Privacy Policy

Effective 2026-04-22.

1. Scope

AI Co-Thinkers is a diagnostic thinking tool for SME business owners operated by Jai Parimi. This policy covers the public free tier at kickstartidea.com.

About our specialists

The advisors you meet in a session — Priya, Kabir, and the others — are AI characters with consistent personas. They are not human consultants and do not represent any real-world person. The conversation, reasoning, and advice are generated by AI language models calibrated on the methodology a senior advisor in each field would use. The AI-character framing makes sessions feel more substantive than a generic chatbot, but you should always pair our output with a qualified human (accountant, employment lawyer, therapist, financial advisor) for decisions that carry financial, legal, tax, or HR stakes.

2. What we collect

• Session content: your conversation with our AI specialists. Required for the product to work.
• Technical data: IP address, user-agent, timestamps. Used for rate limiting, security auditing, and debugging.
• Optional email: collected only when you opt in at the end of a session to save your personal access link.
• Feedback: optional thumbs-up/down + comments at session end. Only persisted if you tick "Share this conversation."

3. What we don't collect

No accounts, no tracking cookies, no third-party analytics, no ad networks.

4. How we use it

• Delivering your session (the AI needs your messages to respond).
• Improving specialist quality (reviewing shared transcripts to spot prompt regressions; opt-in only).
• Security and abuse prevention (rate limits, audit logs).
• Responding if you reach out (jai@kickstartidea.com).

5. Third parties

• Anthropic (Claude API): your conversation text is sent to Anthropic for processing. See anthropic.com/legal/privacy.
• Cloudflare Turnstile (captcha): signup form only. IP + captcha token sent to challenges.cloudflare.com.
• Resend (transactional email): only the recipient email address + access link, when you opt in to email your link.
• Render (hosting): our infrastructure provider.

No other third parties.

6. Data retention

• Session transcripts: retained 90 days by default for operational debugging; auto-pruned after that. Deletable on request before the 90-day cutoff.
• Audit logs: rotated audit files older than 30 days are auto-deleted by a daily retention sweep. The active (un-rotated) audit file is retained for compliance / abuse investigation. Operators can override via the AUDIT_RETAIN_DAYS deployment setting.
• Feedback records: rotated feedback files older than 90 days are auto-deleted by the same daily sweep. The active feedback file is retained until you request deletion. Operators can override via FEEDBACK_RETAIN_DAYS.
• Email: retained until you request deletion.

7. Your rights

Email jai@kickstartidea.com to:

• Request a copy of data associated with your session or email.
• Request deletion of your session, feedback, or email record.
• Ask questions about this policy.

We respond within 72 hours.

8. Security

• HTTPS everywhere (TLS terminated at Render).
• Bearer tokens (not passwords) for tenant auth.
• No payment data collected.
• See SECURITY.md on our GitHub repo for our full threat model.

9. Children

Not intended for users under 16. We do not knowingly collect data from minors.

10. Changes

Material changes bump the policy version (see footer). The next time you start a session, you'll be asked to acknowledge the new version.

11. Contact

jai@kickstartidea.com | https://github.com/parimisankar/ai-co-thinker