All Things Cosmere ("we", "us", "the Service") is an AI-powered knowledge base about Brandon Sanderson's Cosmere universe. We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the GDPR.
1. Data We Collect
We collect the minimum data necessary to operate the Service:
Questions and messages you type or speak into the chat interface.
IP address used solely for rate limiting to prevent abuse. We do not associate your IP address with your queries or store it alongside conversation data.
Voice recordings (only if you use voice mode) are processed in real time and are not stored on our servers after transcription.
If you create an account, we also collect:
Account information: Your email address, display name, reading progress, topics of interest, and newsletter preferences (if you opt in).
Conversation history: When you are signed in, conversations may be stored in our database linked to your account.
The service is designed to collect anonymized usage analytics (such as query types, session counts, and response quality indicators) to improve Taylor's accuracy. This data is stored in the user_analytics table and is not linked to your identity. Note: As of the current version, this analytics pipeline is not yet active — data collection may begin in a future update, at which point this policy will be updated accordingly.
We do not collect:
Cookies or browser fingerprints
Advertising or marketing tracking data (no Google Analytics, no pixel trackers)
Location data beyond what an IP address implies
2. How AI Processes Your Queries
When you submit a question, it is sent to third-party AI services for processing. Your query text is transmitted to:
OpenRouter / DeepSeek — generates the AI response to your question. Your query is sent as part of an API request. OpenRouter and DeepSeek process the text under their respective privacy policies and may retain request logs per their data retention terms.
OpenAI — generates text embeddings (numerical representations) of your query to search our knowledge base. The query text is sent to OpenAI's embedding API. OpenAI processes this data under their privacy policy.
We do not send any personal information with these API requests — only the text of your question.
3. Voice Mode
Voice mode is entirely optional. If you choose to use it:
Speech-to-text: Your audio is sent to OpenAI Whisper for transcription. The audio is processed in real time and is not stored by us after the transcription is returned. OpenAI may retain data per their data retention policies.
Text-to-speech: AI responses are converted to audio using Fish Audio. Only the AI-generated response text is sent to Fish Audio — never your original input. Fish Audio processes this under their own privacy policy.
4. Local Storage (Your Browser)
Conversation history is stored in your browser's localStorage. This data never leaves your device and is not transmitted to our servers. You can clear it at any time by:
Using the clear/reset function within the app
Clearing your browser's site data for this domain
We have no access to data stored in your browser's localStorage.
5. Response Caching
To improve performance, we cache AI-generated responses and text-to-speech audio in our database (Supabase). These caches contain:
The text of common queries and their AI-generated answers
Generated audio files for text-to-speech responses
Cached data does not contain any personal identifiers. It is used solely to serve faster responses for frequently asked questions.
6. Rate Limiting
We use IP-based rate limiting to prevent abuse and ensure fair access. Your IP address is checked against request counts but is not logged persistently, associated with your queries, or used for any purpose beyond rate enforcement.
7. Third-Party Services
The Service relies on the following third-party providers to function:
Vercel (hosting) — Privacy Policy. Vercel retains server access logs including IP addresses, request paths, and user agent strings for security and debugging purposes, subject to Vercel's data retention policy.
We do not sell, rent, or share your data with any third parties for marketing or advertising purposes.
8. Data Retention
Conversation history: Stored only in your browser's localStorage. Retained until you clear it. We do not have a copy.
Response cache: Retained indefinitely to improve service performance. Contains no personal data.
Rate limiting data: Temporary, automatically purged on a rolling basis.
Voice audio: Not retained after real-time transcription.
TTS cache: Audio generated by voice mode is cached for up to 30 days to improve performance. Cached audio is identified by a hash of the text content only and contains no personally identifiable information.
9. Your Rights
Under the GDPR and similar data protection laws, you have the right to:
Access — request what personal data we hold about you. Because we do not collect personal identifiers, we likely hold no data that can be linked to you.
Erasure — request deletion of any data associated with you. Conversation data is stored locally on your device and can be deleted by clearing your browser data.
Object — object to processing of your data. You may stop using the Service at any time.
Portability — request your data in a portable format. You can download your data at any time via Settings → Export My Data, which includes your profile, reading progress, and conversation history. localStorage data is already on your device.
To exercise any of these rights, contact us at the address below.
10. Lawful Basis for Processing (GDPR)
For users in the European Economic Area, we process personal data under the following legal bases:
Contract (Article 6(1)(b)): Processing necessary to provide the service — your account, reading progress, conversation history.
Consent (Article 6(1)(a)): Optional features such as newsletter emails (where applicable) and voice mode microphone access. You may revoke microphone consent at any time via your browser settings.
11. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.
12. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. We will notify users of material changes via a notice on the application. Changes take effect 30 days after posting.
13. Contact
If you have questions about this privacy policy or your data, contact us at: