a machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@azelaai.com. We will respond within 30 days.

AzelaAI uses the following categories of cookies:

• Essential: Session authentication cookies required for you to remain logged in. Cannot be disabled.
• Preferences: Stores your UI settings (dark mode, model preferences). Can be cleared via your browser.
• Analytics: Aggregate, anonymized usage analytics to understand which features are used most. No cross-site tracking.

We do not use advertising cookies, third-party trackers, or fingerprinting technologies.

AzelaAI is not directed at children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has created an account, contact us at info@azelaai.com and we will promptly delete that data.

AzelaAI is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the US and other countries where our infrastructure partners operate. These transfers are governed by Standard Contractual Clauses (SCCs) or equivalent safeguards approved under applicable data protection law.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) or by a prominent notice on the platform at least 14 days before the change takes effect. Continued use of AzelaAI after the effective date constitutes acceptance of the updated policy.

For privacy questions, data requests, or to report a concern, please contact our Privacy Team: