TempGPT Privacy Assurance & Security Audit

Complete transparency about how TempGPT protects your privacy

Data Encryption

  • • End-to-end AES-256 encryption
  • • Client-side key generation
  • • Keys never stored on servers
  • • Encrypted data in transit and at rest

Automatic Deletion

  • • Sessions auto-expire after set duration
  • • Immediate deletion when timer ends
  • • No backup or recovery systems
  • • Database CASCADE deletion

Zero Tracking

  • • No IP address logging
  • • No analytics or persistent tracking
  • • No user identification
  • • Anonymous session IDs only

Infrastructure

  • • Supabase secure hosting
  • • Row Level Security (RLS)
  • • Edge functions for data deletion
  • • OpenRouter for AI (no user data shared)

Technical Implementation

Encryption

AES-256 encryption using crypto-js library with session-unique keys. Note: Encryption keys exist in browser memory during active sessions but cannot be fully cleared in JavaScript.

Storage

Encrypted messages stored temporarily in Supabase with RLS policies. AI responses proxied through edge functions to OpenRouter API.

Deletion

Automated cleanup via edge functions and database constraints with CASCADE deletion.

Data Retention Policy

Zero data retention. All messages, session data, and encryption keys are permanently deleted when your session expires or ends.

Compliance Certifications

GDPR Compliant
CCPA Compliant
Privacy by Design