Who we are
Data controller: Sarma Linux, an individual based in London, United Kingdom. Contact: projects@sarmalinux.com.
What we store
- Your email address, used to sign you in.
- An OAuth identifier if you sign in with Google or GitHub.
- Encrypted ciphertext of your provider API keys and conversations. We cannot decrypt these.
- A per-account salt and a sentinel used to verify your passphrase locally.
- Anonymous request metadata: timestamp, which provider served the call, latency, status code. Used to keep the service healthy.
What we never store
- Your passphrase, or anything from which we could reverse it.
- The plaintext of your provider API keys.
- The content of your prompts or model responses.
- Telemetry, advertising trackers, or any third-party analytics scripts on your prompts.
Processors
- Vercel Inc. hosts the application and edge network.
- Supabase hosts the database and runs the authentication layer.
- Resend delivers transactional email such as magic links.
- Your chosen AI providers (Groq, Google, SambaNova, Cerebras, OpenRouter, Cloudflare) receive your prompts when you send them. Their privacy terms apply to that data.
Your rights
Under the UK GDPR you have the right to access, correct, export, and delete the personal data we hold about you. You can delete everything from Settings → Data, or by emailing the address above. We will respond within 30 days.
Retention
We retain your account data for as long as your account exists. When you delete your account, your encrypted data is removed within 30 days, after which backups are also cycled out.
Children
sarmalink is not directed at children under 16. If you believe a child has created an account, email us and we will close it.
Changes
If we materially change this policy we will email you and post a changelog on this page.