Oraclip · privacy

Privacy & data handling

Last updated 2026-05-30. This describes exactly what Oraclip stores, for how long, who can access it, and how to have it deleted.

We do not store your queries or results. Oraclip never logs the text of your questions or the snippets it returns. The only data we keep is the minimal operational metadata described below — metering counts, an abuse-prevention token, and aggregate funnel counters.

What we store

Data	What it contains	Why	Retention
Usage records (authenticated API)	`{ timestamp, masked key id (first 8 chars), tool name, tier, month-to-date count }`. No query text, no results, no full API key.	To meter monthly per-key usage against your plan limit and enforce the quota.	~400 days (monthly buckets age out)
Demo abuse token (`/api/demo`, the public key-less demo)	A salted SHA-256 hash of your IP address (never the raw IP), paired with the video ids you have already seen. We cannot recover your IP from this hash.	Solely to enforce the per-video abuse cap (you can only see a couple of distinct clips of any one video) so the demo can't be used to reconstruct a transcript.	≤ 24 hours (rolling)
Funnel counters (`/api/track`)	Aggregate daily integer counters per event name (e.g. page views, install clicks). No IP, no cookies, no fingerprint, no personal data of any kind.	To count how many people install vs. try the demo, in aggregate only.	~40 days

What we do not store

The text of your queries or the snippets/results returned to you.
Your full API key (only the first 8 characters, masked, ever appear in a record; the key namespace itself is stored as a hash, not the key).
Your raw IP address (the demo stores only a salted hash; /api/track stores no IP at all).
Cookies, browser fingerprints, advertising identifiers, or any cross-site trackers.

Who can access it

The stored metadata above lives in our managed key-value store (Upstash Redis) and is accessible only to the Oraclip operator (Agni) for metering, abuse prevention, and aggregate analytics. We do not sell it, and we do not share it with third parties except the infrastructure providers required to run the service (Vercel for hosting, Upstash for the key-value store, and Together for the embedding step — the embedding request carries only your query for the duration of the call and is not retained by us).

Data deletion

You can have your usage records deleted at any time:

By email: write to hello@agni.work from the address associated with your key (or include your masked key id) and we will delete your usage records.
What gets deleted: the monthly usage counters and Pravaah usage records keyed to your API key (internally a DEL of the hashed-key usage keys: usage:<hash>:<month> and pravaah:usage:<hash>:<month>).
Demo abuse token & funnel counters require no deletion request — the demo IP hash expires within 24 hours on its own, and the funnel counters are aggregate-only (they contain no identifier tied to you) and age out within ~40 days.