Privacy Policy
This policy explains what data HighCouncil.ai collects, why we collect it, who we share it with, and the rights you have over it. It applies to highcouncil.ai. We try to write this in plain English so you can actually read it.
1. Who we are
HighCouncil.ai is operated by Netvista Media (the "controller" under the GDPR). For any privacy question, data request, or complaint, write to privacy@highcouncil.ai.
2. What we collect
Account data
- Email address — required to sign in and to send transactional mail (verification, password reset).
- Display name — optional; used in the UI and in conversations with your AI team.
- Password hash (bcrypt) — never the password itself; we cannot recover or display it.
- OAuth profile — if you sign in with Google or LinkedIn, we receive your subject ID, email, name, and (where provided) profile picture URL. We do not access anything else in your Google or LinkedIn account.
- Email verification status.
Conversations and content you create
- Messages you send to your AI teams and the messages those teams reply with.
- Files you upload to a conversation (text, images, PDFs) and the extracted text we feed to the model.
- Team configurations (the AI voices, roles, project context).
Billing data
- Account balance, account tier, transaction history (top-ups, usage debits, refunds).
- Stripe customer ID and default payment method ID — we never see or store your card number; Stripe holds that.
Usage and operational data
- Per-call logs: which model was used, input/output token counts, the cost we paid the provider, the price we charged you.
- Server logs (IP address, request paths, response codes, timestamps) — short-lived, used for operating and securing the service.
Cookies
- One strictly necessary session cookie that keeps you signed in. We do not use advertising or third-party analytics cookies. If you install HighCouncil.ai as a Progressive Web App, an additional service-worker cache stores static assets on your device to make the app fast and resilient — no personal data is cached.
3. Why we collect it (lawful basis)
- To deliver the service you signed up for — account, conversations, billing. Lawful basis: Article 6(1)(b) — contract.
- To keep the service running and secure — error logs, fraud detection, abuse prevention. Lawful basis: Article 6(1)(f) — legitimate interest.
- To meet our legal obligations — tax records, VAT receipts, accounting. Lawful basis: Article 6(1)(c) — legal obligation.
4. Who we share data with (sub-processors)
To deliver the service we route specific data to the following processors. Each is bound by a data-processing agreement and, where the processor is outside the European Economic Area, by Standard Contractual Clauses or an adequacy decision.
| Processor | Purpose | Data shared | Where |
|---|---|---|---|
| Hetzner Online GmbH | Hosting (servers, storage) | All service data at rest | Germany (EU) |
| Cloudflare | DNS resolution only (no proxying / no traffic interception) | None | Global |
| Stripe | Payment processing | Card details (you enter directly with Stripe), email, name, IP | Ireland / US |
| Google LLC | "Sign in with Google" (OIDC) | OAuth profile (sub, email, name, picture) | US |
| LinkedIn Ireland UC | "Sign in with LinkedIn" (OIDC) | OAuth profile (sub, email, name, picture) | Ireland / US |
| SendGrid (Twilio Inc.) | Transactional email (verify, reset) | Email address, sender content | US |
| Replicate, OpenRouter, Together.ai, OpenAI, Anthropic, xAI, DeepSeek, Groq, Alibaba Cloud (Qwen) | LLM inference (your messages are sent to whichever provider is configured for the model you chose) | Conversation content (messages, attachments, system prompts), team configuration. No account/billing data. | US / EU / international, varies by provider |
| Black Forest Labs (via Replicate) | Avatar image generation | Persona name and a public reference photo only. No user PII. | US |
We do not sell your data, ever. We do not share it with advertisers. We do not use your conversations to train any model.
5. International transfers
Several of the processors above (notably the LLM providers, Stripe, and OAuth providers) are based in the United States. Those transfers rely on the EU-US Data Privacy Framework where the processor is certified, or on Standard Contractual Clauses combined with our own technical safeguards (TLS in transit, access controls).
6. How long we keep it
- Account data — for as long as your account exists, plus a short grace period to handle reactivation.
- Conversations — kept while your account is active. You can delete individual conversations and teams from the UI; deletion is immediate and not recoverable.
- Billing records — kept for seven years to meet EU accounting and tax obligations.
- Server logs — typically 30 days, then purged.
- Verification / password-reset tokens — single use; expire after 24 hours (verify) or 1 hour (reset).
7. Your rights
You have the following rights under the GDPR. Send an email to privacy@highcouncil.ai from the address linked to your account and we will act within 30 days.
- Access — get a copy of the data we hold about you (Article 15).
- Rectification — correct anything that's wrong (Article 16).
- Erasure — delete your account and the personal data tied to it (Article 17). Billing records we are legally required to keep will be retained and isolated.
- Portability — receive your data in a machine-readable format (Article 20).
- Restriction — ask us to limit how we use your data (Article 18).
- Objection — object to processing based on legitimate interest (Article 21).
- Withdraw consent — at any time, where processing relies on consent.
- Lodge a complaint — with your national supervisory authority. The Dutch authority is the Autoriteit Persoonsgegevens; in Spain it is the Agencia Española de Protección de Datos.
8. Security
We use TLS for every connection, hash passwords with bcrypt, hold all single-use tokens as SHA-256 digests, take a verified daily backup of the database, and keep production secrets in environment variables not committed to source. No system is perfectly secure; if you believe you have found a vulnerability please email security@highcouncil.ai.
9. Children
HighCouncil.ai is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has signed up, contact us and we will delete the account.
10. Changes to this policy
If we change this policy in a way that meaningfully affects how we handle your data, we will let active users know by email at least 14 days before the change takes effect. Smaller clarifications are reflected in the "last updated" date at the top.
11. Contact
Netvista Media — privacy@highcouncil.ai