Legal
Privacy Policy
Effective March 16, 2026
Overview
GEM²-AI (“we,” “us,” or “our”) operates the TPMN Checker service, the GEM²-AI platform, and the gemsquared.ai website. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
Our core design principle is minimal data collection. The TPMN Checker uses a BYO-Compute model — your content is processed using your own API keys and never passes through our servers for analysis.
What We Collect
Account Information
When you create an account, we collect your email address and authentication credentials (OAuth tokens via GitHub or Google). We use this to identify your account, manage your subscription tier, and communicate service updates.
Usage Telemetry
We collect anonymized, aggregated usage metrics: number of checks performed, response times, error rates, and feature usage. This telemetry contains no content from your prompts or outputs. It is used solely to improve service reliability and performance.
Website Analytics
We use Google Analytics 4 (GA4) on gemsquared.ai to understand traffic patterns, page views, and referral sources. GA4 may set cookies and collect IP-based geolocation data. See the Cookies section below for details.
What We Do NOT Collect
- ×Your content. Prompts, outputs, and documents you process through the TPMN Checker are never sent to or stored on our servers. They go directly to your configured LLM provider using your API key.
- ×Your API keys. When using the MCP-based TPMN Checker, your API keys remain in your local environment. When using the OAuth-based cloud checker, we issue short-lived JWT tokens and never store provider API keys.
- ×Training data. We do not use any user data to train AI models. We do not fine-tune, distill, or otherwise derive models from your inputs or outputs.
How We Use Data
We use the data we collect to:
- •Authenticate you and manage your account and subscription tier
- •Enforce rate limits (free: 30 checks/day, paid: 100 checks/day)
- •Monitor and improve service reliability and performance
- •Send service-related communications (outage notices, security alerts, billing updates)
- •Comply with legal obligations
BYO-Compute & API Key Handling
GEM²-AI supports two modes of operation, each with different data flows:
Local MCP Mode
Your API keys stay on your machine. Content is sent directly from your local environment to your LLM provider. Our servers only receive anonymized telemetry (check count, latency).
OAuth Cloud Mode
You authenticate via OAuth. We issue short-lived JWT tokens for API access. Content is processed through our infrastructure but is not stored beyond the request lifecycle. No API keys are stored on our servers.
Data Retention
Account data is retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law. Anonymized telemetry data may be retained indefinitely as it cannot be linked back to individual users.
Cookies
The gemsquared.ai website uses cookies set by Google Analytics 4 for traffic analysis. These are third-party analytics cookies. We do not use cookies for advertising or cross-site tracking. The TPMN Checker MCP tool does not use cookies.
Children's Privacy
GEM²-AI is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
International Data Transfers
GEM²-AI infrastructure is primarily hosted in the Tokyo region (Fly.io). Your account data may be transferred to and processed in jurisdictions outside your country of residence. By using our service, you consent to such transfers. We apply appropriate safeguards consistent with applicable data protection laws.
Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data. You may also object to or restrict certain processing. To exercise these rights, contact us at david@gemsquared.ai. We will respond within 30 days.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.