Hosting, edge delivery, static asset serving, and runtime metrics (Vercel Analytics and Speed Insights).
- Data categories
- · Request metadata (IP, user-agent, path)
- · Application logs
- Processing location
- United States (global edge network)
- Safeguards
- · Standard Contractual Clauses
- · EU-US Data Privacy Framework (self-certified)
- · SOC 2 Type II
Authentication, user profile management, session handling.
- Data categories
- · Email address
- · Password hash (plaintext never exposed to us)
- · OAuth profile identifiers when used
- · Session cookies
- · Account metadata (tier, consent record)
- Processing location
- United States
- Safeguards
- · Standard Contractual Clauses
- · SOC 2 Type II
Payment processing and subscription billing.
- Data categories
- · Email address at checkout
- · Billing country and postcode
- · Payment method tokens (we never see card numbers)
- · Subscription lifecycle events
- Processing location
- United States (global payment network)
- Safeguards
- · Standard Contractual Clauses
- · PCI DSS Level 1 service provider
- · SOC 1 Type II and SOC 2 Type II
Redis storage for rate limits, weekly quota counters, prompt-hash analytics log, and prediction feedback.
- Data categories
- · Rate-limit buckets keyed by user or API key
- · Weekly request counts
- · SHA-512 hash of submitted prompts (non-reversible)
- · Thumbs-up/down feedback paired with the prompt hash
- · Truncated SHA-512 hash of the client IP for feedback dedup
- Processing location
- United States (AWS us-east-1)
- Safeguards
- · Standard Contractual Clauses
- · SOC 2 Type II
Managed Postgres for API key hashes and audit tables.
- Data categories
- · Salted hash of Calcis API keys
- · API key labels and creation/last-used timestamps
- · Account identifiers
- Processing location
- United States (AWS)
- Safeguards
- · Standard Contractual Clauses
- · SOC 2 Type II
Transactional email: receipts, password-reset links, security notices, service announcements.
- Data categories
- · Recipient email address
- · Email subject and body
- · Send status and bounce events
- Processing location
- United States
- Safeguards
- · Standard Contractual Clauses
- · SOC 2 Type II
On paid tiers, refined output-length prediction via a short call to the Claude Haiku API.
- Data categories
- · A structural fingerprint of the prompt (length and feature signals)
- · Not the prompt text itself
- Processing location
- United States
- Safeguards
- · Standard Contractual Clauses
- · Anthropic commercial terms (no training on API data by default)
Hosting of the calcis.dev@gmail.com support mailbox.
- Data categories
- · Anything users choose to include in a support email
- Processing location
- United States (and Google global regions)
- Safeguards
- · Standard Contractual Clauses
- · EU-US Data Privacy Framework
- · ISO 27001 / 27017 / 27018
For the full privacy story, see the Privacy Policy. To exercise rights about your data handled by any sub-processor, contact Calcis at calcis.dev@gmail.com first; we will coordinate with the vendor as needed.