Legal ยท Section

Privacy policy

Last updated: April 9, 2026

This Privacy Policy describes how Parallax, operated by Three Sons LLC ("we," "us," or "our"), collects, uses, stores, and protects your personal information when you use Parallax ("the Service"). We are committed to protecting your privacy and being transparent about our data practices.

1. Data we collect

1.1 Account information

Email address, name (if provided), subscription tier, and payment information processed through Stripe. We do not store credit card numbers directly.

1.2 Conversation data

Your queries, AI responses, and conversation history are stored in your account to enable conversation continuity. You may delete this data at any time.

1.3 Usage data

Session counts, mode usage (Riff, Debate, Build), and feature usage for enforcing subscription limits and improving the service.

1.4 API keys (BYOK users only)

If you provide your own API keys, they are encrypted using AES-256 with unique IV and auth tags per key. Encrypted keys are stored in our database. We never see, log, or have access to your decrypted API keys after storage.

1.5 Information collected automatically

  • Log data: IP address, browser type, operating system, timestamps, pages visited, error codes
  • Device information: Screen resolution, device type, language preferences
  • Error and performance data: We use Sentry for error tracking, which may collect error messages, stack traces, browser information, and device data when errors occur. We use Vercel Analytics for understanding website traffic patterns.

1.6 Information we do not collect

  • Full payment card details (Stripe handles all payment data)
  • Plaintext API keys (encrypted before storage, never logged)
  • Biometric data, health information, or other sensitive personal categories
  • Data from anyone under 18

2. How we process your queries

When you submit a query, it is routed through Vercel's AI Gateway with Zero Data Retention enabled to one or more third-party AI model providers (which may include Anthropic, OpenAI, Google, xAI, and Mistral, depending on your configuration).

Under Zero Data Retention, your inputs and AI outputs are not stored at rest by any AI provider after the response is returned. Providers may briefly process data through safety and abuse detection systems as required by their terms of service, but do not retain inputs or outputs at rest.

In Vercel's own words: "User data is immediately and permanently deleted after requests are completed."

Parallax does not intentionally send your name, email, or account profile to AI providers as part of normal inference requests. Providers receive requests through Parallax rather than your profile, though required request metadata may still be processed to operate the service.

3. How we use your information

  • Provide, operate, and maintain the Service
  • Process payments and manage your subscription
  • Execute AI API calls on your behalf using managed API access or your encrypted API keys
  • Store your session history so you can revisit past conversations
  • Send transactional emails (account confirmation, billing receipts, security alerts)
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the Service based on aggregate, anonymized usage patterns
  • Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data to train AI models.

4. Third-party services

Parallax uses the following third-party services to provide the platform:

ServicePurposeData shared
VercelHosting and AI Gateway (with Zero Data Retention)Log data, request metadata, page views
SupabaseDatabase and authenticationAccount data, encrypted API keys, session history
StripePayment processingBilling information, subscription status
SentryError trackingError data, browser info, device data
E2BSandboxed code executionGenerated code (Build mode only)
Anthropic (Claude)*AI model inferencePrompts and responses (Zero Data Retention)
OpenAI (GPT)*AI model inferencePrompts and responses (Zero Data Retention)
Google (Gemini)*AI model inferencePrompts and responses (Zero Data Retention)
xAI (Grok)*AI model inferencePrompts and responses (Zero Data Retention)
Mistral*AI model inferencePrompts and responses (Zero Data Retention)

* All AI providers are accessed via Vercel AI Gateway with Zero Data Retention. For managed subscription tiers, providers are accessed using our API keys. For BYOK users, providers are accessed using your API keys. Each service operates under its own privacy policy and terms of service. Parallax selects these providers for their security practices and data handling policies.

5. Data storage and security

5.1 Encryption

  • All data encrypted in transit via TLS 1.2+
  • All data encrypted at rest
  • API keys (BYOK) encrypted at the application level using AES-256-GCM before database storage, with encryption keys stored separately

5.2 Access controls

  • Row-level security (RLS) ensures users can only access their own data
  • Server-side API keys are stored as environment variables, never in code
  • Principle of least privilege for all infrastructure access

5.3 Limitations

No method of electronic transmission or storage is 100% secure. While we employ commercially reasonable measures to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and third-party API keys.

6. Data retention and deletion

  • Conversation history: Stored until you delete it. You can delete individual conversations or all conversations from your dashboard at any time.
  • Account data: Retained while your account is active. If you delete your account, all associated data is permanently deleted within 30 days.
  • Payment data: Processed and stored by Stripe under their privacy policy. We do not store payment card details.
  • AI query data: On supported zero-retention routes, prompts and outputs are not retained by providers after the response completes.
  • Usage logs: Aggregated, non-identifying usage statistics may be retained for service improvement. These contain no query content or personal information.
  • Billing records: Retained for 7 years as required by tax and financial regulations.
  • Log data: Retained for up to 90 days.
  • Support correspondence: Retained for up to 3 years.

7. Cookies

We use the following types of cookies:

  • Strictly necessary: Authentication tokens, session management, security. These cannot be disabled.
  • Functional: User preferences (theme, custom instructions, selected models). Stored in localStorage.

We do not use advertising or marketing cookies. We do not engage in cross-site tracking.

You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent the Service from functioning.

8. Your rights

You may at any time:

  • Delete any or all conversations from your dashboard
  • Delete your account and all associated data
  • Export your conversation history
  • Update your email or account information
  • Cancel your subscription

To exercise any of these rights or for questions about your data, contact support.parallaxai@gmail.com.

8.1 European Economic Area, UK, and Swiss residents (GDPR)

In addition to the rights above, you have the right to:

  • Restrict or object to processing of your personal data
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority
  • Not be subject to automated decision-making or profiling

8.2 California residents (CCPA/CPRA)

In addition to the rights above, you have the right to:

  • Know what personal information is collected, used, and disclosed
  • Opt out of the sale or sharing of personal information
  • Non-discrimination for exercising your privacy rights
  • Limit use of sensitive personal information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

9. International data transfers

Your data is primarily stored and processed in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA/UK, where applicable.

10. Children's privacy

The Service is restricted to individuals aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a person under 18 has provided us with personal information, please contact us at support.parallaxai@gmail.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days in advance via email and/or in-app notification. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

For questions, concerns, or requests related to this Privacy Policy or your personal data:

  • Company: Three Sons LLC
  • Email: support.parallaxai@gmail.com
  • Website: parallaxai.net
  • Response time: Within 30 calendar days