Draft — pending legal review. This document describes how Fire Shrine intends to handle your data. It is not the final legal contract; final language will be substituted in place once counsel-vetted. If you need a definitive answer about how Fire Shrine handles a specific data scenario before then, contact privacy@fireshrine.ai.

Privacy Policy

Last updated: 2026-05-08

Data we collect

We collect the data needed to operate the routing service: account identity (email + Clerk user record), workspace metadata, the prompts you send, the responses you receive, and the routing decisions Fire Shrine made on your behalf. Final policy will enumerate every category of collected data and the lawful basis for each one.

BYOK keys

API keys you upload for upstream providers (Anthropic, OpenAI, Google, OpenRouter, vLLM, etc.) are stored envelope-encrypted in our database and scoped to the workspace they were uploaded to. Plaintext key material is never logged, never returned in API responses, and never shared between workspaces. Final policy will spell out the encryption posture and the key-rotation expectations.

Training on your data

Fire Shrine does not train its own models on your prompts or responses. Upstream providers each have their own training and retention policies; the per-workspace privacy tier (Standard / Enhanced / Maximum) at /settings/privacy lets you constrain Fire Shrine to providers that meet the posture you require. Final policy will detail how each tier maps to provider commitments.

Audit ledger and routing telemetry

Every routing decision Fire Shrine makes is recorded in the workspace audit ledger: model selected, reason, token spend, latency, response. This ledger is visible to the workspace owner and any members the owner grants access to; it is not shared with other workspaces. Final policy will document the retention window and how export and deletion work.

Cookies and local storage

Fire Shrine uses cookies for authentication (via Clerk) and stores small UI-state values (like your theme preference) in browser localStorage. We do not use third-party advertising cookies. Final policy will list every cookie and localStorage key, its purpose, and its lifetime.

Sharing with third parties

Your prompts and BYOK calls are forwarded to the upstream model provider you authorized; their privacy policy applies to that leg of the transaction. We use a small number of subprocessors (auth, hosting, error tracking, payment) and will publish the full subprocessor list in the final policy. We do not sell your data.

Your rights

You can export or delete your account and workspace data at any time from the settings page; deletion removes your data from active storage. Final policy will detail the rights you have under GDPR, CCPA, and other regional regimes, and the process for invoking each one.

Changes to this policy

We will update this policy as Fire Shrine evolves. Material changes will be communicated by email and a banner inside the app at least 14 days before they take effect. The current version is always the one published at this URL with the most recent "Last updated" date.

Contact

Questions about this policy, data-subject requests, or anything that should be clarified before legal-vet ships: privacy@fireshrine.ai.