Privacy Policy
EcoDues (“we,” “us,” or “our”) is operated at ecodues.org. This policy explains what data we collect, why we collect it, who processes it, and what rights you have.
Data we collect
Account credentials
When you sign up with email and password, your credentials are managed by Supabase Auth — we never see your raw password. If you sign in with GitHub or Google OAuth, we receive only the profile information those providers expose (email address and display name). We store your display name so we can address you in emails.
AI usage records
We store the usage data you log or that we pull from connected provider APIs: provider name, model name, token counts, estimated spend, and the billing period. This is the core data that drives our emissions estimates and donation suggestions.
Provider API keys
If you connect an AI provider by pasting an API key, that key is encrypted at rest using AES-256-GCM before being written to the database. The key is decrypted only when we need to fetch your monthly usage totals from the provider’s API, and is never logged or transmitted elsewhere.
Subscription tier
If you select a consumer subscription plan (e.g., ChatGPT Plus) instead of connecting an API key, we store that tier selection so we can apply the correct monthly token estimates.
What we do not collect
- We never receive your payment card details or bank information. Donations go directly to PayPal Giving Fund or Every.org under their terms — EcoDues is never in the payment flow.
- We do not run third-party advertising or sell your data to any third party.
- We do not track your browsing behavior across other sites.
- We do not read the content of your AI conversations — only token counts and spend figures.
Infrastructure and subprocessors
| Subprocessor | Role | Data region |
|---|---|---|
| Supabase | Database and authentication | US (AWS us-east-1) |
| Vercel | Hosting and edge compute | US / global edge |
| Resend | Transactional email delivery | US |
| PayPal Giving Fund / Every.org | Donation checkout (you transact with them directly) | Their own infrastructure |
Emails we send
We send transactional emails via Resend: monthly usage recaps, donation-ready notifications when your offset tab clears a charity’s minimum, quarterly summaries, and API key error alerts. We do not send marketing emails. You can opt out of usage and donation emails at any time from Settings in your account, or via the unsubscribe link included in any email we send.
Data retention and deletion
Your data is retained for as long as your account is active. You can delete your account at any time from Settings, which removes your profile, usage records, emission estimates, donation ledger entries, and any stored provider connections (including encrypted API keys) from our database. Alternatively, email us at real.jamesmsmith@gmail.com and we will delete your data within 30 days.
Security
Provider API keys are encrypted with AES-256-GCM using a server-side key before being stored. All data in transit is encrypted via TLS. Database rows are protected by row-level security (RLS) policies — users can only read and write their own data. Supabase Auth handles password hashing; we never store plaintext passwords.
Contact
Questions about this policy? Email real.jamesmsmith@gmail.com. Site: ecodues.org.