Home
— privacy —

What Krex sees.

Last updated May 2026. Short version: as little as possible, and we don’t sell any of it.

What we collect

  • Your name — whatever you typed at login. We never ask for your email.
  • Your access code — the 6-digit code you signed in with. Hashed in storage.
  • Chat content — every message + reply in a non-private chat. Private-mode chats never touch the database — they live only in your browser tab.
  • Memories — short facts Krex extracts mid-chat (location, prefs, projects). Visible at /memory, deletable individually.
  • Device + IP — a random device ID in a cookie, plus your IP, used to enforce the 2-devices-per-code limit and rate-limit failed logins.
  • Usage counters — daily token + search-call totals, to enforce the daily budget. No content stored against these numbers.
  • Connector tokens — if you connect Gmail, Spotify, etc., the OAuth tokens live in Composio, not in our database.

What we don’t collect

  • Email addresses
  • Payment info — Krex is invite-only, there’s nothing to pay for
  • Precise location — only your country (one of ~200, derived from your IP at signup)
  • Browser fingerprints, analytics events, ad identifiers, third-party cookies

Where it goes

Krex is a thin layer over a few providers. Each sees only what it needs:

  • OpenAI & xAI (Grok) — receive the messages of your current chat to generate replies. Their retention is governed by their API terms (zero training on API inputs).
  • Supabase — hosts the Postgres database holding your chats + memories. EU + US regions.
  • Vercel — hosts the Krex app + serves logs. Logs are auto-purged after 7 days.
  • Composio — only used if you connect a third-party service (Gmail, Spotify, Notion etc.). Holds your OAuth tokens for that connection.
  • Brave Search / per-platform APIs — your search query (not your name, not your chat history) goes out when Krex does a web/social lookup.

How long we keep it

Until you delete it. Chats stay until you remove them (or until you delete your account, which cascades everything). Memories the same. Private-mode chats are never written to the database.

Login attempt logs (IP + a short prefix of the attempted code) auto-purge after 24 hours. The /live admin firehose (text-only, no sender) auto-purges after 1 hour.

Your rights

You can delete any single chat from the sidebar, wipe all chats or all memories from Settings → Data, or delete your whole account (and every row associated with it) from the same place.

We don’t make you fill out a form to do this. Click the button and it’s gone.

Children

Krex is invite-only and intended for adults. We don’t knowingly accept anyone under 13.

Changes to this policy

If anything material changes, we’ll bump the date at the top and (for the kind of changes that matter — new third parties, new collection) surface a notice in the app.

Contact

Questions, data requests, or you noticed something off — email hi@krex.space.