Infinite Canvas AI (“the Service”) respects your privacy. This policy explains what data we collect and how we use it.
We store your email address, a hashed password, and your conversation graphs (the nodes, edges, and messages you create on the canvas). This data is stored in a Postgres database with safeguards designed to protect it.
If you choose to add your own OpenAI or Claude (Anthropic) API keys, we store them using application-level encryption (AES-256-GCM) in our database. We use your keys only to call those providers on your behalf when you request AI responses. Your API keys are never returned to your browser or shared with third parties. You can add, update, or remove your keys at any time in Settings. You are responsible for any usage and charges incurred through your own API keys.
Your data is used solely to provide the Service — to authenticate you, persist your workspaces, and send your messages to AI models for generating responses.
We send your message content to AI model providers to generate responses. When you use our default setup, requests may go through the Vercel AI Gateway. When you provide your own OpenAI or Claude API keys, we send your requests directly to those providers using your keys. We do not sell or share your data with anyone else.
We use safeguards designed to protect your data, including hashed passwords and encrypted storage for user-provided API keys. No system is completely secure; we do not guarantee that data will never be compromised. You can reduce risk by using strong passwords and setting spending limits on your API keys in your provider dashboards.
In the event of a security incident that we believe has compromised your personal data, we will assess the situation and, where practicable and required by applicable law, notify affected users and relevant regulators. Our response may include steps to contain the incident, investigate the cause, and reduce future risk.
You can delete individual workspaces at any time. To delete your account entirely, contact us and we will remove all associated data.
We may update this policy. We will notify you of significant changes through the Service.
For limitations of liability and other legal terms, please see our Terms of Service.
← Back to home