Privacy Policy
This Privacy Policy describes how BizTransit Sdn Bhd, operating as AI Supreme Council ("we", "us", "our"), collects, uses, and protects information when you use our services.
Our Privacy Commitment: Our zero-server architecture means we never see, store, or have access to your conversations or API keys. Your data stays on your device.
1. Information We Collect
1.1 Information You Provide
- Account information: When you sign in via OAuth, we receive your name, email, and profile picture from the identity provider. We do not receive or store your password from any provider.
- API keys: Stored exclusively in your browser's localStorage. We never transmit, collect, process, or store your API keys.
- Conversations and bot configurations: All chat messages, bot configurations, system prompts, and session data are stored locally in your browser using IndexedDB and localStorage.
1.2 Information Collected Automatically
- Geo-location (country level): Country code for pricing tier purposes. Stored as a short-lived cookie (
spr-country, 24-hour expiry). - Standard web server logs: Vercel may log IP addresses, browser type, and request timestamps as part of standard CDN operations.
1.3 Information We Do Not Collect
- No analytics services (Google Analytics, Mixpanel, Amplitude)
- No tracking pixels or advertising beacons
- No cross-site tracking cookies
- We never see your conversations with AI models
- No device identifiers, fingerprints, or persistent tracking IDs
2. Zero-Server Architecture
- All data stays in your browser: Your conversations, API keys, bot configurations, and settings are stored using IndexedDB and localStorage.
- We never see your conversations: Your messages go directly from your browser to each AI provider's API.
- We never see your API keys: Your API keys are stored in localStorage and sent directly to AI providers.
- No backend databases: We do not have databases that store your personal information, conversations, or API keys.
3. Your API Keys and Third-Party Providers
- Storage: Stored in localStorage. We never have access.
- Transmission: Direct browser → provider API.
- Provider policies apply: Each AI provider has its own privacy policy. Review them before use.
4. Multi-Provider OAuth Authentication
| Provider | Data Received |
|---|---|
| Name, email, profile picture, Google user ID | |
| Apple | Name (first sign-in only), email, Apple user ID |
| GitHub | Username, email, avatar URL, GitHub user ID |
| Name, email, profile picture, Facebook user ID | |
| Nickname, avatar URL, WeChat OpenID/UnionID |
5. How We Use Your Information
- Account management: create and maintain your account
- Service delivery: serve correct pricing tier
- Communications: respond to inquiries
- Security: detect and prevent abuse
6. Data Storage and Security
- All user-generated content stored in browser IndexedDB/localStorage
- JWT session tokens, 24-hour expiry
- HTTPS/TLS encryption
- Hosted on Vercel (DDoS protection, WAF)
- Payment via Stripe and PayPal (PCI DSS compliant)
7. Data Sharing
We do not sell, rent, or trade your personal information.
8. Cookies and Local Storage
spr-geo-tier: Geo pricing tier (24-hour expiry)spr-country: Country code (24-hour expiry)
9. Your Rights
- Access: All your data is in your browser. Use Export.
- Deletion: Clear browser data or use app settings.
- Portability: Export as JSON from Settings.
- Account deletion: Email privacy@sprapp.com.
10. Children's Privacy
The Service is not directed to children under 13.
11. International Data Transfers
BizTransit Sdn Bhd is based in Malaysia.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the Service.
Contact
Privacy Officer
BizTransit Sdn Bhd
Level 28, Lingkaran Syed Putra
Mid Valley City, Kuala Lumpur 59200, Malaysia
Email: privacy@sprapp.com