Information We Collect
We collect account details, usage data, and content you upload or generate in order to provide and improve UtilityAI features.
How We Use Information
We use your data to operate the service, personalize outputs, secure the platform, and support troubleshooting.
Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the UtilityAI service you signed up for, including account management, AI agent execution, and content generation.
- Legitimate interests: Processing for security monitoring, fraud prevention, service improvement, and troubleshooting, where these interests are not overridden by your rights.
- Consent: Where you opt-in to analytics cookies or optional data processing via our cookie consent banner. You may withdraw consent at any time by clearing your browser storage and revisiting the site.
- Legal obligation: Processing required to comply with applicable laws, regulations, or lawful government requests.
Cookie Usage
UtilityAI uses cookies and similar technologies. Below is a detailed breakdown:
Strictly Necessary Cookies
These cookies are essential for the service to function and cannot be disabled.
- Supabase authentication cookies (e.g.,
sb-*-auth-token): Used to maintain your authenticated session. These are httpOnly, secure cookies set by the Supabase SSR library. Expiry: session duration (typically 1 hour, refreshed automatically). - Theme preference: Stored via
localStorage to remember your light/dark mode selection. Not transmitted to servers.
Optional Cookies
- Analytics cookies: If you consent via our cookie banner, we may use analytics to understand usage patterns and improve the service. These are only set after explicit user consent.
Cookie Consent
When you first visit UtilityAI, a cookie consent banner is presented. Your consent choice is stored locally (in localStorage) and includes a timestamp. You can reset your preferences at any time by clearing your browser's local storage and revisiting the site, which will re-display the consent banner.
Third-Party AI Services
UtilityAI integrates with the following third-party AI providers to power its agent features. When you interact with AI agents, the prompts and inputs you provide may be sent to these services for processing:
- Groq (Groq, Inc.) — Used for high-speed large language model inference. Your prompts are sent to Groq's API for processing. Groq's servers are located in the United States. Groq does not use customer data for model training. See: Groq Privacy Policy.
- Perplexity (Perplexity AI, Inc.) — Used for deep research and web-augmented AI responses. Query content is sent to Perplexity's API. Perplexity's servers are located in the United States. See: Perplexity Privacy Policy.
- Google (Google LLC — Gemini API) — Used for AI agent processing via the Gemini language model. Prompt data is sent to Google's API endpoints. Google's servers may process data globally. See: Google Privacy Policy.
- BytePlus (BytePlus Pte. Ltd.) — Used for supplementary AI capabilities. Data sent to BytePlus may be processed in Singapore or other regions. See: BytePlus Privacy Policy.
We only send the minimum data necessary (your prompt/input) to these services. We do not send your email address, password, or account metadata to AI providers.
International Data Transfers
Some of the third-party AI services listed above process data outside the European Economic Area (EEA), primarily in the United States and Singapore. Where personal data is transferred outside the EEA, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable and available from the provider.
- Adequacy decisions by the European Commission for the recipient country, where available.
- EU-U.S. Data Privacy Framework certification of the recipient, where applicable (e.g., Google LLC).
Supabase (our authentication and database provider) stores data in data centers selected during project setup, and supports EU-hosted instances. Our primary Supabase instance processes authentication and user data.
Data Sharing
We do not sell personal data. We only share information with trusted service providers required to operate UtilityAI, specifically the AI providers listed above and our infrastructure provider (Supabase for authentication and database, Vercel for hosting).
Data Retention
We retain your data for the following specific periods:
- Account data (email, profile): Retained for the duration of your account. Deleted within 30 days of account deletion request.
- AI session history & generated content: Retained for 90 days from creation, after which it is automatically purged unless you explicitly save it.
- Audit logs (security events, login attempts): Retained for 12 months for security and compliance purposes.
- Server & application logs: Retained for 30 days for debugging and reliability purposes.
- Payment records (if applicable): Retained for 7 years to comply with financial record-keeping regulations.
Third-party AI providers may have their own retention policies for data processed through their APIs. Please consult their respective privacy policies linked above.
Your Rights
Under the GDPR and applicable privacy laws, you have the following rights:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure: Request deletion of your personal data via the account settings or by contacting support. We will process deletion requests within 30 days.
- Right to data portability: Request an export of your data in a machine-readable format (JSON) via the account settings or by contacting support.
- Right to restrict processing: Request that we limit how we use your data.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time.
To exercise any of these rights, use the self-service options in your account settings or contact support. We will respond to requests within 30 days.
Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at the support channels provided within the UtilityAI platform.