Privacy Policy

Last updated: March 24, 2026

PRVT is operated by MedTech Consulting LLC ("we," "us," "our"). This policy explains how we collect, use, and protect your information when you use PRVT at goprvt.ai and the PRVT application.

Our core privacy promise

PRVT is built around a single principle: your data stays in your container. Every user gets their own isolated Docker container. Your conversations, memories, connected service credentials, and personal context live exclusively inside that container. We cannot access your container's contents during normal operation.

What we collect

Account information

When you sign up, we collect your email address and display name. This is stored in our database (Supabase) for authentication and account management.

Billing information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers — Stripe handles that directly.

Usage metrics

We track aggregate usage costs (voice processing, AI model usage) to enforce plan limits. We track the total cost, not the content of your conversations.

Connected service display info

When you connect Google (Gmail/Calendar), we store only your connected Google email address for display in the settings UI. Your Google OAuth tokens are stored exclusively in your container — not in our database.

What we do NOT collect

• Conversation content — your chats stay in your container
• Memory files — your assistant's knowledge about you stays in your container
• OAuth tokens — Google, Todoist, and other service credentials stay in your container
• Voice recordings — audio is processed in real-time and not stored by us
• Transcripts — conversation logs are stored in your container only

How your container works

Each PRVT user gets a dedicated Docker container running on our infrastructure. Your container holds:

• Your AI assistant's personality and memory files
• Your conversation transcripts
• Your connected service credentials (Google, etc.)
• Your assistant's configuration and preferences

Containers are isolated from each other by Docker's container boundary. One user cannot access another user's container. Our platform code routes your requests to your container but does not read or store the content that passes through.

Third-party services

PRVT uses the following third-party services:

• Anthropic (Claude) — AI model provider. Your messages are sent to Anthropic's API for processing. Anthropic's privacy policy applies to that processing. Anthropic does not train on API inputs.
• Deepgram — Speech-to-text processing for voice conversations. Audio is processed in real-time and not stored.
• Inworld AI — Text-to-speech for your assistant's voice responses.
• Stripe — Payment processing.
• Supabase — Authentication and account database.
• Google APIs — When you connect Gmail and Calendar, your container communicates directly with Google's APIs using your OAuth tokens.

Data retention

• Active accounts: Your container and all its data persist as long as your subscription is active.
• Cancelled subscriptions: Your container is stopped after a 7-day grace period. Data is retained for 30 days, then permanently deleted.
• Account deletion: When you delete your account, all data is removed — your container is destroyed, your database records are deleted, and your Stripe customer is removed. This is irreversible.

Your rights

• Access: You can view all your data through the PRVT application — your conversations, memories, and connected services.
• Deletion: You can delete your account at any time from Settings. This permanently removes all your data.
• Portability: Your conversation transcripts are available through the Transcripts page in the application.
• Disconnect services: You can disconnect Google and other services at any time from Settings, which removes the credentials from your container.

Security

We implement the following security measures:

• Container isolation between users (Docker boundary)
• Encrypted connections (HTTPS/WSS) for all data in transit
• Per-container authentication tokens
• Row-level security on our database
• Rate limiting on all public endpoints
• HMAC-signed OAuth state parameters
• No plaintext credential storage outside containers

Children's privacy

PRVT is not intended for children under 13. We do not knowingly collect information from children under 13.

Changes to this policy

We may update this policy as PRVT evolves. We'll notify users of significant changes via email. The "last updated" date at the top reflects the most recent revision.

Contact

For privacy questions or data requests, contact us at privacy@goprvt.ai.

MedTech Consulting LLC — goprvt.ai