YC Advisor — Privacy Policy

Effective: 2026-05-26

What we collect

When you use YC Advisor via the ChatGPT Custom GPT, Claude Code MCP server, or HTTPS API:

Your API key (hashed with SHA-256 before storage; we never store the raw key).
Your queries — the situation text you (or your AI assistant) send to the retrieval tools. Stored in usage_events for rate-limit accounting and aggregate quality metrics. Not used to train any model.
Tool metadata — which tool was called, latency, chunk count returned, the host that called it (Claude Code / Cowork / ChatGPT / web / other).
Standard server logs — IP address, User-Agent, request timestamp. Retained 30 days for abuse detection.

We do not read or store the rest of your AI assistant conversation. ChatGPT, Claude Code, and Cowork only send YC Advisor the specific tool calls their host LLM makes — not the broader conversation history.
We do not sell or share your data with third parties for advertising or any commercial purpose.
We do not use your queries to train any LLM. The corpus that powers retrieval is the public YC content we've indexed, not user-submitted text.

Postgres (Supabase) — api_keys, usage_events, indexed YC content (chunks, sources, partners, challenges).
Server logs — Vercel.
Third parties called per request: OpenAI (embeddings), Anthropic (situation decomposition), Cohere (rerank). These see the situation text but not your account email or API key. See their respective privacy policies.

Delete your data: revoke your API key in your account settings (or email support — address TBD pre-launch). On request we'll purge all usage_events tied to your keys within 14 days.
Export your data: request a JSON dump of your account + usage events at any time.

We'll update this page when material changes happen and re-stamp the effective date. We won't change it silently to make the policy more permissive.

For privacy questions, email — contact address to be set once the domain is live.