Privacy Policy

Last updated:

uhhh.ai is designed privacy-first. This page explains exactly what we collect, what we don't, and what we do with it.

You don't need an account to use uhhh.ai

The free tier of uhhh.ai works fully offline without an account. Press the hotkey, type a description, get suggestions — all of it runs locally on your machine. Nothing leaves your computer; nothing reaches us. If you never sign in, we collect nothing about you at all.

Signing in is what enables features that need our backend: the Pro cloud-LLM tier, cross-device syncing of your personal vocabulary (future), and the option to contribute anonymized usage data that helps us improve suggestion quality for everyone. Each of those is described in detail below.

What we collect (only if you sign in)

Account data

  • Your email address — collected via Clerk when you sign in.
  • Your subscription status, tier (free or Pro), and Paddle customer ID — used to gate Pro features and bill correctly.
  • A device token and device ID — generated when you connect a device, used to authenticate your desktop app to our backend.

Anonymized usage data (consent required, asked at sign-in)

When you sign in we ask whether you'd like to share anonymized usage data to help us improve uhhh.ai for everyone. The choice is yours; you can change it any time in the desktop app's settings. If you decline, none of the data below is ever sent. If you accept, it's sent whenever the app is online — independent of whether you're on the free tier or Pro.

If you opt in, we collect:

  • A salted SHA-256 hash of your query description (not the raw text)
  • The word you picked and the words that were offered
  • The day, week, or month bucket of the event (not a precise timestamp)

The salt is rotated quarterly. Same description from any user hashes to the same value — that's what enables the community-rerank signal that improves suggestions over time. The data isn't linked to your identity in our analytics: we know some account contributed a pick, but the aggregated table that drives rerank has no user IDs at all.

What we DON'T collect

  • Anything at all if you haven't signed in.
  • The raw text of your queries. On the free tier (signed in or not), queries are processed locally by a model on your machine and never sent anywhere. On the Pro tier, queries are forwarded to our LLM proxy in memory only; we do not log them.
  • The words the app types for you. We never see what you do with a suggestion after you pick it.
  • Your keystrokes, screen contents, or any other ambient data.
  • Cookies for tracking. The only cookies we use are essential session cookies (Clerk for sign-in; Paddle for checkout).

How we use it

  • Account email + token: to authenticate you and gate Pro features.
  • Subscription status: to bill you correctly and to flip your Pro features on or off.
  • Anonymized usage data (if you consented): to make suggestions better for everyone. The data feeds an aggregated rerank model; we don't analyze it per-user.

We do not sell your data. We do not show ads. We do not run analytics on individual users.

Third parties we share with

  • Clerk (clerk.com) — handles authentication. Sees your email, sign-in events, IP.
  • Paddle (paddle.com) — handles payments as our merchant of record. Sees your name, billing address, payment method, and purchase history.
  • Cloudflare (cloudflare.com) — hosts our backend. Sees request metadata (timestamps, IP, response status).
  • OpenAI (openai.com) — provides the cloud LLM for Pro users. Sees the description you submit for a Pro-tier query, but not your identity (we strip user metadata before forwarding).

We choose vendors who are credible on data handling. Each has their own privacy policy.

Your rights

  • Access — request a copy of what we have about you: support@uhhh.ai.
  • Delete — delete your account and associated data: support@uhhh.ai. We'll delete within 30 days, except where law requires retention (e.g., tax records of past purchases).
  • Export — receive your data in a portable format: support@uhhh.ai.
  • Withdraw telemetry consent — flip the toggle in the desktop app's settings any time. Data collected before the toggle was switched off stays in our aggregated rerank scores (since it's already de-identified and aggregated), but no new data flows after.

If you're in the EU/UK we recognize GDPR rights; if you're in California we recognize CCPA rights; if you're elsewhere with comparable laws, we recognize those too.

Data retention

  • Account data: kept as long as your account exists, plus up to 30 days after deletion in case of accidental cancellation.
  • Anonymous telemetry: hashes are retained for community-rerank computation; raw event rows are aggregated into popularity scores quarterly and the raw rows discarded.
  • Billing data: retained by Paddle as long as their compliance obligations require (typically 7 years for tax records).

Children

uhhh.ai is not directed at children under 13 (or 16 in the EU). We don't knowingly collect data from them.

Changes to this policy

If we materially change what we collect or how we use it, we'll update this page and notify Pro users by email before the change takes effect.

Contact

support@uhhh.ai