Privacy Policy

1. Scope

This Privacy Policy applies to Smith Studio, including the public website, authenticated studio, conversation history, generated graph canvas, diagnostics, test runs, and related support communications. It does not apply to third-party websites or services that we do not control.

If you use Smith Studio on behalf of a company or other organization, you represent that you are authorized to provide information to us for that organization, and references to "you" include that organization where appropriate.

2. Information We Collect

Account information

We collect information you provide when you create or manage an account, such as name, email address, password credentials, authentication metadata, and account settings. Passwords are stored as password hashes, not as plain text.

Studio content

We collect the content you submit to the studio, including prompts, commissions, chat messages, uploaded or pasted context, generated multi-agent graph specifications, node and tool definitions, diagnostics, traces, repairs, run metadata, summaries, and conversation history. We call this "Customer Content."

Usage and technical data

We collect information needed to operate and secure the service, including IP address, device and browser information, session identifiers, request paths, timestamps, error logs, performance metrics, queue/job status, and security events.

Cookies and local storage

We use essential cookies and similar technologies for authentication, session management, CSRF protection, security, and basic application functionality. We do not currently use third-party behavioral advertising cookies.

Support and communications

If you contact us, we collect the information you provide in that communication, including your contact details, message content, and any files or screenshots you choose to send.

3. Information You Should Not Submit

Smith Studio is not designed to receive highly sensitive personal information unless we have signed a separate written agreement that expressly permits it. Do not submit payment-card numbers, government identifiers, biometric identifiers, health information, children's data, production secrets, private keys, access tokens, passwords, or regulated data unless you have written authorization from us and appropriate rights to provide it.

4. How We Use Information

We use information to:

• provide, maintain, secure, and improve Smith Studio;
• authenticate users and protect accounts;
• generate, refine, inspect, test, repair, and preserve multi-agent graphs;
• maintain conversation context and history across long-running refinement sessions;
• process prompts and graph payloads through configured AI model providers and infrastructure providers;
• diagnose errors, monitor performance, prevent abuse, and enforce our Terms;
• send service, security, legal, and account communications;
• comply with legal obligations and protect rights, safety, and security.

5. AI Model and Infrastructure Providers

To provide the service, we may send Customer Content and related context to AI model providers, hosting providers, database providers, email providers, logging providers, security providers, and other vendors that process information for us. The content sent to AI model providers may include prompts, recent conversation context, generated graph JSON, diagnostics, and response instructions.

Smith Studio does not sell Customer Content. We do not use Customer Content to train our own foundation models. Where provider controls are available, we use API or business services intended for inference and service operation rather than consumer chat products. Each provider's handling of inputs and outputs is governed by its applicable data processing, privacy, and service terms.

Do not include secrets or sensitive regulated data in prompts or graph definitions. Generated output may be inaccurate, incomplete, or unsafe for a particular use case unless reviewed and tested by qualified people.

6. Legal Bases for Processing

Where laws require a legal basis, we process personal information as necessary to perform our contract with you, operate and secure the service, comply with legal obligations, protect legitimate interests, and, where applicable, based on your consent.

7. How We Share Information

We may share information with:

• Service providers. Vendors that host, process, secure, analyze, or support the service for us.
• AI providers. Model providers used to classify intent, generate responses, and propose graph changes.
• Your organization. If your account is provided by or associated with an organization, information may be available to that organization according to its settings and agreements.
• Legal and safety recipients. Courts, regulators, law enforcement, or other parties when required by law or necessary to protect rights, safety, security, or the integrity of the service.
• Business transfer recipients. Parties involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality protections.

We do not sell personal information or share it for cross-context behavioral advertising as those terms are commonly defined under U.S. state privacy laws.

8. Retention

We retain account information while your account is active and as needed for legal, security, and operational purposes. We retain conversations, generated graphs, diagnostics, and run history so that the studio can preserve context and let you inspect prior work. You may request deletion of your account or specific Customer Content by contacting us.

Security logs, application logs, backups, and audit records may persist for a limited period after deletion from the live application. We may retain information longer if required for legal compliance, dispute resolution, abuse prevention, or security investigation.

9. Security

We use administrative, technical, and organizational safeguards designed to protect information, including authentication controls, password hashing, parameter filtering for sensitive values, access restrictions, encrypted transport where available, logging, and operational monitoring. No system is perfectly secure, and you are responsible for using strong credentials, protecting account access, and avoiding submission of secrets or regulated data.

10. Your Choices and Rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or appeal of a privacy decision. You may also have the right to opt out of sale, sharing for cross-context behavioral advertising, or certain profiling. We do not currently sell or share personal information for cross-context behavioral advertising.

To make a request, email privacy@smithstud.io. We may need to verify your identity and authority before fulfilling a request. We will not discriminate against you for exercising privacy rights.

11. California and U.S. State Privacy Notice

In the past 12 months, we may have collected identifiers, account information, internet or network activity, commercial or transactional information related to your use of the service, approximate location derived from IP address, user-generated content, and inferences necessary to provide and secure the service. We collect this information from you, your device, your organization, and service providers.

We disclose these categories to service providers, AI providers, infrastructure providers, and legal or business transfer recipients as described above. We do not knowingly sell or share personal information of consumers under 16. We do not use sensitive personal information to infer characteristics.

12. International Transfers

Smith Studio may process and store information in the United States and other countries where we or our providers operate. Those countries may have data protection laws different from the laws where you live. Where required, we use appropriate safeguards for cross-border transfers.

13. Children

Smith Studio is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact privacy@smithstud.io.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the service, by email, or by other reasonable means. The updated policy will be effective when posted unless it states otherwise.

15. Contact

For privacy questions or requests, contact privacy@smithstud.io.