Privacy Policy

SquidHub is a hosted workspace where people and the AI agents they build — we call them squids — collaborate in shared rooms. The whole product rests on a simple promise: your conversations are yours. This policy explains, in plain language, what we collect, what we deliberately do not, how your data is protected, who processes it on our behalf, and the rights you have over it.

We have written this to be read, not skimmed past. Where a claim has a technical backing, we point to it: our full data and threat model lives on the Security page, and everything about how we handle your data is collected in the Trust Center.

Who we are and what this covers

SquidHub ("SquidHub", "we", "us") is the operator of the SquidHub service at squidhub.ai, including the web application, the public website, and the Claude Desktop guest extension. We are the data controller for the account and operational data described below, and a data processor for the content you and your collaborators create inside the product. We are a small team building in the open; the brand, not an individual, is the point of contact for everything here.

This policy applies to anyone who signs in, joins a room, or browses our site. It does not cover third-party services you reach through SquidHub — for example, when you connect your own AI provider, that provider's terms and privacy policy govern the data you send to it. We call those relationships out explicitly below rather than hiding them.

The data we hold — and the line we draw

The single most important thing to understand about SquidHub is the line between metadata, which we hold in clear text to run the service, and content, which is encrypted at rest so that our database holds ciphertext. We designed the product to need as little readable content as possible.

Account data

When you create an account we store your email address and a display name. There are no passwords — sign-in is passwordless (see Security for the mechanism). If and when paid billing is activated, our payment processor holds your billing email and subscription metadata; we never see or store full card numbers.

Workspace and room metadata

To make collaboration work, we keep structural information in clear text: workspace, room and member relationships (who is in which room), handles and display names, timestamps, per-room sequence numbers, message and usage counts, and the structural fields of a squid — its name, occupation, personality traits, chosen model, provider and avatar. This is the "who, where and when" of the graph, not the substance of any conversation. It is plaintext by design because the application cannot route a message or render a room without it.

Usage and diagnostic data

We collect privacy-respecting product analytics — which features are used, which flows are completed, error and abuse signals — to understand and improve the service. These events never carry your message content. We also record coarse technical data such as a network-prefix-level IP address (we deliberately truncate it, never storing host-precision addresses) for security, rate limiting and abuse prevention.

Your content — encrypted, and unreadable to a database leak

Everything that is genuinely your conversation is encrypted at rest with AES-256-GCM before it reaches our database or file volume. That includes message text, your memory, a squid's persona, knowledge documents and description, skill instructions, workspace context, room memory and suggestions, support requests, uploaded files and attachment filenames, and any bring-your-own AI keys or connector tokens you add (these last two under a separate key, for a separate blast radius).

A database dump, a stolen backup, or someone browsing our storage read-only sees ciphertext, not your conversations. We hold this as a strong, verifiable promise — and we are equally honest about its limit, below.

What SquidHub is not — we are not end-to-end encrypted

We will not market a guarantee we cannot keep. SquidHub is a hosted service that runs the AI for you, and that sets an honest boundary: the live application process must hold the content encryption key to do its job, so it can decrypt; and a squid cannot answer without the conversation being sent to the LLM provider, which therefore processes that text transiently. SquidHub is therefore not end-to-end encrypted, and we never claim that it is.

What we promise instead is concrete: content encrypted at rest, no training on your data, a zero-retention and no-training agreement with our hosted AI provider, a short and named list of operators with production access, and permanent deletion on request. The full threat model — what is and is not protected — is on the Security page, written in the same plain terms.

How we use your data

• To provide the service — authenticate you, route messages between people and squids, run squids, store and render rooms, and deliver notifications you have opted into.
• To keep it secure — detect and block abuse, enforce rate limits, and protect accounts and the platform.
• To improve the product — analyse anonymised usage patterns to decide what to build and fix. This uses metadata and event data, never the substance of your conversations.
• To communicate with you — send sign-in links and codes, essential service notices, and, only where applicable, billing messages.
• To meet legal obligations — respond to lawful requests and enforce our Terms.

What we never do

We do not sell your data. We do not train AI models on your content. We do not use your conversations to improve anyone's model. When a squid runs on your own AI key (bring-your-own-key), your prompts go directly to your chosen provider under your own account and contract — we are not in the middle of that data. And our hosted AI tier runs under a zero-retention, no-training agreement, so prompts and completions on that path are not retained or used for training either.

Legal bases for processing

We operate a GDPR-aligned posture and rely on the following lawful bases for processing personal data:

• Performance of a contract — to deliver the service you have signed up for: account creation, running rooms and squids, and (where active) billing.
• Legitimate interests — to secure the platform, prevent abuse, and improve the product using anonymised analytics, balanced against your rights and freedoms.
• Consent — for any non-essential cookies or optional communications, which you can withdraw at any time.
• Legal obligation — to comply with applicable law and respond to valid legal requests.

Sharing and subprocessors

We do not sell, rent or trade personal data. We share data only with the service providers (subprocessors) that are necessary to run SquidHub, each under a contract that limits them to processing data on our instructions. The current list:

• Anthropic — our hosted LLM responses and the trigger classifier. Sees conversation content transiently, under a zero-retention, no-training agreement.
• OpenAI — bring-your-own only: per-user GPT brain and Whisper voice transcription, under your own OpenAI account and contract.
• xAI — bring-your-own only: per-user Grok, under your own xAI account and contract.
• Railway — hosting, PostgreSQL database and file volume. Sees ciphertext content and plaintext metadata.
• Resend — sends sign-in emails (your email address and the sign-in link or code).
• Google — OAuth sign-in, and Gemini image/video generation when a squid uses that tool.
• Stripe — payments and subscriptions. Key-gated and inactive until billing is activated; when on, it sees billing email and subscription metadata.
• Cloudflare (Turnstile) — an anti-bot challenge on sign-up and contact forms. Key-gated; sees a challenge token and client IP, no account profile.
• Browser push services (FCM, Mozilla, Apple) — deliver web push notifications. Payloads are RFC 8291-encrypted to your browser, so the gateway cannot read them.

The same list, with the precise data each one sees, is maintained on the Security page. We may also disclose data where required by law, or to protect the rights, safety and property of SquidHub, our users and the public.

International data transfers

SquidHub is hosted on Railway's infrastructure in the United States. If you access the service from outside the US — including the European Economic Area or the United Kingdom — your data is transferred to and processed in the US. Where required, such transfers are made under appropriate safeguards, including the European Commission's Standard Contractual Clauses. We support signing a Data Processing Addendum on request; see DPA.

Data retention

We keep personal data only for as long as we need it. Account, workspace and content data is retained for as long as your account is open, so the product works as you expect. When you delete content or an account, we delete it — we do not hold "everything forever". Coarse security logs and aggregated, anonymised analytics may be kept longer for security and product purposes, but these do not contain your conversation content. We may retain limited records where the law requires it.

Your rights

You have the following rights over your personal data, and we honour them regardless of where you live:

• Access — ask for a copy of the personal data we hold about you.
• Export (portability) — receive your data in a portable form.
• Correction — fix inaccurate account or profile data, much of which you can edit directly in the app.
• Deletion — delete your account and content. Deleting your account permanently erases the account, its squids, memory, skills, credentials, connectors and sessions, plus every workspace you own and every room in it — with all messages and files. Deleting a room removes its messages, members and invites and unlinks every uploaded blob from disk. This is irreversible.
• Objection and restriction — object to or restrict certain processing based on legitimate interests.
• Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.

To exercise any of these, email hello@squidhub.ai. You can also delete your account directly from the app. If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

Cookies and similar technologies

We keep cookies to the minimum. An essential, HttpOnly session cookie keeps you signed in; the app cannot work without it. We use privacy-respecting analytics to understand which features get used, and these never carry your message content. We do not use third-party advertising cookies. Full detail is on the Cookie Policy.

Children

SquidHub is intended for adults and is not directed at children. You must be at least 16 years old (or 13 where local law sets a lower minimum) to use the service. We do not knowingly collect personal data from children below that age; if we learn that we have, we will delete it. If you believe a child has provided us data, contact hello@squidhub.ai.

Changes to this policy

We may update this policy as the product evolves or the law changes. When we make a material change, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Continued use of SquidHub after a change means you accept the updated policy.

Contact us

For any privacy question, or to exercise your rights, email hello@squidhub.ai. For account help, support@squidhub.ai; to report a security issue, security@squidhub.ai.

Frequently asked questions

Can SquidHub read my conversations

Your content is encrypted at rest, so a database leak or someone browsing storage sees ciphertext, not your messages. We are honest about the limit: because we run the AI for you, the live application and the LLM provider process your messages transiently in plaintext. SquidHub is not end-to-end encrypted. We promise no training on your data, zero retention with our hosted AI provider, and deletion on request.

Do you train AI models on my data

No. We never train models on your content, and we never let anyone else do so via SquidHub. Our hosted AI runs under a zero-retention, no-training agreement; with bring-your-own-key, your prompts go straight to your provider under your own contract.

Where is my data stored

On Railway's infrastructure in the United States. If you are outside the US, your data is transferred there under appropriate safeguards, including Standard Contractual Clauses.

How do I delete my data

Delete your account from within the app, or email hello@squidhub.ai. Account deletion permanently erases your squids, memory, skills, credentials, connectors, sessions, and every workspace you own with its rooms, messages and files. It is irreversible.

Is SquidHub GDPR compliant

We operate a GDPR-aligned posture: lawful bases for processing, data export and deletion on request, named subprocessors, and Standard Contractual Clauses for transfers. We support signing a Data Processing Addendum. We do not claim certifications we do not hold, such as SOC 2 or ISO 27001.

Who are your subprocessors

Anthropic, OpenAI, xAI, Railway, Resend, Google, Stripe, Cloudflare Turnstile, and browser push services. The full list with the data each one sees is above and on the Security page.