Privacy Policy

Last updated: March 26, 2026

1. Introduction

Consulgent ("we," "us," or "our") operates the Consulgent web application at consulgent.com (the "Service"). This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Service.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a cryptographic hash by our authentication provider)
  • Display name (optional; derived from your email if not provided)
  • Phone number (optional)

2.2 Conversation and Project Data

When you use the Service, we store:

  • Conversation messages, prompts, and AI-generated responses
  • Conversation metadata (titles, objectives, plans, summaries)
  • Project information (titles, objectives, steps, progress)
  • User-provided background context and any other content you submit during conversations

2.3 Uploaded Files

When you upload files to the Service, we store:

  • The original file in cloud storage
  • File metadata (name, size, type)
  • Extracted text content and text embeddings (vector representations) generated from your file content for search functionality

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We do store:

  • Stripe customer ID and subscription ID
  • Subscription tier and billing period dates
  • Credit balances and purchase history (amounts and dates)

2.5 Usage Data

We automatically collect usage information for each AI interaction, including:

  • AI model used and token counts (input, output, cached)
  • Estimated cost per interaction
  • Web search query counts (when web search is used)
  • Timestamps of interactions

2.6 Google Workspace Data

If you choose to connect your Google Workspace account, we store an encrypted OAuth refresh token (AES-256-GCM encryption) and the list of scopes you granted. When connected, the Service may access Google services (Gmail, Drive, Docs, Calendar) on your behalf, limited to the scopes you authorize. You can revoke this access at any time.

2.7 Cookies and Session Data

We use essential cookies for:

  • Authentication sessions— managed by Supabase Auth to keep you signed in
  • CSRF protection— temporary tokens during OAuth flows (deleted after use)

We do not use advertising or marketing cookies. We use Vercel Analytics for aggregate website performance metrics. Vercel Analytics is privacy-focused and does not use cookies or track individual users across sites.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your conversations through AI models to generate responses, plans, and recommendations
  • Process uploaded files for text extraction, embedding, and semantic search
  • Process payments and manage your subscription
  • Track usage for billing, credit deduction, and cost transparency
  • Access Google Workspace services on your behalf (only if you opt in and authorize specific scopes)
  • Respond to support requests and communicate about your account
  • Monitor for abuse and enforce our terms of service

4. Third-Party Services and Data Sharing

To provide the Service, your data is transmitted to the following third-party providers. We do not sell your personal information to any third party.

4.1 AI Model Providers

Your conversation content, prompts, and uploaded file contents are sent to third-party AI providers for processing. We use models from:

  • Anthropic (Claude models)
  • OpenAI (GPT models and text embeddings)
  • Google (Gemini models, used for AI responses and file text extraction)
  • xAI (Grok models)

Each provider processes data according to their own privacy policies and data handling terms. We use these providers' API services, which generally do not use your data to train their models.

4.2 Infrastructure Providers

  • Supabase— database hosting, file storage, and authentication
  • Vercel— application hosting and analytics

4.3 Payment Processing

  • Stripe— handles all payment processing. When you make a payment, your payment details are submitted directly to Stripe and are subject to Stripe's Privacy Policy.

4.4 Google Services

If you connect your Google account, data flows between the Service and Google Workspace APIs (Gmail, Drive, Docs, Calendar) according to the scopes you authorize. This integration is governed by Google's Privacy Policy.

4.5 Google Forms

Our Contact, Feedback, and Careers pages embed Google Forms. Information you submit through these forms is sent directly to Google and is subject to Google's Privacy Policy. This data is not processed through our servers.

4.6 Web Search

When the Service performs web searches as part of a conversation, search queries are sent to the AI providers listed in Section 4.1, which may use their own or third-party search infrastructure.

5. Data Storage and Security

Your data is stored on servers located in the United States. We implement the following security measures:

  • Encryption at rest— database and file storage are encrypted by our infrastructure provider (Supabase)
  • Encryption in transit— all data transmitted over HTTPS/TLS
  • Row-Level Security (RLS)— database policies ensure users can only access their own data
  • Encrypted tokens— Google Workspace refresh tokens are encrypted with AES-256-GCM before storage
  • Secure authentication— passwords are cryptographically hashed; sessions use secure, httpOnly cookies

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

We retain your data for as long as your account is active and as needed to provide the Service. When you delete a conversation or project, it is marked as deleted and hidden from the interface. Associated files are deleted from storage.

You may request complete deletion of your account and all associated data by contacting us at the email address listed below. Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Export your data in a portable format
  • Withdraw consent for optional data processing (e.g., Google Workspace integration)
  • Object to processing of your data in certain circumstances

To exercise any of these rights, please contact us using the information in Section 11. We will respond within 30 days.

8. International Data Transfers

Our Service and data infrastructure are located in the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Consulgent
Email: support@consulgent.com