Better AI - Privacy Policy

updated: 10/01/2023

Better is committed treating privacy as a first-class citizen. In this document, we will outline our privacy policy in three sections.

If I sign-in with Google, what does Google get?

Google does not get any information besides your login attempt to Clerk.dev, which serves as the Auth library.

Google will share your name, email address, language preference, and profile picture with clerk.shared.lcl.dev.

Clerk is a paid SaaS product that provides the Authentication to log into to the app. Using Clerk for Better’s Auth means the users (you) don’t have to worry that the developer (me) is storing any emails/password. In fact, Better doesn’t have any database of emails or password - everything is provided by Clerk and handled by their security team and policy.

It’s the most secure strategy.

Clerk’s product tells the Better AI product if a user is real, and if a user is signed in, and when the user sign’s out. This allows us to do SSO sign-in, so it’s easy to get started.

you can also do an email address sign-in with a magic link (to any email address).

What does OpenAI get?

We have NOT opted to share any data with OpenAI. Furthermore, all API requests from Better AI to OpenAI's APIs are sent under the same developer API keys, which means every request is anonymized with the total pool of requests. From OpenAI's perspective, every request comes from a single developer account. So if 1,000 people chat with coaches, from OpenAI’s API they are receiving everything from only 1 developer account (mine account). They have no way to tell what is real/fake/this-person/that-person.

Please don’t abuse this.

How does Better AI handle sensitive data?

Privacy is incredibly important to me personally. I’ve worked as an engineer at AWS, and I aim to follow the standard I learned there:

All data is locked to a customer’s account that they have Signed-In/Registered with. An authenticated user can only access it’s own data, and cannot access any other data. All the API routes and client-side pages are protected Clerk’s authorization.
Data for coach customization and chat history are stored in DynamoDB and follow DynamoDB's encryption protocols: "Your data is encrypted in transit over an HTTPS connection, decrypted at the DynamoDB endpoint, and then re-encrypted before being stored in DynamoDB." Interaction with DynamoDB is done with AWS SDK v3 DocumentClient, which handles this interaction. "Your plaintext data is never exposed to any third party, including AWS."
Further, the developer access controls to the AWS account are role-restricted to not allow developers access to the DynamoDB data content. This means any engineers cannot view data in the DynamoDB tables.
I have disabled client-side logging, and server-side logging is NEVER outputting customer sensitive data such as coach configurations, or chat messages.
Vercel analytics is used for things like “A user logged in”, “A user clicked the ‘Create Coach’ button”, “An error happened”, and does not identify which user. Vercel analytics is important to developing to know if anything is broken and needs to be fixed, and to tell the developer how many user’s are using the app.

We hope this privacy policy provides clarity on how we handle your data.

Any questions at all, please email better.ai.app.com and I will respond and update.