Back to home
Philyr Logo

Privacy Policy

DRAFT — Last updated February 2026

1. Introduction

This Privacy Policy explains how Philyr ("we," "us," "our") collects, uses, and protects your personal data when you use our platform. We are committed to GDPR compliance and transparent data practices.

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, hashed password
  • Usage data: Company instructions, agent outputs, execution logs
  • Technical data: IP address, browser type, access timestamps
  • Optional data: Third-party API keys (stored encrypted)

3. How We Use Your Data

  • To provide and operate the Service
  • To authenticate your identity and secure your account
  • To process your AI company instructions and deliver outputs
  • To monitor service health and prevent abuse
  • To communicate important service updates

4. Data Storage and Security

Your data is stored on Azure infrastructure located in the European Union (West Europe region). We use industry-standard security measures including:

  • Encryption in transit (TLS) and at rest
  • Bcrypt password hashing with application-level salting
  • Fernet encryption for stored API keys
  • Isolated sandbox environments for agent execution

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Infrastructure providers: Microsoft Azure (hosting, database, storage)
  • AI model providers: Azure AI services (to process your instructions)
  • Sandbox providers: Sprites/Fly.io or E2B (isolated execution environments)

All third-party providers are contractually bound to protect your data.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Port your data to another service
  • Object to processing of your data
  • Withdraw consent at any time

To exercise any of these rights, email us at [email protected].

7. Data Retention

We retain your account data for as long as your account is active. Company data (instructions, outputs, logs) is retained for the lifetime of the company and deleted when you delete the company or your account. You may request full data deletion at any time.

8. Cookies

We use a JWT token stored in localStorage for authentication. We do not use tracking cookies or third-party analytics at this time.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related inquiries, contact us at [email protected].