Privacy Policy

WooSee Limited ("we", "us", "our") operates Consensable.com. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What We Collect

Account data: When you register, we collect your email address and a hashed copy of your password (or, if you use social login, your name and email from the OAuth provider).

Usage data: For each synthesis query, we log a one-way hash of the question (not the question itself), the AI models used, the number of tokens consumed, and the estimated cost. We do not store your question text on our servers after the session ends.

Technical data: Standard server logs including IP addresses and browser user-agent strings, retained for up to 30 days for security and debugging.

2. How We Use Your Data

• Account management — to authenticate you and maintain your account (legal basis: contract performance).
• Usage accounting — to track token consumption and associated costs (legal basis: legitimate interests).
• Security — to detect abuse and protect the service (legal basis: legitimate interests).
• Legal compliance — to comply with applicable laws (legal basis: legal obligation).

3. Third-Party Processors

Your query content is transmitted to the following third parties to generate AI responses. By using Consensable, you acknowledge this processing:

• OpenRouter (openrouter.ai) — routes your query to one or more AI model providers. OpenRouter's privacy policy governs their processing.
• Amazon Web Services (eu-west-2 region) — provides our hosting infrastructure and parameter storage.
• Brave Search — if you select web search, your question is sent to Brave's search API. Brave's privacy policy governs their processing.
• Google / Apple / Facebook — if you use social sign-in, these providers authenticate you and share your name and email with us. Their respective privacy policies apply.

4. Data Retention

• Account data: retained until you delete your account.
• Usage logs: retained for 12 months, then automatically deleted.
• Server logs: retained for 30 days.
• After account deletion, all personal data is erased within 30 days except where we are required to retain it by law.

5. Cookies & Local Storage

We use your browser's localStorage to store your authentication token (a signed JWT). This is essential for the service to function and does not expire until you sign out. We do not use third-party tracking cookies or advertising cookies. See our Cookie Policy for full details.

6. International Transfers

Some of our third-party processors (including OpenRouter and AI model providers such as Anthropic, OpenAI, Google, and Meta) may process data outside the UK/EEA. Where this occurs, we rely on standard contractual clauses or adequacy decisions as the legal transfer mechanism.

7. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and associated data (available directly in Account settings).
• Restriction — restrict processing in certain circumstances.
• Data portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests.

To exercise any right, email solo@woosee.pro. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.

8. Security

Passwords are hashed using bcrypt with a cost factor of 12. All connections are encrypted via TLS. We review our security practices regularly.

9. Children

Consensable is not intended for use by persons under the age of 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via the service or by email. Continued use after changes constitutes acceptance.