Privacy

Welcome to our privacy explainer. We care about privacy, and we also want to be precise about the limits. NanoGPT is designed to minimize account data, keep conversation history local by default, and avoid attaching your account identity to model-provider requests. Normal model calls still send the request content to the selected model/provider path so the model can answer.

Quick Version

• No account required: you can use NanoGPT with a generated user ID and avoid sharing an email.
• Local history by default: conversations are stored in your browser unless you opt into sync, sharing, or another cloud-backed feature.
• Providers need request content: prompts, attachments, tool context, media inputs, and settings required for a request are sent to the selected model/provider route.
• Optional privacy controls: PII redaction, cryptocurrency payments, provider-specific retention settings, and TEE/private model paths are available where supported.
• TEE is not one universal guarantee: private and TEE-backed routes differ by provider, transport, attestation, and whether encryption starts in your browser or on NanoGPT servers.

Conversation Storage: Your Control

By default, conversations are stored in your browser on your device, which means you control your chat history. When you send a message, the prompt content still goes to the selected model/provider path so the model can answer. If you enable Conversation Sync, we store encrypted conversation snapshots in the cloud so your chats can sync across devices. This feature is strictly opt-in.

You can set your own sync passphrase for end-to-end encryption, and you can bring your own storage bucket if you prefer. Sharing is optional too: when you create a share link, we store a snapshot (encrypted if you choose) for the retention period you select so the link can work.

Memory features are optional as well. Memory is only synced to our servers if you explicitly turn on sync, and you can view, edit, or delete memory at any time.

Cookies and Session

We use a session cookie with a signed session identifier to keep you signed in and retrieve your balance from our servers. If you arrive via a referral or campaign link, we may set a referral/source cookie to attribute signups or payments.

Data Handling with Model Providers

We offer many language models on our service. It's important to understand how data is handled with these different providers:

We strongly encourage you to review the privacy policies of these individual model providers. You can find links to many of their policies in our official Privacy Policy document.

A key aspect of our privacy approach is that every conversation (or chat session) is treated as separate and isolated. We do not intentionally attach your NanoGPT account identity to model-provider requests. Providers still receive the content needed for the specific request, which can include prompts, attachments, tool context, or provider metadata needed for routing.

If you turn on PII redaction, Grepture scans model-bound message and response content before it reaches the model provider. This is for private information inside prompts, messages, attached context, and responses; it is not because NanoGPT sends account names, emails, or other account metadata to model providers. We normally do not attach that metadata to model-provider requests. Grepture masks supported PII before the provider receives the prompt and restores supported placeholders on the way back, subject to Grepture's own privacy policy, terms, and subprocessors. Redaction adds $0.0005 per redacted request, can alter prompts, and credential-like secrets are replaced with safe labels rather than restored.

Third-Party Service Policies

In addition to model providers, some features use third-party services for web search, content extraction, transcripts, uploads, audio or media generation, AI detection, plagiarism checks, and payments. Please review their privacy policies:

• Web Search & Browsing: Linkup, Tavily, Exa, Kagi, Brave Search, Perplexity, Valyu.
• Content Extraction & Transcripts: Firecrawl, YouTube Transcript, Mistral AI (OCR).
• AI Detection & Plagiarism Checks: Pangram.
• PII Redaction: Grepture Privacy Policy, Grepture Terms, Grepture Subprocessors.
• Payments: Stripe, BTCPay Server, Nanswap, BoomFi.

Closed-Source Models (e.g., OpenAI, Anthropic, Google)

When you use models from closed-source providers like OpenAI, Anthropic, Google, and others, your prompts (the text you input) are sent to these providers to generate a response. While we design our systems to send only the necessary information (your prompt), the data processing ultimately occurs on their infrastructure.

We rely on these providers' commitments to data privacy and security. Across all providers we use, we enforce a minimum-retention and maximum-deletion posture by applying the strictest retention and deletion settings each provider makes available to us. Final retention behavior is still controlled by those third parties and their legal obligations, so we remain dependent on them to honor their stated practices.

Open-Source Models

For open-source models (e.g., certain models from DeepSeek and Meta and others), we utilize specialized third-party services that run these models. These services typically operate under a no-log policy, meaning they commit not to store or record the prompts they process.

While this offers a greater degree of privacy compared to some closed-source alternatives, it's important to note that we are reliant on the integrity and contractual assurances of these intermediate providers to uphold their privacy commitments. We select these partners carefully, prioritizing those with strong privacy stances.

TEE Models: Stronger Isolation and Attestation

We also offer models that run within a Trusted Execution Environment (TEE). These models are typically listed under "Private" or "TEE" in our model selection dropdown.

A TEE is a secure area within a processor that isolates code and memory during execution and can produce attestation about what actually ran. This materially improves protection against host-level inspection of data in use and gives technical users a way to verify integrity, but it does not by itself guarantee end-to-end secrecy across every network hop or provider integration path.

Some providers document encrypted transport into TEE infrastructure, while others require provider-specific verification tooling or SDKs for the strongest guarantees. Private/TEE routes can vary by provider path, including Chutes TEE, Tinfoil, Redpill/Phala, and other provider-specific TEE paths. Standard NanoGPT TEE routes improve provider-side protection, but NanoGPT can still see plaintext when the normal API or web app receives normal JSON before routing. Browser or local-proxy Private Mode paths provide a stronger boundary for supported Tinfoil-backed models because encryption happens before the request body leaves your device. For Chutes TEE, NanoGPT verifies Intel TDX quote evidence, report-data binding, and pinned measurements with GPU evidence present, but we do not yet independently validate NVIDIA GPU evidence against NVIDIA NRAS. Our TEE Verification documentation is the right place to check the exact verification flow for a given model. We also link our current TEE blog post, but the technical guarantees there should be read together with the provider-specific verification details.

Practical Privacy Position

We believe you should be able to use AI tools without compromising your privacy. For most models available through our service, we offer what we believe is the best privacy posture possible under the circumstances:

• No Account Required: You can use our services without creating an account, minimizing the data you need to share. You can use the randomly generated unique user ID to log in on other devices to share your balance, you can also create an account with any anonymous email.
• Data Minimization: Our goal is to collect as little personal data as practical for balance, billing, security, abuse prevention, support, and the features you enable. We aim to provide a service, not to monetize your information.
• Anonymous Payment Options: You can pay using privacy-preserving methods like cryptocurrency. We in fact recommend doing so and give you a discount if you pay in crypto.
• Local-First Storage: Conversation history stays in your browser by default. Sync, sharing, memory sync, imports, and cloud-backed helpers are optional features with separate data paths.
• No Identifying Information Passed On: We normally do not send account names, emails, NanoGPT user IDs, or full conversation history to model providers unless you include that information in the request content or enable a feature that sends related context. Your IP address is not directly passed to the end model provider by us, though intermediate infrastructure may see it as part of standard internet traffic.
• Providers See Request Content: Model providers receive the prompt/content needed to answer. Depending on the route and enabled features, that can include messages, attachments, search/tool context, media inputs, and request settings.

While running open-source models locally on your own hardware is technically an option for maximum privacy, it can be complex and resource-intensive. For closed-source models, local execution is not possible. Our service aims to provide a practical balance, offering access to powerful models while implementing robust privacy measures.

Contact Us

If you have any questions about our privacy or if you think there is something we can improve, we would love to get in touch. You can reach us via the following channels:

If you submit a bug report or suggestion through our website, we may forward the content you provide to internal messaging tools (such as Discord) so our team can review it quickly.