Privacy Policy

Last updated: March 4, 2026

1. Overview

Stone AI ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information. Stone AI is designed with a local-first architecture — on our Free and Starter plans, your conversations are processed entirely on local hardware and never sent to third-party AI providers.

2. Data We Collect

Account Information: Email address, name (optional), and authentication data provided through Clerk (our authentication provider).

Conversation Data: Messages you send and AI responses generated during chat sessions. This includes message content, timestamps, and token usage counts.

Usage Data: Daily message counts, token usage, feature usage statistics, and subscription status.

Payment Data: Subscription and billing information is processed and stored by Stripe. We store only your Stripe customer ID and subscription ID — never your card number or banking details.

Forum Content: Posts, replies, and likes you create in the community forum.

Feedback: Messages you submit through the Help & Support feedback form.

Agent Memory: Key-value pairs that AI agents store to remember your preferences across sessions.

3. How Your Data Is Processed

Local Mode (Free, Starter, Plus plans default):

Your messages are sent to our local inference server running on our own hardware. The AI model processes your message and generates a response entirely on our infrastructure. Your conversation data is never sent to OpenAI, Google, Anthropic, or any third-party AI provider. This is true local-first AI.

Smart Mode (Smart and Pro plans):

When you use Smart mode or when auto-routing selects it, your message may be sent to OpenAI's GPT-4o API for processing. OpenAI's data usage policies apply to these requests. OpenAI's API does not use your data for training. You can always use Local mode instead if you prefer complete data sovereignty.

4. Data Storage and Security

All data is stored in our PostgreSQL database with the following protections:

  • AES-256-GCM encryption for sensitive data at rest
  • TLS 1.2+ encryption for all data in transit
  • API keys stored as salted hashes (never in plaintext)
  • Rate limiting on all endpoints to prevent abuse
  • Security audit logging for access and authentication events
  • Enterprise security headers (CSP, HSTS, X-Frame-Options)
  • Input sanitization on all user-submitted content

5. How We Use Your Data

  • To provide the AI chat service and generate responses to your messages
  • To enforce usage limits based on your subscription tier
  • To process payments and manage your subscription
  • To display your forum posts and replies to other users
  • To allow AI agents to remember your preferences (agent memory)
  • To improve the Service (aggregated, anonymized usage statistics only)
  • To respond to your support inquiries and feedback
  • To personalize your experience, including the display of contextually relevant content and advertisements on ad-supported tiers
  • To generate anonymized, aggregated interest segments based on usage patterns for service optimization and advertising relevance

6. Advertising and Sponsored Content

Stone AI offers both ad-supported and ad-free subscription tiers. On ad-supported tiers (including the Free tier), the Service may display contextual advertisements and sponsored content. These ads are selected based on anonymized interest categories derived from your usage of the Service, such as conversation topics, agent categories used, and general engagement patterns.

We do not sell personally identifiable information (PII) to advertisers. Advertising partners may receive anonymized, aggregated audience segment data to deliver relevant ads. Paid subscription tiers receive an ad-free experience. By using the Service, you consent to the display of advertisements on ad-supported tiers as described in this policy.

We may use third-party advertising services (such as Google AdSense) to serve ads. These services may use cookies and similar technologies as described in their own privacy policies.

7. What We Do NOT Do

  • We do NOT sell your personally identifiable information to third parties
  • We do NOT use your conversations to train AI models
  • We do NOT share your conversation content with advertisers
  • We do NOT track you across other websites
  • We do NOT store your payment card details (Stripe handles this)

8. Third-Party Services

We use the following third-party services:

  • Clerk — authentication and user management
  • Stripe — payment processing and subscription billing
  • OpenAI — cloud AI inference (Smart mode only, Smart and Pro tiers)
  • Google AdSense — contextual advertising on ad-supported tiers

Each service has its own privacy policy. We recommend reviewing them.

9. Data Retention

Conversation data is retained as long as your account is active. You can delete individual conversations at any time. Forum posts remain visible unless deleted by you or a moderator. Upon account deletion, all your data (conversations, agent memories, forum posts, usage records) is permanently deleted within 30 days.

10. Your Rights

You have the right to:

  • Access your data (available in Settings and through conversation export)
  • Delete your conversations at any time
  • Delete your account and all associated data
  • Export your conversation data (Plus plan and above)
  • Opt out of Smart mode to keep all data local
  • Request a copy of all data we hold about you

11. Cookies and Tracking Technologies

We use essential cookies required for authentication and session management (provided by Clerk). On ad-supported tiers, third-party advertising services may set additional cookies to deliver relevant advertisements and measure ad performance. These cookies help ensure you see content that is relevant to your interests. For details on third-party cookies, please refer to the respective privacy policies of our advertising partners.

12. Children's Privacy

Stone AI is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it promptly.

13. California Privacy Rights (CCPA)

If you are a California resident, you have the right to request disclosure of the categories of personal information we collect, the purposes for which it is used, and the categories of third parties with whom it is shared. You may also request deletion of your personal information and opt out of the sale or sharing of personal information. To exercise these rights, visit the Privacy Choices section in your account Settings or contact us at support@stone-ai.net. We will respond to verified requests within 45 days.

14. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. The "last updated" date at the top of this page indicates when the policy was last revised.

15. Contact

For privacy-related questions or data requests, contact us at support@stone-ai.net.