Privacy Policy
This Privacy Policy describes how BizTransit Sdn Bhd, operating as AI Supreme Council ("we", "us", "our"), collects, uses, and protects information when you use our services at aiscouncil.net and bcz.co (the "Service").
Our Privacy Commitment: We are committed to protecting your privacy. Our zero-server architecture means we never see, store, or have access to your conversations or API keys. Your data stays on your device.
1. Information We Collect
1.1 Information You Provide
- Account information: When you sign in via OAuth (Google, Apple, GitHub, Facebook, or WeChat), we receive your name, email address, and profile picture from the identity provider. We do not receive or store your password from any provider.
- API keys: When you enter API keys for AI providers (Anthropic, OpenAI, xAI, OpenRouter, Google Gemini, Ollama), these are stored exclusively in your browser's localStorage. We never transmit, collect, process, or store your API keys on any server.
- Conversations and bot configurations: All chat messages, bot configurations, system prompts, and session data are stored locally in your browser using IndexedDB and localStorage. This data never leaves your device unless you explicitly share it via a URL.
- Feedback and correspondence: If you contact us via email, we retain the contents of your messages and our responses.
1.2 Information Collected Automatically
- Geo-location (country level): We use Cloudflare's geo-detection to determine your country code for pricing tier purposes. This is a country-level determination only (e.g., "MY" for Malaysia) and is not a precise location. The country code is stored as a short-lived cookie (
ais-country, 24-hour expiry). - Standard web server logs: Cloudflare Pages may log IP addresses, browser type, and request timestamps as part of standard CDN operations. We do not operate separate analytics or tracking systems.
1.3 Information We Do Not Collect
- We do not use analytics services (no Google Analytics, no Mixpanel, no Amplitude).
- We do not use tracking pixels or advertising beacons.
- We do not set cross-site tracking cookies.
- We never see, intercept, read, or store your conversations with AI models.
- We do not collect device identifiers, fingerprints, or persistent tracking IDs.
2. Zero-Server Architecture
This is our most important privacy feature: AI Supreme Council is designed as a zero-server application. This means:
- All data stays in your browser: Your conversations, API keys, bot configurations, and settings are stored using IndexedDB and localStorage—technologies that keep data only on your device.
- We never see your conversations: When you chat with AI models, your messages go directly from your browser to each AI provider's API. Our servers are never in the middle.
- We never see your API keys: Your API keys are stored in your browser's localStorage and are sent directly from your browser to AI providers. We never receive, store, or have access to them.
- No backend databases: We do not have databases that store your personal information, conversations, or API keys.
- Direct connections: Your browser makes direct HTTPS/TLS encrypted connections to AI providers. We act only as a user interface, not as a data intermediary.
3. Your API Keys and Third-Party Providers
Understanding the data flow to AI providers:
- Storage: Your API keys are stored exclusively in your browser's localStorage, encrypted by your browser's security. We never have access to them.
- Transmission: When you use an AI model, your browser sends API requests directly to the provider's API endpoints (e.g., api.anthropic.com, api.openai.com, api.x.ai). We do not route these requests through our servers.
- Provider policies apply: Each AI provider (Anthropic, OpenAI, xAI, Google, OpenRouter, Ollama) has its own privacy policy, terms of service, and data handling practices. Your use of these providers is governed by their policies.
- Your responsibility: By using your own API keys, you are directly engaging with third-party AI services. We are not responsible for how these providers handle your data. We encourage you to review each provider's privacy policy.
- OpenRouter routing: When using free models through OpenRouter, your messages are routed through OpenRouter's infrastructure. OpenRouter's own privacy policy governs how they handle that data. We recommend reviewing OpenRouter's privacy policy.
4. Multi-Provider OAuth Authentication
We support sign-in through multiple identity providers. The data received from each provider is limited to what is necessary for account creation and identification:
| Provider | Data Received |
|---|---|
| Name, email, profile picture, Google user ID | |
| Apple | Name (first sign-in only), email (may be relay address), Apple user ID |
| GitHub | Username, email, avatar URL, GitHub user ID |
| Name, email, profile picture, Facebook user ID | |
| Nickname, avatar URL, WeChat OpenID/UnionID |
We store only the minimum data needed to identify your account (provider ID, name, email, avatar URL). We do not access your contacts, posts, files, or other data from any provider.
5. How We Use Your Information
- Account management: To create and maintain your account, authenticate sessions, and provide customer support.
- Service delivery: To serve the correct pricing tier based on your country.
- Communications: To respond to your inquiries and send essential service notifications (e.g., terms updates).
- Security: To detect and prevent abuse, unauthorized access, and policy violations.
6. Data Storage and Security
Your data remains on your device:
- All user-generated content (conversations, bots, settings) is stored in your browser's IndexedDB and localStorage.
- Authentication session tokens (JWTs) are stored in your browser and expire after 24 hours.
- All connections use HTTPS/TLS encryption.
- We use Cloudflare Pages for hosting, which provides DDoS protection and WAF (Web Application Firewall).
- Payment processing is handled by Stripe and PayPal, both PCI DSS compliant. We do not store credit card numbers or payment details.
7. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
- Identity providers: OAuth authentication requires communication with Google, Apple, GitHub, Facebook, or WeChat during sign-in.
- Payment processors: Stripe and PayPal process subscription payments on our behalf.
- Infrastructure: Cloudflare provides CDN, DDoS protection, and DNS services.
- Legal requirements: We may disclose information if required by law, regulation, or legal process.
8. Cookies and Local Storage
We use minimal cookies for essential functionality only. See our Cookie Policy for full details.
ais-geo-tier: Geo pricing tier (24-hour expiry)ais-country: Country code (24-hour expiry)- No advertising, analytics, or third-party tracking cookies
9. Your Rights
Because your data is stored locally in your browser, you have direct control:
- Access: All your data is in your browser. Use the Export function to download it.
- Deletion: Clear your browser data or use the app's settings to delete specific bots, conversations, or all data.
- Portability: Export your data as JSON at any time from Settings.
- Restriction: You can use the Service without signing in (guest mode) to minimize data collection.
- Account deletion: Contact privacy@aiscouncil.com to request deletion of your server-side account data.
10. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@aiscouncil.com.
11. International Data Transfers
BizTransit Sdn Bhd is based in Malaysia. Your authentication data may be processed in Malaysia and in jurisdictions where our infrastructure providers (Cloudflare, payment processors) operate. By using Service, you consent to transfer of your limited account data to these jurisdictions.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the Service. The "Effective" date at the top indicates when this policy was last revised. Continued use of Service after changes constitutes acceptance of updated policy.
Contact
For privacy-related inquiries, contact us at:
Privacy Officer
BizTransit Sdn Bhd
Level 28, Lingkaran Syed Putra
Mid Valley City, Kuala Lumpur 59200, Malaysia
Email: privacy@aiscouncil.com