Privacy Policy

Last Updated: January 24, 2026

Huddleston Professional Services ("Huddleston," "we," "our," or "us") is a Georgia‑based provider of software‑as‑a‑service ("SaaS") that enables users to generate text using artificial‑intelligence models. This Privacy Policy explains how we collect, use, share, retain, and protect personal information when you use our website, Chrome extension, API, or any other services (collectively, the "Service").

By using the Service, you acknowledge that you have read and understand this Privacy Policy and agree to its terms.

1. Introduction and Scope

This Privacy Policy applies to all personal information we obtain from users of the Service, regardless of how that information is collected (e.g., through our website, mobile browsers, or third‑party integrations). It does not apply to third‑party websites or services that we do not control, even if they are linked from our site.

2. Information Collected

Category Examples
Personal InformationName (if provided), email address, company name, job title, contact phone number.
Authentication DataSupabase user ID, Google OAuth identifiers, authentication tokens, password hashes (stored by Supabase).
Usage DataDevice type, operating system, browser type, IP address (limited to country‑level), API request timestamps, feature usage counts, AI model selection, error logs.
Payment InformationBilling name, billing address, email associated with Stripe, transaction IDs, subscription plan, payment status. (Full credit‑card numbers are never stored by us; they are processed by Stripe.)
Content Submitted to the ServiceText prompts, uploaded files, and AI‑generated outputs (processed temporarily to fulfill the request).

3. How Information Is Collected

  • Directly from Users – When you create an account, upgrade to a paid plan, or contact support, you voluntarily provide personal and payment information.
  • Automatically via Supabase – Supabase records authentication events, device fingerprints, and basic usage metrics for security and operational purposes.
  • Through Google OAuth – When you sign in with Google, Google supplies a unique identifier and basic profile information (name, email) in accordance with Google's privacy policy.
  • Cookies & Similar Technologies – We place session cookies to maintain login state and may use a first‑party "preferences" cookie to remember UI settings. No third‑party tracking or advertising cookies are used.
  • API Calls to OpenRouter – When you request AI‑generated content, our backend forwards the prompt to OpenRouter, which may log the request for model‑provider purposes. We do not retain the full prompt after the response is returned, unless you explicitly save it.
  • Stripe – Payment details are collected by Stripe's secure checkout pages; we receive only the information necessary to manage subscriptions and issue invoices.

4. Use of Collected Information

  • Service Provision – Authenticate users, enforce subscription status, and deliver AI‑generated outputs.
  • Authentication & Security – Verify identities, detect fraudulent activity, and protect accounts.
  • AI Model Selection & Billing – Determine which third‑party model (Google, OpenAI, xAI, Meta) to invoke based on your plan and usage; calculate billing accordingly.
  • Analytics & Operational Improvements – Aggregate usage statistics (e.g., feature‑usage counts) to monitor performance, diagnose bugs, and prioritize enhancements. No personally identifiable information is used for analytics.
  • Communications – Send transactional emails (account creation, password reset, billing notices) and optional service updates if you have opted in.
  • Legal & Compliance – Respond to lawful requests, enforce our Terms of Service, and protect our legal rights.

5. Sharing of Information with Third‑Party Vendors

Vendor Purpose Data Shared
SupabaseAuthentication, user management, database storageUser ID, email, hashed password, login timestamps, limited usage metrics
Google OAuthSingle‑sign‑on authenticationGoogle‑provided user identifier, name, email address
OpenRouterAI model gateway (Google, OpenAI, xAI, Meta)Prompt text (temporarily), selected model identifier, response data (returned to us)
StripeSubscription billing and payment processingBilling name, address, email, transaction IDs, subscription status (no raw credit‑card numbers)
Hosting/Infrastructure ProvidersServer hosting, API proxyingMinimal logs required for operation (IP, request timestamps)

All vendors are bound by contractual obligations to protect your data and to use it only for the purposes described herein. We do not sell, rent, or otherwise disclose personal information to marketers.

6. Data Retention and Deletion Policies

  • Account Data – Retained for as long as the account remains active. Upon account deletion (requested via the "Delete Account" option), we purge personal data within 30 days, except where retention is required by law (e.g., tax records).
  • Authentication Logs – Stored for 90 days for security monitoring; then anonymized.
  • Usage Metrics – Aggregated, de‑identified data is retained indefinitely for product improvement.
  • Payment Records – Retained by Stripe in accordance with its own retention schedule; we keep only the minimal invoice metadata needed for billing reconciliation (typically 7 years for tax purposes).
  • User‑Submitted Content – Processed only for the duration of the request. If you explicitly save content within the Service, it is stored until you delete it.

You may request deletion of your personal data at any time by contacting us (see Section 13). We will honor the request unless a legal obligation requires us to retain the information.

7. Data Security Measures

  • Encryption in Transit – All communications between your device and our servers use TLS 1.2 or higher.
  • Encryption at Rest – Sensitive data (e.g., authentication tokens, email addresses) is encrypted using AES‑256.
  • Access Controls – Strict role‑based access controls limit internal staff to the minimum data required for their duties.
  • Regular Audits – We conduct periodic security assessments of our infrastructure and third‑party integrations.
  • Incident Response – A documented breach‑response plan is in place; we will notify affected users and relevant authorities in accordance with Georgia's data‑breach notification law.

8. User Rights Under Georgia Law

Georgia does not have a comprehensive consumer‑data privacy statute, but the following rights are recognized under state consumer‑protection law and applicable federal statutes (e.g., CCPA for California residents, COPPA for children). Users may exercise these rights by contacting us (Section 13):

  • Right to Access – Request a copy of the personal information we hold about you.
  • Right to Correct – Request correction of inaccurate or incomplete personal data.
  • Right to Delete – Request deletion of your personal data, subject to legal retention requirements.
  • Right to Opt‑Out of Data Sharing – Where applicable (e.g., if we ever share data for marketing), you may opt out; currently we do not share personal data for marketing purposes.
  • Right to Restrict Processing – Request that we limit the use of your data while a dispute is resolved.

We will respond to verified requests within 30 days.

9. International Data Transfers

Our primary operations and data storage are located in the United States. If a third‑party vendor processes data on servers located outside the U.S. (e.g., OpenRouter's model providers), such transfers are governed by standard contractual clauses and the vendor's own privacy policies, which provide an adequate level of protection. We do not knowingly transfer personal data to jurisdictions lacking comparable safeguards without appropriate safeguards.

10. Cookies and Tracking Technologies

  • Essential Cookies – Session cookie (sid) to keep you logged in; expires when you close the browser.
  • Preference Cookies – Optional cookie (ui_prefs) to remember UI settings; expires after 30 days.
  • No Advertising or Analytics Cookies – We do not embed third‑party analytics (e.g., Google Analytics) or advertising trackers.

You may disable cookies through your browser settings; however, doing so may affect the functionality of the Service (e.g., you will be required to log in on each visit).

11. Children's Privacy (COPPA Compliance)

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal data, we will promptly delete that information. Parents or guardians who believe we have inadvertently collected such data may contact us to request removal.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will:

  • Post the revised policy on this page with an updated "Last Updated" date.
  • Provide notice via email or an in‑app banner for users with active accounts.

Your continued use of the Service after such notice constitutes acceptance of the updated policy.

13. Contact Information for Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Huddleston Professional Services
Email: typefloaihelp@gmail.com