Privacy Policy

Last updated: 2/4/26

This Privacy Policy explains how the GPBS AI API (https://ai.gpbs.workers.dev) collects, stores, and uses data when you interact with the API.

1. Data We Collect

1.1. API Request Logs

When you send a request to the API, the following information is preserved to save your chat history:

• API key
• IP address
• Origin (Referer / Origin header)
• User prompt (truncated to 300 characters)
• AI response
• System prompt
• Timestamp

This data is only collected to provide users with a reliable and simple form of communication.

1.2. Device Fingerprint & Chat History

To provide persistent chat history, a fingerprint hash is generated using:

• User-Agent
• Accept-Language
• IP address
• Cloudflare colo
• Accept header

This fingerprint is stored securely with your conversation history.

1.3. Rate Limiting Data

Your IP address is temporarily stored in Cloudflare KV for rate limiting.
This data expires automatically and is not stored permanently.

2. How We Use Your Data

Your data is used for:

• Operating the API
• Preventing abuse (rate limiting, API key validation)
• Debugging and improving reliability
• Maintaining per-device chat history
• Monitoring usage patterns (non-commercial)

Your data is not:

• Sold
• Shared with advertisers
• Used to train AI models
• Shared with third-party analytics companies

3. Where Your Data Is Stored

Data is stored on infrastructure provided by:

• Cloudflare (Workers, KV, AI inference)
• Supabase (PostgreSQL database)

These providers act only as infrastructure processors and do not access or use your data.

4. Data Retention

• Chat logs may be stored indefinitely unless manually purged.
• Chat histories persist until deleted or overwritten.
• Rate-limit data expires automatically.

5. Security

• All communication is encrypted via HTTPS.
• API keys are stored in Cloudflare KV.
• Database access requires an encrypted service-role key.

6. Changes to This Policy

This Privacy Policy may be updated at any time.
Changes will be reflected by updating the “Last updated” date.

Terms of Service

Last updated: 2/4/26

By using the GPBS AI API, you agree to the following terms.

1. Acceptable Use

You agree not to use the API for:

• Illegal activities
• Harassment, abuse, or threats
• Generating harmful or malicious content
• Attempting to bypass rate limits
• Reverse-engineering or attacking the service

GPBS may revoke API keys at any time for abuse.

2. API Keys

• API keys are required for most requests.
• You are responsible for keeping your key private.
• Lost or leaked keys may be disabled without notice.

3. Rate Limits

Default rate limit: 30 requests per minute per IP.
Excessive usage may result in temporary or permanent blocking.

4. No Warranty

The API is provided “as is” with no guarantees of uptime, accuracy, or reliability.

5. Limitation of Liability

The owner is not liable for:

• Loss of data
• Damages caused by API responses
• Misuse of the service
• Downtime or outages

6. Termination

GPBS may suspend or terminate access at any time for any reason, including:

• Abuse
• Excessive load
• Security concerns
• Violation of these terms

7. Changes to These Terms

These Terms may be updated at any time.
Continued use of the API means you accept the updated terms.

8. Contact

For questions or concerns:
afa.committee@ahschools.us