Privacy Policy
Effective July 7, 2026 · M3 Labs LLC
1. What we collect
- Account data — email, display name, hashed password (or your GitHub identity if you sign in with GitHub).
- Bout content — the questions, context, and attachments you submit, and the resulting deliberation records (verdicts, contentions, transcripts).
- Usage and billing metadata— per-bout token counts, model identifiers, costs, and timestamps (the dossier "receipts").
- BYOK credentials — provider API keys you add, stored encrypted at rest and used only to run the bouts you start.
2. How we use it
To operate the Service: running your bouts through the AI providers you select, rendering and storing your dossiers, metering quotas, securing accounts, and debugging failures. We do not sell your data, and we do not use your bout content for advertising.
3. Research contribution — off by default
Bout records are private to your account unless you turn on "Contribute to research" in Settings (or at signup). If you opt in, anonymized bout records — with emails, phone numbers, and credential-shaped strings scrubbed — may be included in aggregated research about how AI models disagree. Opting out stops future use and also withdraws your past bouts from anything assembled after that point. Bouts built from GitHub-imported repository content are used only as aggregate statistics regardless of this setting, unless the repository owner has separately opted in.
4. Who sees your data
The AI providers used in your bouts (such as Anthropic and OpenAI) receive the inputs needed to run them, under their own data policies. Infrastructure vendors host our servers and database. We disclose data if the law requires it. No one else.
5. Retention and deletion
Bout records persist until you delete them — the record layer is the product. Deleting your account removes your account data and bout records from the live system; encrypted backups age out on a rolling schedule. To delete your account, contact us at the address below.
6. Security
Passwords are hashed; BYOK provider keys and OAuth tokens are encrypted at rest; transport is TLS. No system is perfectly secure — do not submit content whose exposure would be catastrophic, and rotate any provider key you believe is compromised.
7. Contact
M3 Labs LLC · Virginia, United States · [email protected]. Material changes to this policy will be posted here with a new effective date.