Privacy Policy

Effective date: May 27, 2026

Argot is operated by Rike Industries LLC, a Minnesota limited liability company ("we," "us," "Argot"). This policy explains what information we collect, why, where it goes, how long we keep it, and what you can do about it. By using the service you agree to the practices described here.

What we collect

• Account info: your email address and a salted bcrypt hash of your password (we never see your actual password and cannot recover it).
• Plan and billing: your subscription tier, billing dates, founder-rate status, and a Stripe customer ID. We do not see or store your full card number, CVC, or bank account.
• Chat history: your queries, the answers you received, and which video citations were returned. Scoped strictly to your account.
• Channels you subscribe to: which YouTube channels you've added to your library.
• Contact form / waitlist messages: if you submitted them, including any "channels you want" notes.
• User agent string: captured with form submissions to help filter spam and abusive automation.
• IP address: used transiently for rate limiting and abuse prevention; not written to long-term storage. Cloudflare may retain edge logs for a short period as part of routine network operation.
• Email-delivery metadata: opens, bounces, and delivery failures for transactional emails sent via Resend.
• Diagnostic logs: server-side error logs that may incidentally contain timestamps and request paths. They do not contain message bodies, passwords, or full email addresses.

Cookies and similar technologies

We do not use advertising cookies, tracking pixels, third-party analytics SDKs, or session-replay tools. The only cookies we set are:

• A session cookie: keeps you logged in. Set with HttpOnly, Secure, and SameSite=Lax flags. Expires when your session ends or after 30 days of inactivity.
• A theme preference: stored in your browser's localStorage (not transmitted to us) so the site remembers light/dark mode.

Do Not Track: we honor "Do Not Track" by default; we don't track cross-site behavior in any case, with or without DNT.

How we use what we collect

• To run the product: show your channels, your chat history, and serve your queries.
• To process subscription billing through Stripe.
• To send transactional emails (account verification, password reset, billing receipts, important service notices).
• To respond to support requests and act on takedown / opt-out notices.
• To detect and prevent abuse, fraud, and security incidents.
• To comply with legal obligations (e.g., tax records, lawful requests from authorities).

What we do NOT do: we do not sell, rent, or share your personal information with any third party for marketing. We do not train AI models on your private chat history. We do not run programmatic advertising. We do not build behavioral profiles for resale.

Chat history privacy

Your chat history is private to your account. It's never shown to other users, never blended into channel-shared data, never sent to outside AI providers, and never used as training data. Each chat session is yours alone.

AI and infrastructure

Chat queries are processed entirely on infrastructure we control. Your questions are not sent to OpenAI, Anthropic, Google, or any other external AI provider for inference. We run local language models on our own servers.

Third parties (sub-processors)

We use a small number of trusted infrastructure providers to deliver the service. Your data is shared with these providers only to the extent strictly necessary for them to perform their function:

• Stripe: payment processing. Stripe receives your payment information directly; we receive only a customer ID and tokenized metadata (card brand, last 4, expiration).
• Resend: transactional email delivery. Your email address and the message body are sent to Resend solely for delivery; Resend does not use it for marketing.
• Cloudflare: DNS, TLS termination, DDoS mitigation, and edge caching. Cloudflare may transiently see request metadata (IP, user agent, requested path) as part of routing traffic to our origin server.

We do not use any other sub-processors for personal data. If we add one, we'll update this list and email active subscribers in advance.

Where your data lives

Argot's primary application database is hosted in the United States. Stripe, Resend, and Cloudflare may process data in additional regions per their own infrastructure footprints; see their respective privacy policies. By using Argot you consent to your data being processed in the United States and other jurisdictions where our sub-processors operate.

Security

We take reasonable technical and organizational measures to protect your data, including:

• HTTPS/TLS encryption for all traffic between you and our servers, terminated at Cloudflare and re-validated at the origin.
• Passwords stored as salted bcrypt hashes, never in plaintext.
• Session cookies marked HttpOnly, Secure, and SameSite=Lax.
• Rate limiting and bot mitigation on public endpoints.
• Stored secrets (API keys, signing secrets) kept in environment files outside source control.
• Limited internal access: only the operator has direct database access; there is no external customer-support team or contractor with access to user data.

No system is perfectly secure. If we discover a personal-data breach affecting you, we will notify you by email without undue delay (and within any timeframes required by applicable law) and describe what happened, what data was involved, and what steps you should take.

Retention windows

Chat history is kept on a rolling window based on your plan:

• Free: 7 days. Older messages are auto-deleted.
• Pro / Plus / Team: 90 days. Older messages are auto-deleted.
• Pinned conversations: kept indefinitely while your account is active.

Account info (email, plan), channel subscriptions, and billing records are kept while your account is active and for a 60-day grace period after deletion. Stripe payment receipts may be retained longer where required by tax or financial law (typically up to 7 years). Contact form and waitlist records are kept until you request deletion. Cloudflare and similar transit logs are retained per those providers' policies, typically days to weeks.

Account deletion and grace period

If you cancel and delete your account, we keep your data for a 60-day grace period so you can change your mind. After that, all account-specific data (chat history, saved citations, contact records, payment history beyond what tax law requires us to retain) is permanently deleted. Channel transcripts may remain in our shared index because other users subscribe to the same channels.

Export your data

You can request a JSON export of your account data at any time from account settings, or by emailing us. The export includes your channels, chat history, pinned conversations, and saved citations. We aim to deliver exports within 24 hours and in any case within 30 days.

Your rights

Depending on where you live, you may have specific rights regarding your personal information:

• Access: see what we hold about you (request via account settings or email).
• Correction: update your email or other personal info from settings.
• Deletion: delete your account at any time; we'll honor it within the 60-day grace policy above.
• Portability: export your data in machine-readable JSON.
• Object / restrict: contact us if you want a specific kind of processing limited.
• Withdraw consent: for processing based on your consent, you can withdraw it at any time without affecting prior lawful processing.
• Lodge a complaint: with your local data protection authority.

EU/UK residents (GDPR): our legal bases for processing your data are (a) performance of a contract, to deliver the service you signed up for, (b) legitimate interests, to prevent abuse and run our business, (c) legal obligation, for tax and compliance, and (d) your consent, where applicable.

California residents (CCPA/CPRA): we do not sell or "share" personal information for cross-context behavioral advertising. You have the right to know, delete, correct, and opt out, exercisable through the same channels above. We do not discriminate against users who exercise these rights.

Marketing communications

We do not currently send marketing emails. The only emails you'll receive from us are transactional: account verification, password resets, billing receipts, important service notices, and replies to your support requests. If we ever introduce a marketing email program, it will be opt-in only.

Children

Argot is not intended for children under 13 (or 16 in jurisdictions where that's the threshold). We do not knowingly collect data from children. If we learn we've received data from a child below the relevant age, we'll delete it. Parents who believe their child has provided us data can contact us via the contact form.

Contact

Questions about this policy or to exercise any of your rights? Reach out via the contact form on the main page. We aim to respond within 7 days; substantive requests (export, deletion, GDPR access) within 30 days.

Changes

If we make material changes to this policy we'll update the effective date above and notify active subscribers by email at least 14 days before the change takes effect. Non-material clarifications (typo fixes, link updates) may be made without notice.