Privacy

Privacy Policy

This page describes what ChatSights actually does with data, written against the source code that runs the product. Where we have no policy, it says so rather than inventing one.

Last updated: 2026-07-17

Who we are

ChatSights is an access layer that fetches raw answers from AI surfaces and returns them to your agent. It does not interpret them.

ChatSights is an independent project operated by an individual developer. It is not a registered company, and there is no legal entity or registered address behind it. Contact is by email only: for anything on this page, write to keronelau@gmail.com.

The service is a data plane. You send a prompt; we ask a managed AI-scraper provider to run it against surfaces such as ChatGPT, Perplexity, Gemini, Google AI Overview, Google AI Mode and Copilot; we return the answer text, citations and provider metadata. Rankings, sentiment and reporting happen in your own agent, not on our servers.

We are not affiliated with, endorsed by, or partnered with OpenAI, Google, Microsoft, Perplexity or Anthropic. Their names and logos appear on this site for one of two reasons, both nominative: to identify which public AI surface a record came from (ChatGPT, Perplexity, Gemini, Google AI Overview, Google AI Mode, Copilot), or to name a developer tool ChatSights plugs into over MCP (Claude Code, Cursor, Codex). Anthropic is in the second group only — Claude is not a surface we fetch from, and no record ever comes from it.

Your account identity

Clerk holds your identity. Our database holds one opaque identifier derived from it.

Sign-in is handled by Clerk, using either an email address and password or “Continue with Google”. When you use Google sign-in, Google returns your basic profile (such as your email address and name) to Clerk. Clerk is the system of record for that identity — your email address, your password credential, and your OAuth profile live in Clerk, not in our database.

Our API receives a signed Clerk session token, verifies it against Clerk’s public keys, and reads exactly one claim from it: sub, your Clerk user ID. Your workspace is then keyed as user_<sub>. That derived string is the only piece of your identity stored in our database — every row you own is tagged with it. We do not copy your email address, name or profile picture into our own storage.

Because Clerk holds your identity, Clerk’s own privacy practices apply to it in addition to this policy.

Your queries leave our system

This is the most important disclosure on this page. Read it before you send anything sensitive.

The prompt text you submit is sent to Bright Data. To fetch an AI answer we make a server-to-server request to Bright Data’s dataset API (api.brightdata.com), and your prompt travels with it. Bright Data is a third-party company we do not control, with its own privacy terms. Do not put anything in a query that you are not willing to hand to a third-party vendor.

Each provider request carries four fields, and a fifth only for ChatGPT. This is the whole of it:

  • prompt — your query text, verbatim
  • url — the AI surface to run it against
  • country and language — the locale you selected
  • web_search — only for ChatGPT, and only when you set it

Nothing that identifies you accompanies that request. We do not send your Clerk user ID, your workspace ID, your email address, your API key or your IP address to Bright Data. The request authenticates as ChatSights, using our own provider credential. From Bright Data’s side, the prompt is not attributed to you by us — but a prompt can of course identify you by its own content, which is why the warning above matters.

Bright Data returns the answer text and citations. We normalize that response into a stable record shape and store it (see below). We do not analyse, score, or train on it.

What we store

Everything below lives in a Cloudflare D1 database, tagged with your workspace ID. This list is the complete set of tables.

TableWhat is in it
runsThe full record of every fetch: your query text, the surfaces, country and language, run status, records delivered and credits charged — plus each answer returned, including the answer text, its citations (title, URL, position), fetch timestamp, latency, the provider's record ID, and a small set of provider fields (url, prompt, model, web_search_triggered, prompt_sent_at). Note that the provider echoes your prompt back, so it is stored here twice.
schedulesRecurring fetches you create: name, query text, surfaces, country, language, cadence, delivery method, status, and last/next run timestamps.
saved_queriesQueries you save for reuse: name, query text, your tags, and last-run timestamp.
api_keysOne row per key you mint: its ID, the name you gave it, a masked prefix, a SHA-256 hash of the key, its scope, its monthly credit budget, and created/last-used/revoked timestamps. The key itself is not stored — see below.
usage_eventsThe billing ledger: one row per run, carrying the run ID, the query text again, the surface count, records delivered, credits charged, whether the run was live or demo, and the timestamp.
workspace_settingsYour workspace name, default country, webhook URL, webhook signing secret, spend-cap settings, plan, and short-lived internal counters used to enforce spend caps.
webhook_deliveriesA log of outbound webhook attempts: the event name, your destination URL, the related run/schedule, delivery status, attempt count, and the last error message.

The site and the API run on Cloudflare (Workers, D1 and Cloudflare’s edge network). As our hosting and network provider, Cloudflare handles the connection data any web host handles, such as IP addresses and request metadata, under its own terms. We have Cloudflare Workers observability enabled, so our API’s operational logs are retained in Cloudflare. Those logs record identifiers (such as schedule IDs) and error messages; we do not write query or answer text to them deliberately, though we cannot promise an error message never contains a fragment of a request.

This site runs no analytics, advertising, or third-party tracking scripts. There is no Google Analytics, no ad pixel, no session recorder, and no behavioural profiling. We do not sell data, and we do not share it with anyone beyond the sub-processors named on this page.

Retention — we have no automatic deletion

Stated plainly, because it is a real limitation and not a feature.

ChatSights has no retention policy implemented in code. Nothing expires run history, usage events or webhook delivery logs. There is no scheduled purge and no retention window. Your runs — including full answer text — are kept indefinitely until they are deleted, and today the only way that happens is that you ask us and we delete them by hand.

What you can delete yourself, today, from the console or the API:

  • Schedules and saved queries — deleted outright, row removed.
  • API keysrevoked, not deleted. The key stops working immediately, but the row (its name, masked prefix and hash) stays in the table.

Run history and usage events have no delete endpoint. To have them removed, email keronelau@gmail.com. We would rather tell you this than describe a retention schedule we have not built.

API keys

The plaintext key is shown once and is not recoverable from our database.

When you create an API key we generate it, return the plaintext value to you exactly once, and store only a SHA-256 hash of it alongside a masked prefix (for example cs_live_9f2…8c1d) so you can tell your keys apart. We cannot show you the key again, and we cannot recover it — if you lose it, revoke it and mint a new one.

Authenticating with a key means we hash the presented token and look for a matching, unrevoked row. We also stamp a last-used timestamp on the key each time it is used.

Webhooks

If you configure a webhook, you are asking us to send your data somewhere.

Setting a webhook URL in your workspace settings tells us to POST the complete run envelope — including the query and the full answer text — to that URL when a scheduled run finishes. Each request is signed with HMAC-SHA256 using your workspace signing secret so your receiver can verify it came from us, and delivery is attempted up to three times — an immediate POST, then two retries with a short backoff.

You choose the destination, so you own what happens to the data once it arrives. We log one row per delivery in the webhook_deliveries table, written after the last attempt: the destination URL, the final outcome, how many attempts it took, and the last error if it never got through. We do not log a row per attempt, and the row does not contain the payload.

Cookies and local storage

Two things, both functional. No tracking cookies of any kind.

  • Clerk session cookies. Set by Clerk to keep you signed in. These are required for the console to work. Clerk’s cookie practices apply.
  • Theme preference. Your light/dark choice is stored in your browser’s local storage. It never leaves your browser.
  • Console API key (self-hosted only). The console can hold an API key in local storage under chatsights_api_key. On this hosted service that path is disabled: the console will not read or write that value, and it actively erases any key left there by an earlier version. It exists for people running ChatSights locally, where the key is the only credential.

There are no advertising cookies, no analytics cookies, and no cross-site tracking. That is why you are not being asked to accept a cookie banner.

Sub-processors and other recipients

Every third party that touches your data. The first three we engage and control by contract; the AI surface operators we do not — they receive your prompt because running it against them is the thing you asked for.

RecipientWhat it handles
Bright DataRuns your prompt against AI surfaces and returns the answer. Receives your query text, country and language. Receives nothing that identifies you.
ClerkAuthentication and identity. Holds your email address, credentials and — if you use Google sign-in — the profile Google returns.
CloudflareHosting, edge network, the D1 database, and our API's operational logs. Handles connection data such as IP addresses.
GoogleTwo separate roles. If you choose 'Continue with Google', Google authenticates you and returns your basic profile to Clerk. Separately, if you select Gemini, Google AI Overview or Google AI Mode as a surface, Google operates that surface and receives your prompt text as described above.
OpenAI, Microsoft, PerplexityThe operators of the remaining surfaces (ChatGPT, Copilot, Perplexity). We have no contract or connection with them: Bright Data enters your prompt into the surface you selected, so the operator of that surface receives your prompt text and handles it under its own terms. Only the surfaces you select receive anything.

If we add a sub-processor, this list changes and the “last updated” date at the top moves.

Access, export and deletion

The real process is: email us and it is done by hand. There is no self-serve button, and we will not pretend otherwise.

Email keronelau@gmail.com from the address on your account and tell us what you want:

  • A copy of your data. You can pull most of it yourself through the API, with one catch worth knowing: GET /v1/runs lists your runs but strips the answers out of each one, so it is not a full export. GET /v1/runs/<id> returns a single run complete with its answer text, and GET /v1/usage returns your billing ledger. There is no bulk-export endpoint — for everything at once, email us.
  • Deletion of your workspace data. We delete the rows keyed to your workspace ID by hand. We have not built an automated path for this, and we are not going to quote you an SLA we cannot enforce in code.
  • Deletion of your account identity. That lives in Clerk; tell us and we will remove it there.

Depending on where you live, you may have statutory rights over your personal data — for example to access, correct, export, or erase it, or to object to its processing. Exercise them by emailing us; we will not ask you to justify the request. We have not completed a formal compliance certification of any kind, and this page makes no such claim.

Security issues, product questions and account support go to the same address: keronelau@gmail.com.

Changes to this policy

It changes when the code changes.

This policy describes the system as it exists on the date at the top of the page. When we change what we collect, where it goes, or how long we keep it, we update this page and move that date. If a change materially affects data we already hold about you, we will email the address on your account.

Contact

One address, one human.

Privacy questions, access requests, deletion requests and complaints: keronelau@gmail.com.

ChatSights is an independent project operated by an individual developer, with no registered company or business address. Email is the only contact channel.

Want to see exactly what we return?

The docs spell out every field in every record, including what we store per run.

Read the docs