Privacy Policy

1. Overview

DATA HEDGE (the "Service") is a consent-based AI usage data archive operated at datahedge.app. You voluntarily upload your AI conversation history (e.g. ChatGPT, Claude, Grok, Gemini exports). The Service runs an automated privacy-cleaning pass, an admin reviews the cleaned version, and only the redacted dataset is structured for use in AI data-contribution programs.

This policy explains what data we collect, how we use it, who we share it with, and the rights you have over it.

2. What we collect

• Account information. Email address, optional display name, optional avatar URL, and the OAuth provider (email, Google, or Apple) you used to sign up.
• Uploaded files. The raw AI conversation logs you upload, stored in a private, access-controlled bucket. Maximum 2 MB per file, .txt only during private beta.
• Cleaned previews. An automatically-redacted version of your upload (emails, phone numbers, URLs, API keys, wallet addresses, RRN, credit cards, seed phrases removed). This is what admins review.
• Consent records. Append-only log of which data-sharing scopes you have enabled or disabled, with timestamps.
• Operational logs. Standard server logs (IP address, user agent, timestamps) for debugging and abuse prevention. Retained for up to 30 days.

3. What we do NOT collect

• We never sell raw personal data. Period.
• We do not collect financial information, government IDs, or health records — and we actively scrub these from your uploads during privacy cleaning.
• We do not run third-party tracking scripts beyond first-party analytics (Vercel Analytics, which is privacy-preserving and does not use cookies).

4. How we use your data

We use your data only for the purposes you have consented to in the Settings > Data Sharing Preferences screen. Default scopes you can toggle independently:

• AI model improvement (anonymized). Privacy-cleaned samples may be used to evaluate and improve language models.
• Aggregated insights sharing. Only aggregated, non-identifying insights (e.g. category distributions) may be shared with AI companies. Never raw inputs.
• AI agent training. Workflow patterns may be used to train task-completion agents — never identifying content.
• Contribution scoring. Required for tier and points calculation. Revoke at any time.

Each consent toggle is independent and append-only — older records are kept for audit purposes, but only the most recent decision is enforced.

5. Privacy cleaning

Every upload runs through an automatic redaction pass that detects and replaces the following with placeholder tags:

• Emails, phone numbers, URLs
• API keys (OpenAI, Stripe, AWS, Google, GitHub formats)
• Private keys (PEM / OpenSSH)
• Crypto wallet addresses (BTC, EVM, Solana with context)
• Korean RRN (주민등록번호)
• Credit card numbers (Luhn-validated)
• BIP-39 seed phrases (12 / 24 words with context anchor)

The cleaning pass is a first defence — admins manually review every cleaned preview before approval. If you spot remaining sensitive content, request deletion via Settings → "Request full deletion".

6. Storage & security

• Raw uploads live in a private storage bucket. Only you and authorised super-admins can read your raw files. Routine admins see cleaned previews only.
• The database enforces row-level security on every table — users can only see their own profile, uploads, points, and consent records.
• Admin role changes are protected by triple-layer guards: immutable RLS policy, write-time trigger, and SECURITY DEFINER RPC. No user can promote themselves.
• All traffic is TLS. Data at rest is encrypted by Supabase / AWS S3 default encryption.

7. Your rights

• Access. View every dataset you have contributed at /archive.
• Export. Download a privacy-cleaned export of your archive (feature flag — available once an admin enables it for your account).
• Revoke consent. Toggle any data-sharing scope off in Settings. The change applies to future processing immediately.
• Delete. Request full deletion of your account and every dataset you have contributed. We complete deletions within 30 days.

8. Third-party processors

We rely on the following sub-processors:

• Supabase — database, auth, storage
• Vercel — hosting, edge runtime, analytics
• Google — OAuth login (Sign in with Google)
• Apple — OAuth login (Sign in with Apple), when enabled

9. Changes to this policy

We may update this policy as the Service evolves. Material changes will be communicated via email and a banner on the dashboard at least 14 days before they take effect.

10. Contact

Questions, requests, or complaints: roomcon12@gmail.com. We respond within 5 business days.