← Back to Sparrow

Privacy Policy

Last updated: March 2026

1. Data We Collect

When you create an account we store your email address and a Cognito user identifier. Chat messages, settings, and MCP server configurations are stored in AWS DynamoDB keyed to your user ID.

File attachments you upload are stored in AWS S3 under a per-user prefix and are not shared with other users.

2. How We Use Your Data

• Chat messages are sent to the AI provider you select (e.g. OpenAI, Google, Anthropic). Review their privacy policies for how they handle data.
• Free-tier EchoNest models: These are served via OpenRouter's free endpoints. Conversations using free-tier models may be used by upstream model providers for training and improvement purposes. This does not apply to paid-tier models (Pro/Teams plans) or when using your own API keys. See our Terms of Service for details.
• We do not sell, rent, or share your data with third parties for marketing purposes.
• Server logs (request metadata, errors) are retained for 90 days in AWS CloudWatch for operational troubleshooting.

3. Data Storage & Security

All data is stored in AWS eu-north-1 (Stockholm). Data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AWS-managed keys (SSE-S3 for S3, encryption at rest for DynamoDB).

Authentication is handled by AWS Cognito with SRP-based password hashing. Passwords are never stored or transmitted in plaintext.

4. Data Retention & Deletion

You can delete individual chats or all your data at any time from the application. To request complete account deletion, contact us at the email below.

5. Cookies

We do not use tracking cookies. Authentication tokens are stored in localStorage and are not sent to third parties.

6. Third-Party Services

CDN resources (KaTeX, Mermaid, DOMPurify, highlight.js) are loaded from cdn.jsdelivr.net and cdnjs.cloudflare.com. These services may log your IP address per their own privacy policies.

7. Changes

We may update this policy from time to time. Material changes will be noted with an updated date at the top of this page.

8. Contact

For privacy questions, email privacy@echonest.se.