Skip to content
UNCHAINED
  • Home
  • Demo
  • Privacy
  • Data deletion

Policy & trust

Privacy Policy

Last updated: July 12, 2026

Unchained provides browser automation, chat, provider-key provisioning, and scheduled-task tooling. This policy describes the information the service processes and stores when you use those features.

Information We Collect and Store

  • Account and sign-in data. When you authorize Google, Facebook, or GitHub sign-in, we receive information such as your email address, name, and profile image. GitHub sign-in requests read:user and user:email. The GitHub access token is used during the sign-in callback to retrieve that profile and email information; it is not written to the Unchained account database.
  • Authentication and usage records. We store Unchained account and API-key records, sign-in times, account status, rate-limit counters, and trial model usage, token, and spend counters.
  • Provider API credentials. If you provision or save a credential for a supported AI provider, we store the credential so the selected provider-backed agent can run. The credential value is encrypted before it is written to the database using a deployment secret and a random per-record salt.
  • Conversations and browser-task context. Prompts, assistant responses, tool calls and results, and model/session metadata may be written to session files for history and continuity. Hosted trial conversations are stored on the service's persistent data volume. Other hosted provider-agent histories default to container-local files and may disappear when the runtime container is recreated unless a feature or deployment explicitly stores them on a persistent volume. Local CLI chat slots and archives are stored on the machine running your local agent.
  • Scheduled tasks. We store scheduler job prompts, timing, selected model/session and profile settings, run state, errors, and run outputs. Scheduler definitions and history are stored on the service's persistent data volume.
  • Optional public results. If you submit a conversation through the public-result feature, we create a separate persisted record containing the first prompt, rendered visible conversation/result, final result text, message count, creation time, account identifier, source session ID, slug and query hash, approval status, and view count.
  • Operational and analytics data. We record service events, routes, pseudonymous request fingerprints, user/account identifiers where available, errors, and logs used for reliability, abuse prevention, support, and product improvement.

How We Use Information

  • Authenticate users, issue Unchained credentials, and secure accounts.
  • Run requested browser and chat tasks, restore conversation history, and execute scheduled prompts.
  • Use a saved provider credential only to operate the provider-backed features you select.
  • Apply quotas, account limits, and trial budgets; diagnose errors; prevent abuse; and improve service reliability.

Data Sharing

We do not sell personal data. To perform a requested task, Unchained may send the relevant prompt, conversation context, browser-derived page context, and tool results to the AI model provider used for that task. Sign-in information is exchanged with the OAuth provider you choose. Hosting, email-delivery, and other infrastructure providers process data needed to operate those services. Those third parties handle data under their own terms and privacy policies.

Before a public-result submission is stored, Unchained sends its first prompt and combined assistant output (limited to 8,000 characters of assistant output) to a configured model through OpenRouter for PII classification. A classification error or missing OpenRouter configuration blocks publication, but automated classification does not guarantee that approved content contains no personal or sensitive information.

Public Results

Public-result publication is optional. A submission that passes quality, blacklist, and PII checks is stored with pending status and is not served on the public result route until approved. Once approved, it is available without authentication at /r/<slug>, includes search and social metadata, and is added to the public sitemap. Search engines, AI systems or training datasets, social-preview networks, and other third parties may index, cache, copy, or redistribute it. Publish only content you intend to make public.

Storage and Security

Saved provider credential values are encrypted at rest in the application database. That statement applies specifically to provider credentials; conversation and scheduler records are stored as service data files. No storage or transmission method can be guaranteed completely secure.

Data Retention

  • Account, authentication, provider-credential, scheduler, and pending or approved public-result records do not currently have a general time-based expiration. They remain until removed through a feature-specific action or a verified deletion request, except where retention is required for security or legal reasons.
  • Revoking a saved provider credential marks it inactive but does not erase its encrypted database record.
  • Hosted trial histories are size-bounded and stored on the persistent data volume; starting a new hosted trial chat removes that active trial session file. Other hosted provider-agent histories may be size-bounded but container-local, have no guaranteed retention period, and may disappear on container recreation unless separately persisted.
  • Scheduler run history is capped at the 50 most recent records per job. Deleting a scheduler job removes its job definition but does not by itself delete existing state or run-history files.
  • Rejecting a pending public result deletes its database row. Approved public results persist separately from their source account and conversation; deleting the source account or session does not automatically remove a pending or approved result.
  • Analytics events and analytics sessions are subject to a 90-day cleanup window. Operational logs are size-rotated separately.

Deletion and Your Choices

There is no one-click full-account deletion endpoint. You can submit a verified deletion request via /data-deletion. The request can cover your hosted account and authentication records, encrypted provider-credential records (including inactive records), hosted conversation files that still exist, scheduler definitions/state/run history, account-linked analytics records, and pending or approved public-result records. Include each public-result slug when available.

A server-side deletion request cannot remove local CLI chats or archives on your machine, browser history or downloads in your Chrome profile, or copies already processed, indexed, cached, or redistributed by an OAuth, model, search, AI, social-preview, or other third-party provider. You must remove local data locally and contact third parties about data they control.

Contact

Questions about this policy: hello@unchainedsky.com

Unchained — browser work from a profile you control

Contact hello@unchainedsky.com