← Back to Chat

Privacy & Data Handling

Last updated: July 2, 2026

1. What This Covers

This privacy statement explains how the Unlimited AI Free Service ("the Service") handles data. This is a hobby project — not a company, not a professional platform. There is no legal entity backing it, no employees, and no data processing agreements. The commitments made here are technical and architectural, not contractual.

2. Why Cloudflare Pages (.pages.dev)

The Service runs entirely on Cloudflare Pages infrastructure:

  • Edge hosting: Static files (HTML, CSS, JS, SVGs) are served from Cloudflare's global CDN across 330+ cities.
  • Edge functions: API logic runs as Cloudflare Pages Functions — ephemeral JavaScript execution at the edge. No persistent server process. No long-lived connections.
  • No server-side storage: There is no database, no file system, no persistent storage. In-memory rate-limit counters reset on every cold start or deploy.
  • HTTPS everywhere: All traffic between your browser and Cloudflare is encrypted with TLS.
  • No logging: Cloudflare Pages does not log request bodies. Only minimal metadata (IP, path, status code, timestamp) exists in Cloudflare's access logs, which are retained for a short period per standard Cloudflare policy and are not accessible to the operator.

3. Data Collection: None

The Service collects zero data. There is no database, no analytics service, no advertising partnership, no data broker relationship, no marketing list, no user tracking infrastructure. The operator cannot sell, rent, license, or share user data because nothing is collected. This is not a policy choice — it is an architectural reality: there is no storage backend to put data into.

4. Data Forwarding to Abacus.ai and Third-Party AI Providers

When you submit a request through the Service, your prompt is forwarded to Abacus.ai's RouteLLM API, which then routes it to the appropriate third-party AI model provider. Here is what you should know:

  • Abacus.ai policy: "Your data is your own. We won't use your data for training LLMs." This is Abacus's official, published policy.
  • Providers: Your data may be processed by OpenAI, Anthropic, Google, xAI, DeepSeek, Alibaba Cloud, Meta, Zhipu AI, MiniMax, and others depending on which model you select.
  • Provider logging: Each provider has its own data handling policies. Some may log requests for monitoring or safety purposes. The operator cannot control this.
  • No additional forwarding: The Service does not forward your data anywhere beyond the necessary upstream API call. No webhooks, no analytics, no third-party monitoring.

5. No User API Keys Collected

The Service does not require or collect API keys from end users. API keys referenced in previous versions of this Service were IP-bound, stored only in your browser's localStorage, never transmitted to the server. As of the current version, all API key UI has been removed — the Service is entirely anonymous.

6. Rate Limiting Data

The Service maintains ephemeral in-memory counters keyed by IP address for rate limiting purposes (120 requests/minute per IP). These counters:

  • Are stored only in Cloudflare Pages Functions memory
  • Are not persisted to disk
  • Are not shared with any third party
  • Reset automatically on function cold start or deploy
  • Contain only an IP address and request count — no request content, no timestamps beyond a simple sliding window

7. Active User Count

The Service tracks the Unix timestamp of the last request from each IP address to display a real-time active user count. This data:

  • Is ephemeral — stored only in Cloudflare Pages Functions memory
  • Is automatically purged for any IP after 60 seconds of inactivity
  • Is not logged, stored on disk, or shared
  • Contains only an IP address and a timestamp — no request content

8. No Cookies

The Service does not set cookies, use fingerprinting, or employ any form of persistent tracking. Your browser's localStorage is used only to store your preferences and conversation history locally on your device. Nothing in localStorage is transmitted to the server except what you explicitly send in API requests (model selection, messages, etc.).

9. No Advertising

The Service displays no advertisements of any kind. There are no affiliate relationships, no ad networks, no sponsored content, no promoted links, no affiliate referral codes, no third-party widgets, and no embedded trackers on any page. The Service has zero revenue sources.

10. No Donations

The operator explicitly refuses donations, payments, or any form of financial support. There is no payment processing, no donation button, no Patreon, no Ko-fi, no Buy Me a Coffee, no cryptocurrency address, no subscription tier, no "premium" upgrade, and no tip jar associated with this Service. This is deliberate — it keeps the Service free of financial obligation.

11. No Data Sales

The operator does not and cannot sell, rent, license, or share user data with any third party. There is no data collection infrastructure, no analytics database, no advertising partnership, no data broker relationship, and no marketing list. There is literally nothing to sell because nothing is collected.

12. No Malware or Viruses

The Service poses no malware risk:

  • Static frontend: The entire frontend is plain HTML, CSS, and JavaScript — no compiled code, no native binaries, no executables.
  • Serverless backend: Functions are standard JavaScript running on Cloudflare's Workers runtime.
  • No file serving: The Service does not host or distribute executable files.
  • Download safety: When downloading AI-generated code, files are saved with their appropriate extension (.py, .js, .html, etc.) as plain text files. Generated images are standard PNG files via the browser's Blob API.
  • Full transparency: Every line of code running in your browser is visible via developer tools (F12 > Sources). The functions code (server-side) runs on Cloudflare's infrastructure and is not user-accessible, but its behavior is limited to proxying API calls.

13. AI Model Output

AI models may produce incorrect, biased, or harmful outputs. The operator has no control over model outputs and assumes no responsibility for generated content. Do not rely on AI-generated content for medical, legal, financial, or safety-critical decisions.

14. Risk by Use Case

Casual chat and coding help — low to moderate risk. Business documents, legal, medical, proprietary code, or production API integrations — very high risk. The Service is provided as-is with no guarantees. Use at your own risk.

15. Third-Party Privacy Policies

For information on how upstream AI providers handle data, refer to their respective privacy policies: OpenAI, Anthropic, Google, xAI, DeepSeek, Abacus.ai.

16. Limitation of Transparency

Because this is an anonymous hobby project, you have no way to independently verify the infrastructure's behavior regarding data handling. The technical controls described in this statement are in place, but there is no third-party audit, no published full source code, and no legal entity to hold accountable. This is the honest limitation of using an anonymous service.

17. Changes to This Policy

The operator may update this privacy statement at any time without notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

18. Contact

For feedback, use the Feedback button in the app sidebar. This is an anonymous project with no customer support. The operator maintains anonymity to protect the Service from legal pressure that could force its shutdown.