Nano GPT logo

NanoGPT

Nano-GPT Privacy Policy

Last Updated: January 28, 2026

At NanoGPT we are committed to protecting your privacy and ensuring the security of your personal information. Our policy is to collect and store only the minimum information necessary to provide our services.

This Privacy Policy describes our practices regarding information we collect from or about you when you use our website, platform, services, and features, including all associated software applications (collectively, "Services").

Scope

This Privacy Policy applies to personal information collected through:

  • Our website and any webpages that link to this Privacy Policy;
  • Our applications, features, and services (including APIs) that link to this Privacy Policy;
  • Interactions with third-party sites or services where our Services are embedded and link to this Privacy Policy.

Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

Personal information we collect

We collect very limited personal information when you use our Services, communicate with us, or create an account. We do not sell personal information and we do not use personal information for targeted advertising. Our commitment is to never sell or share your information for advertising purposes and not to use any shared information to infer characteristics about users.

  • Account Information: If you choose to create an account, we collect your email address, and may also store your name, profile image, a hashed version of your password, passkey (WebAuthn) credential handles, and two-factor authentication settings. This information is necessary to provide login, authentication, and account security features. You can also use our services without creating an account by using an anonymous session. We support multiple authentication methods, including email and password, Google OAuth, GitHub OAuth, and WebAuthn/passkeys. When you sign in via Google or GitHub, we receive limited profile information (such as your name, email, and profile image) from those providers in accordance with their privacy policies.
  • Payment Information: When you make payments, we use third-party payment processors. For credit or debit card payments we use Stripe as our payment processor. While we never see or store your credit card data, Stripe collects and stores certain personal information related to your payment transactions. This information is subject to Stripe's privacy policy and data retention practices and we are unable to remove this ourselves. You can request deletion of your personal information directly from Stripe by visiting their data deletion request page. For cryptocurrency or other payment methods, we may use processors such as BTCPay Server, Nanswap, or Daimo; these providers may collect and process transaction details (such as wallet addresses, transaction identifiers, and amounts) under their own privacy policies. We receive limited transaction metadata to credit your account.
  • Communication Information: If you communicate with us, we may collect your name, contact information, and the contents of your messages to the extent that you choose to share these details with us.
  • Social Media Information: When you interact with our pages on third-party sites like X and Discord, we may collect information you choose to provide, such as your contact details.

Information Related to Your Use of the Services

We minimize data collection and avoid linking it to your IP address wherever possible:

  • Prompts and Conversations: By default, we do NOT store prompt or conversation content on our servers. If you enable optional features such as conversation sync or sharing, we store the necessary content (encrypted where applicable) so those features can work.
  • Responses API: Our OpenAI-compatible Responses API defaults to store: true per the OpenAI specification. When store is enabled, we store your request and response data encrypted (AES-256-GCM) for up to 7 days to support conversation threading, response retrieval, and background processing. This retention period is configurable and data is automatically deleted after expiration. You can set the store parameter to false to disable storage entirely, in which case no prompt or response content is persisted. You may also bring your own encryption key (via the X-Encryption-Key header) for end-to-end encryption, ensuring that only you can decrypt your stored responses.
  • Memory & Global Memory Sync: If you enable Memory features, we store memory items to provide personalization. Memory is only synced to our servers if you explicitly turn on sync. You can view, manage, and delete memory at any time.
  • Google Drive Integration: If you use our Google Drive import feature, we request read-only access to your Google Drive files through Google OAuth. We access your files only as necessary to import them into a conversation at your request. We do not store, index, or retain your Google Drive files beyond the immediate import operation. Your use of Google Drive is also subject to Google's Privacy Policy.
  • CAPTCHA Verification: When you attempt to claim free Nano, we use Cloudflare Turnstile to verify that you are a human. Cloudflare may process your IP address and browser information as part of this verification. This data is subject to Cloudflare's Privacy Policy.
  • IP Addresses: We do not link IP addresses to prompts. We do use IP addresses temporarily for rate limiting and abuse prevention; these logs are short-lived and not connected to prompt content.
  • Usage Data: We do not link any usage data to your IP address.

Outside of those optional content storage features, the only information we actively store for standard usage is metadata about prompt requests, such as input and output token counts, the model used, the cost we charged, any discounts applied, whether web search was used (for billing), whether memory was used (for billing), and the timestamp of the request. If you enable conversation sync or sharing, we also store encrypted snapshots that include the prompt content itself. This metadata is what powers the Usage page (entries are derived from timestamps, models, and token counts/costs).

Our platform uses your local browser storage to hold settings and conversation history. We also use a session cookie that contains a signed session identifier (and optional security flags, such as pending 2FA) so we can retrieve your session and balance from our servers. If you arrive via a referral or campaign link, we may set a referral/source cookie to attribute signups or payments. If you enable conversation sync, encrypted snapshots are stored in our cloud storage (or your own storage if you configure it), and you can delete them at any time. If you share a conversation, we store a share snapshot (encrypted if you choose) for the retention period you select so the link can work.

How we use personal information

We may use Personal Information explicitly provided to us for the following purposes:

  • To process your payments and update your account balance;
  • To communicate with you about our Services and events;
  • To review, route, and respond to bug reports and suggestions you submit;
  • To comply with legal obligations and protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

Disclosure of personal information

We may provide your Personal Information to third parties in the following limited circumstances:

  • Service Providers: When you submit a prompt, it is passed directly to the relevant service provider (such as OpenAI, Anthropic, or another LLM provider). While we do not store prompt or conversation content by default (unless you enable optional features like conversation sync or sharing), these service providers may store and process this information according to their own privacy policies. If you provide personal information within the prompts that you send, these service providers will have access to this personal information. Wherever possible we request maximum privacy and deletion, but we can not guarantee that providers do not store these prompts. For credit card processing, we use Stripe, which collects and processes payment information according to their own privacy policy.
  • Messaging & Notification Tools: To help our team respond quickly, bug reports and suggestions you submit through our website may be forwarded to internal messaging services (such as Discord) and may include the content you choose to provide.
  • Important Note on Provider Data Policies: While we only send prompts to the providers that we use, without sending along your IP or any other identifying personal information other than that which you yourself put into the prompt, keep in mind that our providers may still collect or store these prompts under their own data retention practices. We opt for minimum data retention in every way possible with every provider that we use, but we cannot guarantee that these providers will not retain some or all of the information you send.
  • OpenAI Data Retention Update: Following a recent court order, OpenAI has updated their privacy policy to state that they store all conversations and prompts indefinitely. This means that any prompts you send to OpenAI models (such as GPT-4, GPT-4o, GPT-3.5, etc.) through our service will be permanently retained by OpenAI. Please be aware of this when using OpenAI models and avoid including sensitive or personal information in your prompts.
  • Exercise caution and avoid submitting personal or sensitive information in your prompts, especially when using models from providers with indefinite data retention policies.
  • Legal Requirements: We may share limited Personal Information if required by law or to protect our rights and the safety of our users.

Aggregated and De-identified Information

We may process information in aggregated or de-identified form so it cannot reasonably be used to identify you. We use this information to:

  • Analyze and improve the performance and reliability of our Services;
  • Understand usage trends and feature preferences;
  • Publish or share high-level statistics about our Services.

Your rights

Depending on location, individuals may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:

  • Access your Personal Information and information relating to how it is processed.
  • Delete your Personal Information from our records.
  • Rectify or update your Personal Information.
  • Transfer your Personal Information to a third party (right to data portability).
  • Restrict how we process your Personal Information.
  • Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
  • Object to how we process your Personal Information.
  • Lodge a complaint with your local data protection authority.

Children

If you are under 18, you must have your parent or legal guardian's permission to use our Services.

Security and Retention

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your Personal Information. For cloud storage of media and user-uploaded content, we use Amazon Web Services (AWS) S3. Data stored in AWS is subject to AWS's Privacy Notice. However, no Internet transmission is ever fully secure. We retain Personal Information only for as long as necessary to provide our Services or comply with legal obligations.

The safety and security of your information also depends on you. If you use a password to access any part of our Services, you are responsible for keeping it confidential and for not sharing it with anyone.

Third-Party Services

Our Services may link to or integrate with third-party websites, applications, or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. Please review the applicable privacy policies of any third-party services you use.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Privacy Policy on this page and update the "Last Updated" date above. If we make material changes, we will provide notice via email to account holders (if we have a valid email address on file) before the changes take effect.

How to contact us

If you have any questions or concerns about this Privacy Policy, please contact our NanoGPT Support Team at support@nanogpt.com.

List of AI Model Providers Terms

AI Model Provider Terms: When using our Services, depending on which model is used, you agree to abide by the terms of the respective AI model providers:

Privacy Policy | NanoGPT