← phewsh.com

Privacy Policy

Last updated: March 25, 2026

What we collect

• Account info: Email, display name, and avatar from Google/GitHub OAuth. We don't store passwords.
• Project data: Your intent artifacts (vision, plan, next), project names, and freeform text — stored in Supabase with row-level security.
• Usage data: Model used, token counts, timestamps for each generation. Used for billing, SAP tracking, and service improvement.
• Payment info: Handled entirely by Stripe. We never see or store card numbers.

What we don't collect

• We never access or store your API keys (BYO keys are stored locally in your browser).
• We don't sell, share, or monetize your data.
• We don't use your content to train AI models.

How we use your data

• To provide the service: sync projects, generate artifacts, track credits.
• To track AI usage via SAP (Sustainable AI Protocol): model, tokens, estimated energy/carbon per generation.
• To improve the product based on aggregate usage patterns (never individual content).

Data storage

All data is stored in Supabase (hosted on AWS). Row-level security ensures you can only access your own data. Projects and artifacts are encrypted in transit (TLS) and at rest.

Third parties

• Supabase: Database, auth, edge functions.
• Stripe: Payment processing.
• OpenRouter: AI model routing (only when using PHEWSH credits, not BYO keys).
• Google/GitHub: OAuth sign-in only.

Your rights

• You can export your data at any time (download artifacts as markdown).
• You can delete your account and all associated data by contacting hello@phewsh.com.
• You can use the service without an account (local-only mode).

Cookies

We use Supabase auth cookies for session management. No tracking cookies, no analytics scripts, no ad networks.

Changes

We'll update this page if anything changes. Material changes will be communicated via the app.

Contact

Questions? Email hello@recipeflower.com