Privacy Policy

← Back to Council

(Last Updated: March 10th, 2026)

Privacy matters here. The app is built around API access rather than consumer chat surfaces because that is generally the cleaner and more controllable route. Still, no one should pretend this turns AI into a vault. If something is extremely sensitive, the safest move is still not to paste it into any online AI system at all.

As of this policy date, the AI providers used by LM Council state that API data is not used to train their public models. You should still read their current policies for yourself, because provider policies can change.

1. Information We Collect

We collect information in the following categories:

  • Account Information: authentication details such as your email address, display name, provider data, and user ID.
  • User Content: prompts, messages, uploaded files, saved councils, task definitions, generated artifacts, previews, and similar content you submit or generate.
  • Usage Information: feature usage, model/provider selection, task activity, credit consumption, and operational telemetry.
  • Log and Device Information: IP address, browser type, operating system, timestamps, and request metadata collected by our infrastructure and application logs.

2. Scheduled and Automated Processing

LM Council may process your instructions on a one-off or recurring basis when you create Tasks. That means the Service may re-run a saved workflow without you manually typing the same prompt again each time. Task runs create metadata such as schedule state, run state, credit estimates, logs, and artifacts.

3. Connected Account Data

Some features may allow you to connect external services. In the pre-Ltd rollout, GitHub App read-only beta is the main planned connected-source path. Later phases may include Gmail, Outlook, Slack, Notion, and Drive.

When you connect an external source, we may process connector metadata, approved scopes, selected resources, and source data needed to generate outputs. We do not treat all connected-source data the same way:

  • Connector metadata: may be stored so the connection can function.
  • Selected resource identifiers: may be stored so a task knows which repo, file, or page to use.
  • Raw private source content: is intended to be processed ephemerally by default, not stored permanently.

4. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Create and manage your account.
  • Run chats, previews, tasks, and artifact generation.
  • Route prompts and task inputs to approved AI providers.
  • Store your history, settings, artifacts, and credit usage.
  • Detect abuse, enforce terms, and protect the Service.
  • Communicate with you about your account or the Service.

5. How We Share Information

We share information in limited circumstances:

  • AI Providers: prompts, task inputs, and supporting content may be sent to providers such as OpenAI, Google, Anthropic, xAI, Perplexity, or other configured providers needed to produce output.
  • Infrastructure Providers: Firebase and Google Cloud Platform are used for authentication, hosting, database, scheduled jobs, and storage.
  • Audio Providers: ElevenLabs is used for supported speech and audio workflows.
  • Research and Retrieval Providers: services such as Tavily may be used where the product invokes web-research enrichment.
  • Model Routing and Inference Providers: OpenRouter and Replicate may be used for supported model or generation workflows when enabled in the product.
  • Email and Delivery Providers: services such as Resend may be used for supported product communications and transactional delivery paths.
  • GitHub: GitHub is used for GitHub App installation, webhook handling, and read-only repository task processing where you connect a repo.
  • Future Connector Providers: later connector management may use additional subprocessors such as Nango.
  • Legal or Safety Reasons: where disclosure is required by law or reasonably necessary to protect rights, safety, or the Service.

A current subprocessors list lives at /subprocessors.

6. Ephemeral Source Processing

This is one of the more important parts of the policy. For private connected-source data, the default design goal is: fetch what is needed, process it for the task run, persist the generated artifact and limited provenance metadata, and discard the raw private source content.

In plain English: we want the product value to come from the output, not from building a hidden mirror of your private repos, docs, or messages.

7. Automation Risks and Controls

Tasks can multiply activity because they may run on a schedule, consume credits repeatedly, and create new artifacts from earlier source material. That is useful, but it also means automation can amplify mistakes faster than a one-off chat.

  • Recurring execution: a saved task may continue running until you pause, archive, delete, or otherwise disable it.
  • Credit controls: tasks use LM Council credits and may stop, pause, or be blocked when budgets, plan limits, or safety checks are hit.
  • Failure and retries: worker retries, recovery jobs, or re-runs may occur where needed to keep the system consistent, though we try to avoid silent duplicate execution.
  • Abort and revocation: pausing a task, archiving it, or revoking a connector can stop future runs, but it may not rewind work already completed.
  • Review responsibility: generated code, summaries, fact checks, and portal outputs should be reviewed before external use or publication.

8. Artifacts, Logs, and Retention

Retention defaults are currently intended as follows:

  • Artifacts: retained until you delete them, your account is deleted, or the feature changes.
  • Task run logs: retained for approximately 180 days.
  • Security and audit logs: retained for approximately 365 days.
  • Raw private connected-source content: not retained by default.

Some providers may apply their own retention policies to data processed through their APIs. ElevenLabs, for example, states that it may retain certain data by default to improve and secure its services.

9. Data Storage and Security

User data is stored using Firebase and Google Cloud Platform with authentication controls, encrypted transport, and database or server-side access controls. We also use rate limits, logging, and access checks in API routes and worker functions.

No online system is perfectly secure. That is not a dramatic statement, just reality. We try to reduce risk, not pretend it can be made zero.

10. Lawful Bases

Where UK GDPR or similar laws apply, we generally process personal data on the basis of contractual necessity (to provide the Service), legitimate interests (to secure, improve, and operate the Service), consent (where you choose to connect third-party sources or enable optional processing), and legal obligation where required.

11. International Data Transfers

Your data, including connected-source content processed during task runs and chat sessions, may be transferred to and processed in countries outside the United Kingdom, including the United States. Our AI and infrastructure providers — such as OpenAI, Google, Anthropic, xAI, Perplexity, ElevenLabs, and GitHub — operate primarily in the US.

Where personal data is transferred outside the UK, we rely on the safeguards provided by our providers, which may include Standard Contractual Clauses (SCCs), the UK Extension to the EU-US Data Privacy Framework, or UK adequacy decisions, as applicable. You can request more information about the specific safeguards in place by contacting us.

12. Your Rights

You may have rights to access, correct, delete, restrict, or object to certain processing of your personal data.

  • You can delete your account through the Service when that option is available.
  • You can request account deletion or data deletion support by contacting us.
  • You can revoke supported connected accounts through the Service when connector management is available.

13. Connector Revocation and Deletion

If you revoke a connector or its scopes, tasks depending on that connector may pause, fail, or become blocked. Where possible, connector metadata and dependent resource references will be removed or marked inactive after revocation.

14. Google API Data Use

If and when LM Council enables Gmail or broader Google connector features, this policy will be updated with a dedicated Google API Data Use section covering exactly what is accessed, how it is used, what is stored, what is not stored, and how access is revoked.

15. Cookies

We do not currently rely on the usual marketing-cookie circus. If that changes, the policy will change too. Until then, the no-cookie-banner aesthetic remains one of the few unambiguous wins of modern web life.

16. Children's Privacy

The Service is not intended for children and we do not knowingly collect personal information from children.

17. Changes to This Policy

We may update this policy from time to time. Material changes will be announced through the Service or by other reasonable means.

18. Contact

Questions or concerns about privacy can be sent to support@lmcouncil.ai.