Legal
Privacy Policy
Last updated: May 2026
Our commitment in plain English
- ✓ We do not sell your data. Ever.
- ✓ Your API keys are AES-256 encrypted — never stored in plaintext.
- ✓ We do not use your prompts to train AI models.
- ✓ You can delete all your data at any time from the Dashboard.
Who operates this service
LLM Council (llmcouncil.online) is operated by Kirthi Sagar. For any privacy-related queries, contact privacy@llmcouncil.online.
Information we collect
When you create an account, we collect your email address and authentication data via Clerk (our identity provider). When you use LLM Council, we store your council configurations, session questions, and model responses in Supabase. We do not store your API keys in plaintext — they are AES-256 encrypted (Fernet) before being written to the database.
How we use your information
We use your information solely to operate the LLM Council service: running council sessions, persisting your history, and managing your account. We do not sell your data, use it for advertising, or share it with third parties except as required to operate the service (Clerk for authentication, Supabase for storage, and your chosen LLM provider for model calls).
API keys and credential security
API keys you add in Settings are encrypted with AES-256 (Fernet symmetric encryption) before storage. The plaintext key is never logged, never written to application logs, and never retained outside the encrypted database column. Keys are decrypted in server memory only at the moment a council session is executed, and are immediately discarded after that request completes. We do not forward your keys to any party other than the LLM provider you have explicitly selected.
Session and prompt data
Your council questions and model responses are stored to enable session history, exports, and follow-up questions. This data is protected by Supabase row-level security, meaning your data is never accessible to other users. You can delete any council and all its sessions from the Dashboard at any time.
Third-party processors
We use the following sub-processors to deliver the service: Clerk (authentication — SOC 2 Type II certified), Supabase (database storage — encryption at rest), DigitalOcean (hosting infrastructure), and your chosen LLM gateway (OpenRouter, Portkey, Helicone, etc.) for model inference.
Cookies and tracking
We use session cookies issued by Clerk for authentication. We do not use third-party analytics trackers, advertising cookies, or behavioural profiling tools.
Data retention and deletion
Your data is retained for as long as your account is active. If you delete your account, all associated data — including encrypted API keys, council sessions, and model responses — is permanently deleted from our systems within 30 days.
Your rights
You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email privacy@llmcouncil.online or delete your data directly from within the product. We will respond to all requests within 30 days.
Changes to this policy
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "last updated" date above. Continued use of the service after changes constitutes acceptance of the revised policy.
Contact
For privacy-related requests, email us at privacy@llmcouncil.online.