Version 2026-05-06
Privacy Policy
This policy explains how Coppice Labs Ltdhandles personal data for InfoJolt's current anonymous chat and signed-in free-account service. InfoJolt is not intended for users under 16.
Who Is Responsible
Controller: Coppice Labs Ltd, company number 16755303. Registered office: 5 Canon Court, Institute Street, Bolton, England, BL1 1PZ, UK. Contact: contact@coppicelabs.com.
Data We Process
- Anonymous session cookie values, chat messages, assistant responses, scoring feedback, ratings, model usage, and cost-limit state.
- Signed-in account email, Supabase user ID, profile timestamps, conversations, messages, scoring feedback, ratings, and free-account usage records.
- Legal acceptance, age confirmation, cookie/analytics preference, and trace-sharing preference records.
- Server-side operational telemetry, redacted analytics, and support correspondence when you contact us.
Why We Process Data
Core service data is processed to provide the requested AI training service, including account access, conversations, scoring, guardrails, rate limits, and free usage limits. Legal acceptance and preference records support accountability. Operational telemetry, abuse prevention, and security logs support service reliability. Content-bearing analytics or LLM traces are used only when you choose full trace sharing and matching server configuration permits content capture.
Lawful Bases
| Core service | Contract necessity for chat, responses, scoring feedback, account access, rate limits, and saved signed-in product data. |
|---|---|
| Trace sharing | Consent for optional full-trace analytics when content capture is configured. Redacted mode remains available. |
| Security and reliability | Legitimate interests for abuse prevention, guardrails, service diagnostics, cost controls, and privacy-minimised operational telemetry. |
| Legal records | Legal obligation and legitimate interests for terms acceptance, age confirmation, preference records, and privacy request handling. |
AI Processing
InfoJolt sends your chat content to model providers through Vercel AI Gateway so the assistant can respond, guardrails can run, and feedback can be scored. AI output may be incomplete, unsupported, or wrong. The product is for critical-thinking training, not professional advice.
Retention And Deletion
| Anonymous chat data | Stored in process memory for the current server process and may reset when the server restarts. |
|---|---|
| Signed-in conversations and messages | Stored until the user deletes product data or requests deletion through support. |
| Scoring feedback and ratings | Stored with the related signed-in conversation until product data is deleted. |
| Usage records | Stored for free-account cost-limit operation until product data is deleted. |
| Legal acceptance and preference records | Retained for accountability and legal administration after product data deletion unless deletion is required and available. |
| PostHog analytics and trace metadata | Not removed by the product-data deletion button. Contact support for rights requests where deletion or restriction is technically available. |
| Provider and infrastructure logs | Retained under provider policies and handled through support/privacy request workflows where applicable. |
| Support email | Retained as needed to answer the request, administer the service, and comply with legal obligations. |
Processors And Transfers
We use service providers for hosting, authentication, database storage, model access, analytics, rate limiting, and support. Processing may involve international transfers under the providers' transfer safeguards, such as standard contractual clauses, UK addenda, and equivalent provider transfer mechanisms where applicable.
- Supabase: Authentication, account profiles, conversations, messages, scoring feedback, ratings, usage records, and legal preference records.
- Vercel: Hosting, serverless functions, deployment infrastructure, and operational logs.
- Vercel AI Gateway and model providers: Response generation, guardrail checks, and scoring requests. Model providers may process submitted prompts and generated outputs to return the requested service.
- Upstash Redis: Anonymous rate limiting and lightweight usage state when configured.
- PostHog: Server-side product analytics, operational telemetry, and redacted LLM trace metadata. Content-bearing traces require explicit trace-sharing consent and matching configuration.
- Email and support tooling: Support requests, privacy-rights correspondence, and operational account help sent to the support email address.
Your Rights
You can delete signed-in product data from account settings. For access/export, correction, objection, restriction, analytics-record deletion where available, or other privacy requests, contact contact@coppicelabs.com. You may also complain to the UK Information Commissioner's Office or your local regulator.