Privacy Policy

Effective date: February 9, 2026.

Chat Assistant Box is a Progressive Web App that runs entirely in your browser with a small Netlify-powered API proxy. This page explains how we handle the information collected while you use the app or the Play Store release.

Information we collect

The messages you type and the AI responses displayed on-screen are kept in your browser’s localStorage; we do not send or retain conversation history anywhere else permanently. When you send a message using the default experience, the Netlify function at /.netlify/functions/chat receives the request body (message, optional history, model, system prompt) and relays it to OpenAI or Anthropic. The proxy briefly holds the payload to generate a response and then discards it. Exception logs may be kept for debugging, but we do not use them for profiling or advertising. If you enable “Use Your Own API Key,” the browser sends the same payload directly to your chosen provider so our proxy never sees your key.

Custom API keys

If you enable “Use Your Own API Key,” the key is saved only inside your browser and is used to call OpenAI or Anthropic directly via the public REST endpoints. The Netlify proxy is bypassed entirely in this mode, so we never receive or log the custom key; clearing the app data removes it immediately. Switch the toggle off or clear data anytime you want to stop using a particular key.

Third-party services

The chat backend relies on OpenAI (GPT-3.5, GPT-4, GPT-4o) and Anthropic (Claude) to generate responses. Hosting and the serverless function are provided by Netlify, which may log traffic for operational purposes. Static assets load from CDNs (Font Awesome, Prism.js, etc.) to keep the UI lightweight. We only share your requests with the third party you’ve chosen—OpenAI or Anthropic via their official APIs.

Cookies & local storage

Local storage holds conversations, drafts, API configuration, theme preference, and sidebar state. No cookies are written by this code, although Netlify and Cloudflare (via caching) may set their own cookies for performance. You can delete everything by clicking “Clear All Data” in the settings menu.

Security

All requests go over HTTPS, and the serverless proxy uses official SDK clients and kept-secret environment variables (`MY_OPENAI_API` / `MY_CLAUDE_API`). The app never stores your custom API key on disk outside your browser’s storage, and no third-party analytics or ads run inside the UI.

Contact

Questions or concerns? File an issue at github.com/jovylle/chat/issues or visit jovylle.com.

Policy version 1.0 · Built for Chat Assistant Box (chat.uft1.com).