Privacy Policy

Version 2026-05-13 · Effective 2026-05-13

The short version
  • We don't sell your data. We don't share it for advertising. The only third parties that receive your data are Anthropic (for AI processing) and Stripe (for payment processing).
  • No tracking, no analytics, no ad pixels on this website. The dashboard uses one session cookie for login state.
  • We don't store the content of your AI prompts. Prompts pass through our proxy in memory only — never written to disk or database.
  • AI processing happens at Anthropic. We configure our Anthropic access to limit data retention and to exclude submitted content from AI model training, using whichever options Anthropic makes available. Specifics may change as Anthropic's offerings evolve.

1. What We Collect

Account data: email address, hashed password, account creation date, billing history.

Usage telemetry: per-request token counts, hostname of machines you connect AI features to, engagement timestamps. This is used for billing and rate-limiting.

Payment data: handled by Stripe; we do not store card numbers. We retain the Stripe customer ID and subscription ID for billing.

AI prompt content: when you use AI features, the prompt content (which may include diagnostic dumps, hostnames, usernames, file paths, event log excerpts, and other system data from the machine you are servicing) is transmitted to Anthropic for processing.

2. Data Sent to Anthropic

AI features are powered by Anthropic's Claude. When you use them, the prompts you submit (which can include diagnostic dumps, hostnames, usernames, file paths, event log excerpts, and other system data from the machine you are servicing) are transmitted to Anthropic for processing.

We configure our access to Anthropic's services to limit data retention and to exclude submitted content from being used to train AI models, in accordance with the options Anthropic makes available to its customers. The specific configuration and the available options may change over time as Anthropic's offerings evolve. For Anthropic's current data-handling terms, see https://www.anthropic.com/legal/privacy.

If you operate GRAM on a customer's machine, that customer's data will be transmitted to Anthropic. You are responsible for any disclosures or consents required by your relationship with that customer.

3. Data We Do Not Collect

We do not collect telemetry from the local diagnostic, security, network, file recovery, or drive imaging scripts unless you explicitly invoke an AI feature. Those scripts run entirely on the USB and target machine.

4. Cookies & Local Storage

The website uses browser localStorage to keep you logged in (JWT token and API key). We do not use third-party analytics or advertising cookies. Stripe Checkout pages may set Stripe-owned cookies for fraud prevention.

5. Data Retention

Account data is retained while your account is active. Transaction history is retained for 7 years for tax and accounting purposes. Engagement and request logs are retained for 90 days, then summarized and the per-request rows are deleted.

6. Your Rights

You may request export or deletion of your personal data at any time by emailing info@bluelinescannables.com. Deletion requests are honored within 30 days, subject to our obligation to retain transaction records for tax purposes.

7. Security

Passwords are hashed with bcrypt. Connections to the API use HTTPS. We restrict database access to the proxy server. We do not promise the service is invulnerable; report suspected vulnerabilities to info@bluelinescannables.com.

8. Children

GRAM is not intended for users under 13. We do not knowingly collect data from children.

9. Changes

We may update this policy. Material changes require re-acceptance the next time you log in.

10. Contact

Privacy questions: info@bluelinescannables.com.