Privacy Policy

Overview

Council is a multi-provider LLM conversation manager. This policy covers both the Council web application (council-app-production.up.railway.app) and the Council Chrome extension, which together let you sync and manage conversations across ChatGPT, Claude, Gemini, and other LLM providers.

We designed Council around the principle that your data belongs to you. We collect only what is needed to operate the service, we do not sell or share your data with third parties, and you can delete everything at any time.

What we collect

Account data. When you register, we store your email address, a hashed password, your display name, and account metadata (creation date, plan, preferences).

Conversation data synced from your LLM providers. If you install the Council Chrome extension and authorize it, the extension reads conversation content from pages you are actively logged into on chatgpt.com, claude.ai, and gemini.google.com. This includes the conversation title, messages (both yours and the model's), timestamps, and associated metadata (model used, attachments, image references). This data is sent to the Council server and stored in your Council account.

Provider session context. To read your conversation history, the extension accesses provider-specific session state in your browser (auth tokens, API cookies on the provider's own domain). These tokens are used only to request your own data from the provider, are stored encrypted on the Council server, and are never shared with any third party.

Provider API keys (optional). If you choose to chat through Council (rather than only viewing synced conversations), you may add your own API keys for OpenAI, Anthropic, Google, or Perplexity in Settings. These keys are stored encrypted on the Council server and used only to relay your requests to the respective provider.

Uploaded content. Files you upload (profile attachments, images, documents) are stored on Council's object storage (Cloudflare R2) and associated with your account.

Usage analytics. We use PostHog to collect anonymized product analytics (page views, feature usage, error events). Analytics events do not include the content of your conversations, prompts, or API responses.

Operational logs. Server logs may briefly include request metadata (timestamps, IP address, user agent, endpoint) for debugging and abuse prevention. Logs are retained for 30 days.

How we use your data

• To operate the Council service: store and display your synced conversations, chains, profiles, and artifacts.
• To relay your messages to LLM providers when you chat through Council.
• To authenticate you and protect your account.
• To improve the product using anonymized, aggregate usage analytics.
• To communicate essential service updates, security notices, and (rarely) product announcements.

How data is stored

Council data is stored in a PostgreSQL database hosted on Railway (United States region). File uploads are stored on Cloudflare R2. All data in transit is protected with HTTPS/TLS. Passwords are hashed with bcrypt. Provider tokens and API keys are encrypted at the application layer (AES-256-GCM) before being written to the database.

Data at rest is not end-to-end encrypted. As the operator of Council, Brian Collard (the developer) has administrative database access and can technically view stored data. We do not review user data except when strictly necessary for debugging a specific issue you have reported, complying with a legal process, or investigating suspected abuse.

How data is shared

We do not sell your data. We do not share your conversation data with any third party for advertising, model training, or any other purpose.

When you use Council, your requests may be transmitted to the following service providers:

• LLM providers (OpenAI, Anthropic, Google, Perplexity) — only when you explicitly send a message or trigger a request to that provider. Your API keys and prompts are sent directly to the provider you select.
• Infrastructure providers (Railway for hosting, Cloudflare for storage and CDN) — receive encrypted data in the course of operating the service.
• Stripe — receives billing information if you subscribe to a paid plan. We do not store your full payment card details.
• PostHog — receives anonymized usage events. Does not receive conversation content.
• Sentry — receives error reports that may include stack traces. Scrubbed of message content.

We do not use your data to train machine learning models, and we do not send your data to any LLM provider except the one you explicitly selected for a given request.

The Chrome extension specifically

The Council Chrome extension operates only on chatgpt.com, claude.ai, and gemini.google.com. It reads the conversation content visible to you on those pages and transmits it to your Council account on the Council server.

The extension does not read data from any other website. It does not inject ads, modify page content, or track your browsing history. It does not communicate with any server other than the Council API.

You can disable or uninstall the extension at any time through Chrome's extension settings. You can disconnect a specific provider in Council via Settings → Connections, which immediately stops future syncs for that provider.

Your rights and controls

• Export. You can export all of your Council data at any time from Settings → Account → Export.
• Delete. You can delete individual conversations, profiles, artifacts, chains, or uploaded files at any time. You can delete your entire account from Settings → Account → Delete Account. Account deletion removes all your data from Council's database and object storage. Deleting your Council account does not affect the original conversations on ChatGPT, Claude, or Gemini.
• Disconnect. You can disconnect any provider or revoke any API key at any time in Settings.
• Access and correction. You can view and edit your account information in Settings. For any other data access or correction request, email us at the address below.

Data retention

Account data, conversations, and uploaded content are retained for as long as your account is active. When you delete your account, all associated data is removed from our production database immediately and from backups within 30 days. Server logs are retained for 30 days.

Children

Council is not directed at children under 13 and we do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be announced via email or in-product notification. The “Last updated” date at the top of this page will always reflect the most recent revision.

Contact

For privacy questions, data access or deletion requests, or any other concern, contact: collardb@gmail.com