Last updated: May 11, 2026
ShadowAI collects the minimum data necessary to operate the Platform: username, email (optional), password hash, tier, token balance, and usage logs. We do not collect government-issued identification, real names, or physical addresses.
We use session cookies to maintain authentication. These are cleared on logout or browser close. No third-party tracking cookies are used.
All data is stored on encrypted servers. Wallet addresses and API keys are encrypted at rest using AES-256-CBC. Passwords are hashed with bcrypt.
We do not sell, trade, or share user data with third parties. AI requests are routed through OpenRouter and Venice AI; only the prompt text is transmitted. No personally identifiable metadata is sent.
Usage logs are retained for 90 days for billing and fraud prevention. Account data is retained until the account is deleted by the user or administrator.
You may request account deletion at any time via the Support page. Deletion purges all personal data, usage logs, and session history from active databases within 24 hours.