Privacy Policy

Dewey AI, Inc. (“Dewey,” “we,” “us,” or “our”) operates the Dewey platform and website at meetdewey.com. This Privacy Policy explains what information we collect, how we use it, and your choices regarding that information.

1. Information We Collect

Account and Profile Information

When you create an account, we collect your name, email address, and authentication credentials (or OAuth tokens if you sign up via GitHub). If you upgrade to a paid plan, your billing information (credit card details, billing address) is collected and processed by Stripe; Dewey does not store raw payment card data.

Customer Data

Customer Data refers to the documents, files, and other content you upload to the Service. We process Customer Data to provide the Service (conversion, indexing, retrieval, and research) and for no other purpose. We do not use your Customer Data to train AI models without your explicit written consent.

Usage and Technical Data

We automatically collect information about how you use the Service, including API request logs, endpoint paths, response times, error codes, IP addresses, browser type, and operating system. This data is used for operating, securing, and improving the Service.

Analytics and Tracking

Our marketing website uses analytics tools including Google Analytics and may use additional tools such as Heap to understand how visitors interact with the site and to measure conversions. These tools use cookies and similar tracking technologies and may collect your IP address and browsing behavior on our site. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on. Analytics tools are not used inside the authenticated dashboard or API.

Cookies

We use cookies and similar technologies for authentication (session cookies), security (CSRF tokens), and analytics (as described above). You can configure your browser to refuse cookies, but some features of the Service may not function properly without them.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service;
• Process payments and send billing-related communications;
• Respond to your support requests and communications;
• Send transactional emails (account verification, password reset, usage alerts) and, where you have opted in, product updates;
• Monitor and enforce compliance with our Terms of Service;
• Detect, investigate, and prevent security incidents and abuse;
• Analyze aggregate usage patterns to improve the Service (using anonymized or aggregated data only).

We do not sell your personal information to third parties. We do not use your information for behavioral advertising.

3. Sub-processors and Third-Party Services

We share information with the following categories of third parties as necessary to provide the Service:

• Railway — cloud infrastructure provider hosting our API servers, databases, and object storage (United States);
• OpenAI — processes Customer Data to generate embeddings and AI-generated research responses when you use managed (non-BYOK) API keys (United States);
• Stripe — payment processing; receives billing information you provide at checkout (United States);
• Google Analytics — website analytics on our marketing pages (United States);
• Heap (where enabled) — product analytics and conversion tracking on our marketing pages (United States).

When you use Bring Your Own Key (BYOK), your documents are sent to your chosen model provider (e.g., OpenAI) using the credentials you supply. Your provider’s privacy policy governs that processing.

4. Data Retention

We retain your account information and Customer Data for as long as your account is active. When you delete your account, we will permanently delete your Customer Data within 30 days, except where retention is required by law (e.g., financial records for tax purposes, which we retain for 7 years). Anonymized or aggregated usage statistics may be retained indefinitely.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Please notify us at aria@caa.columbia.edu if you believe your account has been compromised.

6. International Transfers

Dewey is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. Where required by applicable law (such as GDPR), we rely on appropriate transfer mechanisms including standard contractual clauses.

7. Your Rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information, or to restrict or object to certain processing. To exercise any of these rights, contact us at aria@caa.columbia.edu. We will respond within 30 days. You may also delete your account and associated data directly from your dashboard settings.

California residents: Under the CCPA, you have the right to know what personal information we collect and how it is used, to request deletion of your personal information, and to non-discrimination for exercising your rights. We do not sell personal information as defined by the CCPA.

EEA/UK residents: If you are located in the European Economic Area or United Kingdom, our legal basis for processing your personal information is (a) performance of our contract with you, (b) our legitimate interests in operating and improving the Service, or (c) your consent where required. You have the right to lodge a complaint with your local data protection authority.

8. Children

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us at aria@caa.columbia.edu and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

10. Contact

For privacy-related questions or requests, contact us at: aria@caa.columbia.edu

Dewey AI, Inc.
Delaware, United States