Privacy Policy

Last updated: 2026-05-10

This policy explains what personal data vtube.chat (the “Service”) collects, why, and what rights you have over it. Operator: Matt Pruitt (matt@pruitt.life).

What we collect

  • Account data: email address, display name (optional), argon2id-hashed password, account creation/last-seen timestamps, tier, role.
  • OAuth profile (if used): Google account ID, email, name. We don't receive your Google password or persistent token.
  • Conversation content: messages you send and replies received. Encrypted at rest with AES-256-GCM under our master key.
  • Image attachments (if uploaded): stored on our server and referenced from the conversation that uploaded them.
  • Voice clips (if used): transient — sent to the STT provider for transcription, transcript stored in the conversation, audio bytes not persisted.
  • Usage counters: per-day rollups (chat turns, TTS characters, STT seconds) for tier-cap enforcement.
  • Session metadata: approximate IP, user agent, session timestamps for security audit.
  • Payment data (paid users): handled by Stripe; we store only your Stripe customer ID and the subscription status we receive from their webhooks. We never see your card number.

Why we use it

  • To run the Service (authentication, conversation storage, voice synthesis/recognition, payment processing).
  • To enforce tier caps and detect abuse.
  • To send essential transactional email (verification, 2FA codes, password reset, billing notices).
  • To debug and improve the Service. Logs include request paths and statuses but never decrypted conversation content.

We do not sell your data, and we do not use your conversation content to train AI models. We don't run third-party analytics or advertising trackers.

Who we share it with

Limited to processors strictly required to run the Service:

  • AI providers (Anthropic, OpenAI, Together AI, ElevenLabs) — receive the conversation messages necessary to generate the response you requested. Each provider has their own retention and use policies; review them before sending sensitive data.
  • Stripe — payment processing and subscription management for paid tiers.
  • Google OAuth — only if you choose to sign in with Google.
  • Email relay (Google Workspace SMTP) — for outbound transactional email.
  • Hosting — our backend runs on infrastructure we operate; we do not use a third-party CDN that would proxy your content.

We may disclose data when required by valid legal process. We'll notify you if legally permitted.

Cookies

We use only essential cookies: a session cookie (avatar_session) that keeps you signed in, and Stripe's cookies during checkout. We don't use analytics or advertising cookies and don't set non-essential cookies that would require consent under the EU ePrivacy Directive / UK PECR.

How long we keep it

  • Account + conversation data: until you delete your account.
  • Usage counters: rolling 90-day window (for billing audit).
  • Server logs: 30 days.
  • Backups: up to 35 days.

Your rights

Depending on where you live (GDPR/UK GDPR/CCPA), you have rights to access, correct, export, or delete your personal data, and to object to processing. You can:

  • View core account data on your account page.
  • Delete your account by emailing us (in-app self-serve delete is on our roadmap; until then we honor email requests within 30 days).
  • Cancel paid subscriptions any time without penalty.

To exercise any right, email matt@pruitt.life. EU/UK users may also lodge a complaint with their local data-protection authority.

Children

vtube.chat isn't directed at children under 13 (under 16 in the EEA/UK). We don't knowingly collect data from them. If you believe a child has signed up, please contact us and we'll delete the account.

International transfers

Our processors (Anthropic, OpenAI, Together AI, ElevenLabs, Stripe, Google) are primarily US-based. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

Security

Passwords are hashed with argon2id. Conversation content is encrypted at rest with AES-256-GCM under a master key held outside the database. Sessions use signed, HTTP-only, Secure cookies. TLS-only in transit. We can't read your conversations without the master key.

Changes

Material changes to this policy are announced in-app or by email at least 14 days before they take effect.

Contact

Privacy questions or rights requests: matt@pruitt.life.