Skip to Content
Security & PrivacyData handling overview

Data handling overview

Draft — not reviewed by legal counsel. Do not rely on this text for compliance decisions until counsel sign-off.

This page gives a short overview of how Steinkauz handles your data. For legal details, see the Privacy Policy and related Legal pages.

What we store

  • Conversations and messages — So you can see history and continue threads. We store them in line with our encryption at rest and retention policies.
  • Account and settings — Email, authentication, billing, subscription, and preferences (including provider configuration, per-provider security classifications, and per-conversation policy stored for each chat).
  • Usage data — To show you usage and costs and to operate and secure the service.

What we do not do

We do not use your content to train our own AI models. We do not sell your data. Our business is your subscription, not monetizing your conversations or personal data.

Sending data to AI providers

When you chat or use tools, your prompts (and sometimes responses) are sent to the AI provider that serves the model you chose. Each provider has its own privacy policy and data practices. For stricter control, you can use zero data retention on Gateway plans and security classifications: labels on each provider plus Auto or Manual policy per thread, enforced on the server before each request.

With BYOK, you send data directly to the providers whose keys you configured; you are responsible for their terms and policies.

Your control

You can delete your data and manage your account and settings. You can restrict providers via Gateway provider configuration or BYOK provider configuration. Security classifications add conversation-level rules: the app blocks sends when the selected provider is below the thread’s required level unless you change policy in the chat shield control.

For encryption and technical safeguards, see Encryption at rest.

Programmatic access (API Access)

When you call API Access from your own software:

Your application ──HTTPS──► Steinkauz /v1 ──► Your configured AI providers
  • Authentication uses a Steinkauz API key (Bearer token) created in Settings → API Keys.
  • Prompts and completions follow the same provider routing as the web chat and are subject to your provider and security classification settings.
  • Retention for API traffic matches web chat message retention unless your plan or settings specify otherwise.
  • See the Privacy Policy for metadata we store about API usage.
Last updated on
Encryption at rest