What if I want to keep my own history?

Your browser can keep a local copy if you opt in. We don't see it, and you can delete it any time.

How do you prevent abuse without logs?

Anonymous per-session abuse signals: request counts, error rates, known-bad patterns. None of it is tied to a user identity in a way that lets us reconstruct a conversation.

Do you comply with subpoenas?

We comply with any lawful order. The honest answer is that there's extremely little content to turn over, because we don't keep it.

We publish an architecture overview and will undergo a third-party audit in 2026. Trust, but verify.

back to blog

MISSIONJune 2, 2026·5 min read

Privacy isn't a policy. It's an architecture.

A privacy policy is a promise. Architecture is a constraint. Here's how we built Unrestricted so there's nothing to leak, subpoena, or regret — even if we wanted to.

A privacy policy is a promise. Architecture is a constraint. Promises get revised, acquired, subpoenaed, breached. Constraints don't. When we built Unrestricted we chose constraints.

What we actually don't do

01
We don't persist chat history on our servers.
Messages live in memory during a session and are never written to a persistent store. Your browser keeps a local copy if you enable that; we don't have a copy.
02
We don't log prompts against your account.
Rate-limiting and abuse detection operate on anonymous per-session counters, not on user-linked transcripts.
03
We don't train on user data.
Your conversations never enter any training pipeline. There is no 'improve the model' checkbox because there's no mechanism behind it.
04
We don't sell, share, or broker prompt data.
There's nothing to sell. This is a constraint of the architecture, not a restraint of the business model.

If there's nothing to steal, there's nothing to leak. If there's nothing to subpoena, there's nothing to worry about.

Why this matters now

Every AI product that stores your conversations is one acquisition, one policy change, or one breach away from exposing them. The industry has already had the first round of leaks; the second round is in progress. The third will be the one that ends a product.

We don't think anyone should build a serious habit around a tool whose privacy model is "trust us." Including ours. Especially ours.

What we do keep

We keep what we need to run the service: aggregate counts ("how many sessions today"), anonymous abuse signals ("how many sessions hit the rate-limit on the same endpoint"), and error traces with PII stripped. All of it rotates out within days.

A test of architecture

The good test of any privacy claim is: if the company received a subpoena for user X's conversations, what could they produce? For most AI products, the answer is "everything." For us, the answer is the aggregate counters and an apology that we cannot comply.

Frequently asked

What if I want to keep my own history?
Your browser can keep a local copy if you opt in. We don't see it, and you can delete it any time.
How do you prevent abuse without logs?
Anonymous per-session abuse signals: request counts, error rates, known-bad patterns. None of it is tied to a user identity in a way that lets us reconstruct a conversation.
Do you comply with subpoenas?
We comply with any lawful order. The honest answer is that there's extremely little content to turn over, because we don't keep it.
Is this auditable?
We publish an architecture overview and will undergo a third-party audit in 2026. Trust, but verify.

Ready to experience an AI without a leash?

Start chatting free