P

On our servers, we store: Operational logs (temporary): • Timestamps of API requests • IP addresses (for rate limiting only) • Message counts per conversation (not message content) • AI model name and response duration • Security events (rate limit triggers, blocked requests) These logs are retained for up to 30 days for operational monitoring and are then automatically deleted. They contain no conversation content.

We explicitly do not retain: • The content of your messages to ShikshyaAI • The content of AI responses • Conversation histories or chat archives • User profiles, preferences, or behavioral data • Cookies or persistent identifiers • Search queries or browsing history

Your conversation exists in exactly one place: your browser's active memory (RAM). When you send a message, the conversation is temporarily sent to our server, forwarded to the Groq AI API for processing, and the response is streamed back to your browser. Once the response is delivered: • Our server discards the conversation content • Only metadata (timestamps, message count, duration) is logged • The full conversation remains only in your browser tab Your conversation is permanently deleted when you: • Close the browser tab • Refresh the page • Click "New conversation" or the clear button • Navigate away from the ShikshyaAI page There is no way to recover a conversation once it is gone. We cannot retrieve past conversations because we never stored them.

When you send a message, the conversation context is transmitted to Groq's API for AI processing. Groq's data retention practices are governed by their own policies. According to Groq's current policy, API inputs and outputs are not used for model training. Please review Groq's Privacy Policy for the latest information.

To prevent abuse, we maintain temporary rate-limiting counters: • Stored by IP address with automatic expiration (1-minute windows) • Banned IPs are stored for up to 1 hour • When Redis is available: stored in Redis with TTL-based auto-deletion • When Redis is unavailable: stored in server memory, cleared on restart Rate limiting data contains no conversation content — only request counts and timestamps.

Security events (such as rate limit violations, prompt injection attempts, or honeypot path access) are logged with: • Timestamp • IP address • Event type and reason • Request path These logs never include conversation content. They are retained for up to 30 days for security monitoring.

Because we don't store your data, you have complete control: • Delete your conversation: Close the tab or click "New conversation" • Browse anonymously: No account, no cookies, no tracking • Use a VPN: Your IP address is the only identifier we see • Opt out entirely: Simply stop using the service — there is nothing to delete

We may update this policy as our infrastructure evolves. Any changes will be reflected on this page. If we ever begin storing conversation data (which we currently have no plans to do), we will update this policy prominently and provide notice.

Questions about our data practices: • Email: privacy@pinwheelconnect.com • GitHub: github.com/artixnaturelab/pinwheelconnect