This is a plain-English summary; not legal advice — review with counsel before relying on it.

Spanvero — Privacy Policy

Last updated: June 16, 2026 Effective date: June 16, 2026

This Privacy Policy explains how Cynosure LLC, a Florida limited liability company ("Spanvero", "we", "us"), handles information when you use the Spanvero application and website (the "Service"). It is written in plain English. The short version: Spanvero is privacy-conscious and built to collect as little as possible. By default we do not store your AI-provider API keys on our servers (two opt-in features — key-vault sync and GPU auto-launch — are the only exceptions, and they store the key encrypted), and we take $0 markup on compute, so we have no reason to track your usage of third parties. We use only privacy-first, cookieless analytics (see Section 8).


1. The one-paragraph summary


2. Who is the data controller

The data controller for account data is Cynosure LLC (a Florida LLC, operating as Spanvero), contactable at [email protected]. For payment-card data, our payment processor (Stripe) acts as a processor of your card transaction on our behalf and as an independent controller for its own compliance purposes (Section 7). For third-party AI providers and GPU vendors you connect with your own key, those companies are independent controllers of the data you send them (Section 6).


3. What we collect — and, importantly, what we don't

3.1 What we collect (server-side)

DataWhyWhere it lives
Email addressAccount identity, login, account-related emailOur database (spanvero.db, SQLite)
Password (hashed)Authentication. Stored only as a secure one-way hash via Better-Auth — we never store your plaintext passwordOur database
Session / bearer tokensKeep you logged inIssued by Better-Auth; the token is held in your browser's local storage and validated against our database
Account / entitlement recordsPer-user records that make Pro work (your subscription/entitlement status)Our database
Pro / opt-in data (only if you enable it)Saved presets and chat history; an encrypted copy of provider keys (only if you opt into key-vault sync); and an encrypted GPU-vendor key (only if you opt into GPU auto-launch)Our database
Basic operational logsSecurity, debugging, abuse prevention (e.g. IP address, timestamps, error logs)Server logs — see Section 9 retention

3.2 What we do not collect or store on our servers


4. How your information is used

We use the limited data we hold to:

We rely on these legal bases (for GDPR/UK GDPR users): performance of a contract (running your account and Pro), legitimate interests (security, abuse prevention, improving the Service), consent (optional emails and the opt-in key-vault sync), and legal obligation (e.g. tax and financial records for the sales we make).


5. Your API keys, in detail (the part that matters most)


6. Third-party AI providers and GPU vendors

When you use your own key (or rent your own GPU), your prompts, inputs, and outputs go directly to that third party (e.g. OpenAI, Anthropic, OpenRouter, RunPod, Vast). That third party — not Spanvero — receives and processes that data under its own privacy policy. We are not a party to, and do not control, what they collect or how they use it. Please read each provider's privacy policy. Because we take $0 markup and don't intermediate the call, we generally don't see the content of those third-party requests.


7. Payments and our payment processor

Cynosure LLC (Spanvero) is the seller of record for Pro. We use a third-party payment processor (currently Stripe) to process your card — the processor is not the seller, it handles the card transaction on our behalf.


8. Cookies and local storage

Spanvero is intentionally light on tracking.

TypeWhatPurposeEssential?
Local storage nexusgate.bearerYour session/bearer token (the key keeps our original internal product name)Keeps you logged inEssential
Local storage nexusgate.v1App state: your provider configs including your API keys, active model, and settings (same legacy key name)Makes the app work locally and keeps your keys on your deviceEssential
Cookies (payment checkout)Set by our payment processor (Stripe) during checkoutProcess your payment securelyEssential (set by the processor, governed by its policy)
Analytics (Cloudflare Web Analytics)Privacy-first, cookieless measurement of aggregate page views, top pages, and referrers. It sets no cookies, does not track you across sites, and does not fingerprint you or collect personal data.Understand traffic so we can improve the siteNon-essential, privacy-first
First-party event countersAnonymous, cookieless counters for a handful of product events (e.g. "a signup happened", "the calculator was used"). We store only a daily total per event — no IP address, no device info, no identifier of any kind, nothing linked to you.Understand which features matter so we can improve the productNon-essential, privacy-first

We do not use third-party advertising or cross-site tracking cookies. Our analytics (Cloudflare Web Analytics) is cookieless and collects no personal data, so it sets no tracking cookies. Because our essential storage is required to run the app you chose to use, and our analytics sets no cookies, this does not require a consent banner under most frameworks — but confirm cookie-consent requirements for your audience (EU/UK/California) with your lawyer.


9. Data retention


10. Your rights and choices

Depending on where you live, you may have additional rights:

To exercise any right, contact [email protected]. We'll verify your identity and respond within the time the law requires.


11. Security

We take reasonable measures to protect your data, including: passwords stored only as secure hashes (Better-Auth); bearer-token auth scoped per user with per-user data isolation; keeping provider API keys off our servers by default; HTTPS in transit; and access controls on our database. No method is 100% secure — see the browser-storage caveat in Section 5. If we ever suffer a breach affecting your personal data, we will notify you and any required authorities as the law requires. We will publish our hosting region, encryption-at-rest status, and backup practices in-app once the production service is deployed.


12. International users and data transfers

The Service is operated from the United States, and your data may be processed there and in any country where our infrastructure or our payment processor operates. If you are in the EU/UK and we transfer data outside it, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required. Our payment processor independently handles its own cross-border payment-data compliance.


13. Children

The Service is not directed to anyone under 18, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact [email protected] and we will delete it.


14. Changes to this Policy

We may update this Policy. We'll change the "Last updated" date and, for material changes, notify you in-app or by email. Continued use after the effective date means you accept the update.


15. Contact

Last updated June 16, 2026. Spanvero is operated by Cynosure LLC, a Florida limited liability company. Questions? [email protected].

Privacy · Terms · How we stay honest · Pricing · Open the free advisor →

The weekly price index

A short email of real AI price moves, straight from the daily log — no hype. We're collecting the list now; the first issue goes out when it opens. Unsubscribe with one click.