DEAR THEO · DEARTHEO.APP ·T
How we handle your data

Security & data handling, built into everything

Your agency's work is sensitive. Here's exactly how Dear Theo handles it — your API keys encrypted, sign-in through Google, and your content kept yours. No fine print.

How your data is handled

The commitments we can actually stand behind

Encrypted at rest

Your LLM provider API keys are encrypted before they're written to storage.

Google sign-in

Authentication runs through Google OAuth. We never store a password.

You own your work

Your uploads and generated outputs belong to you — export or delete them anytime.

No model training

We don't use your content to train AI models, and we don't sell it.

How we protect your data

Multiple layers, from infrastructure to application

Encryption at rest

Your LLM provider API keys are encrypted with strong symmetric encryption before they're stored, and everything travels over HTTPS. Your credentials never sit in plaintext.

  • API keys encrypted before storage
  • Encrypted in transit over HTTPS/TLS
  • Keys scoped to your own account

Sign-in through Google

Authentication is handled by Google OAuth, so there's no password for us to store or leak. Access to your workspace is scoped to you and your organization.

  • Google OAuth sign-in
  • No passwords stored
  • Organization-scoped access to your work

Your data stays yours

Your content isn't used to train AI models and isn't sold. Your documents and the vectors we build for retrieval are stored under your account and surfaced only back to you.

  • No training on your content
  • Per-account document and vector storage
  • You own everything you make

Where your data lives

We're plain about where things sit and who touches them. Our sub-processors are Google, for Firebase, and the LLM provider you choose to connect.

  • Documents in Google Firestore
  • Files in Firebase Storage
  • Retrieval vectors in Pinecone
Our privacy commitment

We don't sell your data. We don't train on it.

We don't even look at it unless you ask us to for support.

What we collect

Only what's necessary: account information, uploaded documents, workflow configurations, and usage analytics to improve the product. You can export or delete everything at any time.

What we don't do

  • We don't sell your data to third parties
  • We don't use your content to train public AI models
  • We don't share your information without your consent
  • We don't access your data unless you request support

Your rights

You own your data. You can export it, delete it, or take it with you at any time. No lock-in. No hostage-taking. If you cancel, you can export everything before we permanently delete it.

Incident response & reporting

If a security incident ever affects your data, we'll tell you promptly and keep you updated in plain language until it's resolved.

Report a security issue: security@deartheo.app

Responsible disclosure: Email us and we'll acknowledge the report and work with you on a fix.

Read our privacy commitment
DEAR THEO · DEARTHEO.APP ·T

Questions about security?

We're happy to talk through exactly how your data is handled. Reach out and we'll walk you through it.