← Back to Splicr

Privacy Policy

Last updated: April 7, 2026

What we collect

When you use Splicr, we store:

• Your account info — email and password (password is hashed, we never see it).
• Content you save — links, text snippets, and highlights you explicitly choose to capture via our browser extension, Telegram bot, or coding agent.
• Agent saves — when your coding agent saves decisions or discoveries via save_from_agent, those are stored with attribution metadata (agent name, files involved, memory type).
• Your projects — project names and descriptions synced from your GitHub account (if you connect it).
• Team knowledge — if you're on a team, captures you mark as team-visible are accessible to your teammates. Personal captures stay private.

That's it. We don't collect anything you don't intentionally send us or your agent explicitly saves on your behalf.

What we don't collect

• We don't track your browsing history.
• We don't read your clipboard or screen.
• We don't collect analytics or fingerprint your device.
• We don't use tracking pixels in emails.

How we use your data

• AI processing — we use AI (Google Gemini) to summarize what you save and route it to the right project. The content you save is sent to this AI provider for processing. They don't store or train on your data per their API terms.
• Embeddings — we generate vector embeddings (via Google Gemini) of your saved content so you can search it semantically. These vectors are stored alongside your captures in our database.
• Surfacing knowledge — when your coding agent asks for context, we return your saved content that's relevant to what you're building.
• Session episodes — at the end of coding sessions, we generate brief summaries of what was searched and saved. These summaries are stored to provide continuity across sessions.

What data hits AI providers

To be fully transparent, here's exactly what gets sent to external AI services:

• Google Gemini — your saved content (for insight generation, routing, clustering, embeddings, and compiled page synthesis). Gemini API does not store or train on data sent via API.

We do NOT send: your email, password, project names, team info, session data, or any metadata to AI providers. Only the content you save gets processed.

Data retention

• Captures — stored indefinitely unless you delete them.
• Scratchpad memory — agent saves marked as "scratchpad" are automatically deleted after 7 days.
• Sessions — MCP session data (tool calls, searches) expires after 30 days.
• Embeddings — deleted when the associated capture is deleted.

Where your data lives

Your data is stored in Supabase (hosted on AWS). All data is encrypted in transit (TLS) and at rest. Database access is restricted by row-level security — you can only access your own data.

Third-party services

• Supabase — database and authentication (hosted on AWS, US region)
• Google (Gemini) — AI processing for summarization, routing, and embeddings
• Railway — API server hosting
• Cloudflare — website hosting and CDN
• Resend — transactional emails (welcome, invite)
• Sentry — error monitoring (no user content is sent, only error stack traces)

We don't share your data with anyone else, and we don't sell it.

The Chrome extension

Our browser extension only activates when you click it. It reads the current page content only when you choose to save it. It does not run in the background, track your browsing, or access any page you don't explicitly save.

Deleting your data

You can delete individual captures at any time via the API (DELETE /captures/:id). To delete your entire account and all associated data, email us at contact@techvaultsolutions.com. No questions, no hoops. We'll remove everything within 48 hours - captures, embeddings, projects, sessions, team memberships.

Changes to this policy

If we change this policy, we'll update the date at the top. For significant changes, we'll email you. We won't quietly reduce your privacy.

Contact

Questions about your data? Reach us at contact@techvaultsolutions.com.