Account security
Authentication is provided through Clerk, with authenticated application routes checked on the server.
Security and privacy
Here is how we currently handle conversations, imports, model requests, and account data. Our Privacy Policy and Terms of Service remain the governing documents.
Conversations
We store chats and messages under your account identifier in our Convex backend. Conversation records include message content, order, timestamps, and model metadata where applicable.
Authentication is provided through Clerk, with authenticated application routes checked on the server.
When you choose an external model, prompts and relevant conversation context are sent to the corresponding AI service path to produce a response.
We use operational services including Vercel Analytics and Sentry. We do not add private conversation content to marketing analytics events.
Imports
For shared-link imports, we retrieve the public conversation page through our scraper or configured extraction service. For export files, we use temporary object storage, parse supported messages, and remove the raw upload. We also clean up prepared import data after processing.
We associate imported messages with your Kontinue AI account. Unsupported rich content can be omitted. We do not need your source-platform password for public shared-link imports.
Training and providers
We do not use personal conversations or imported chat data to train AI models. When you choose a third-party model, we send the prompt and relevant context to that provider to generate a response. Each external provider has its own terms and privacy practices.
Your controls
You can export conversations, memories, summaries, and account metadata in JSON, Markdown, or ZIP formats.
Available connectors can be disconnected from Settings. Provider permissions can also be revoked at the provider.
Send account and associated-data deletion requests to privacy@kontinueai.com. We do not currently offer self-service account deletion.
Retention and limitations
We retain personal information for as long as necessary to provide the service and fulfil the purposes in our Privacy Policy, unless the law requires longer. We have not published a universal deletion deadline, and we do not claim end-to-end encryption, zero retention, SOC 2 certification, or universal regulatory compliance.