Privacy Policy

1. Who We Are

Thurin ("Thurin," "we," "us," or "our") operates the website thurin.ai and the application at app.thurin.ai. We provide private AI infrastructure — your prompts are processed by open-source large language models running on dedicated GPU infrastructure. No third-party AI provider ever sees your data.

For questions about this policy, contact us at [email protected].

2. What Data We Collect

Account Information

• Email address (required to create an account)
• Password (stored as a bcrypt hash — we cannot read it)
• Display name (optional)

Chat and Usage Data

• Conversation history (prompts and model responses) — stored server-side so your history persists across sessions
• Model preferences and UI settings
• Compute usage (token counts, session duration) — used for billing
• Invite/beta access code used at signup

Payment Data

• Billing details (name, billing address) — collected and held by Stripe, our payment processor
• We store only a Stripe customer ID and subscription status — we never see or store full card numbers

Technical Data Collected Automatically

• IP address and approximate geographic region
• Browser type and operating system
• Timestamps of authentication events
• HTTP request logs retained for up to 30 days for security and abuse detection

We do not use cookies for tracking. We do not run third-party analytics (no Google Analytics, no Meta Pixel, no similar services). We do not use advertising networks.

3. How We Use Your Data

• To provide the service — process your AI requests, maintain your conversation history, authenticate your account
• To bill you — calculate compute usage, charge via Stripe, send receipts
• To secure the service — detect abuse, investigate security incidents, enforce our Terms of Service
• To communicate with you — service notices, billing alerts, material changes to this policy

We do not use your conversation data to train AI models. We do not profile you for advertising. We do not sell or rent your personal data to any third party.

4. Your AI Conversations — How They Are Processed

When you send a message through Thurin:

• Your prompt travels encrypted (TLS) from your browser to our servers
• It is routed to a GPU worker running an open-source model (currently Qwen2.5 series) on RunPod's serverless infrastructure
• The GPU worker processes your request and returns the response
• Your prompt and the response are stored in our database (SQLite, server-side) so your conversation history is available to you

What does NOT happen: Your prompts are never forwarded to OpenAI, Anthropic, Google, or any other third-party AI provider. The models running on Thurin infrastructure are open-source weights that we operate ourselves. No AI company receives your data.

RunPod (our GPU infrastructure provider) processes compute jobs but does not retain the content of your requests beyond job execution. See RunPod's Privacy Policy.

5. Third-Party Service Providers

We share data only with service providers necessary to operate Thurin:

• Stripe — payment processing. Stripe receives your billing information and transaction data. See Stripe's Privacy Policy. Stripe may set cookies for fraud prevention; these are Stripe's cookies, not ours.
• Cloudflare — CDN, DNS, and secure tunnel service. Cloudflare sees network traffic (IP addresses, request metadata) as part of routing and DDoS protection. See Cloudflare's Privacy Policy.
• RunPod — GPU compute infrastructure for AI inference. Receives compute jobs (your prompts) only for the duration of processing. See RunPod's Privacy Policy.

No other third parties receive your personal data. We do not use data brokers, ad networks, or marketing platforms.

6. Data Retention

• Account data — retained while your account is active and for 30 days after deletion
• Conversation history — retained until you delete it or close your account
• Billing records — retained for 7 years as required by US tax law
• Server logs — rotated and deleted after 30 days

You can delete individual conversations at any time from within the app. To delete your account and all associated data, email [email protected].

7. Your Rights

Regardless of where you are located, you have the following rights with respect to your personal data:

• Access — request a copy of the data we hold about you
• Correction — update inaccurate information (most fields editable in-app)
• Deletion — request deletion of your account and personal data
• Portability — request an export of your conversation history in JSON format
• Objection — object to any processing not required to provide the service

California residents: Under the CCPA, you additionally have the right to know whether we sell your data (we do not), and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Security

• All data in transit is encrypted via TLS 1.2+
• Passwords are hashed with bcrypt before storage
• Database access is restricted to application services only
• Infrastructure access requires strong authentication

No system is perfectly secure. If you discover a security vulnerability, please report it to [email protected].

9. Children

Thurin is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child under 13 has created an account, contact us at [email protected] and we will delete the account promptly.

10. Changes to This Policy

We will notify you of material changes by email (to the address on your account) at least 14 days before they take effect. The effective date at the top of this page will be updated. Continued use of the service after that date constitutes acceptance of the revised policy.

11. Contact

For privacy questions, data requests, or security reports:

• Email: [email protected]
• Website: thurin.ai