Last updated: June 16, 2026 Effective date: June 16, 2026
This Privacy Policy explains how Cynosure LLC, a Florida limited liability company ("Spanvero", "we", "us"), handles information when you use the Spanvero application and website (the "Service"). It is written in plain English. The short version: Spanvero is privacy-conscious and built to collect as little as possible. By default we do not store your AI-provider API keys on our servers (two opt-in features — key-vault sync and GPU auto-launch — are the only exceptions, and they store the key encrypted), and we take $0 markup on compute, so we have no reason to track your usage of third parties. We use only privacy-first, cookieless analytics (see Section 8).
The data controller for account data is Cynosure LLC (a Florida LLC, operating as Spanvero), contactable at [email protected]. For payment-card data, our payment processor (Stripe) acts as a processor of your card transaction on our behalf and as an independent controller for its own compliance purposes (Section 7). For third-party AI providers and GPU vendors you connect with your own key, those companies are independent controllers of the data you send them (Section 6).
| Data | Why | Where it lives |
|---|---|---|
| Email address | Account identity, login, account-related email | Our database (spanvero.db, SQLite) |
| Password (hashed) | Authentication. Stored only as a secure one-way hash via Better-Auth — we never store your plaintext password | Our database |
| Session / bearer tokens | Keep you logged in | Issued by Better-Auth; the token is held in your browser's local storage and validated against our database |
| Account / entitlement records | Per-user records that make Pro work (your subscription/entitlement status) | Our database |
| Pro / opt-in data (only if you enable it) | Saved presets and chat history; an encrypted copy of provider keys (only if you opt into key-vault sync); and an encrypted GPU-vendor key (only if you opt into GPU auto-launch) | Our database |
| Basic operational logs | Security, debugging, abuse prevention (e.g. IP address, timestamps, error logs) | Server logs — see Section 9 retention |
spanvero.v1 local-storage entry on your device). The only exceptions are two opt-in features that store an encrypted key on our server: Pro key-vault sync, and GPU auto-launch (connecting a GPU vendor like RunPod) — see Section 5.We use the limited data we hold to:
We rely on these legal bases (for GDPR/UK GDPR users): performance of a contract (running your account and Pro), legitimate interests (security, abuse prevention, improving the Service), consent (optional emails and the opt-in key-vault sync), and legal obligation (e.g. tax and financial records for the sales we make).
When you use your own key (or rent your own GPU), your prompts, inputs, and outputs go directly to that third party (e.g. OpenAI, Anthropic, OpenRouter, RunPod, Vast). That third party — not Spanvero — receives and processes that data under its own privacy policy. We are not a party to, and do not control, what they collect or how they use it. Please read each provider's privacy policy. Because we take $0 markup and don't intermediate the call, we generally don't see the content of those third-party requests.
Cynosure LLC (Spanvero) is the seller of record for Pro. We use a third-party payment processor (currently Stripe) to process your card — the processor is not the seller, it handles the card transaction on our behalf.
Spanvero is intentionally light on tracking.
| Type | What | Purpose | Essential? |
|---|---|---|---|
Local storage nexusgate.bearer | Your session/bearer token (the key keeps our original internal product name) | Keeps you logged in | Essential |
Local storage nexusgate.v1 | App state: your provider configs including your API keys, active model, and settings (same legacy key name) | Makes the app work locally and keeps your keys on your device | Essential |
| Cookies (payment checkout) | Set by our payment processor (Stripe) during checkout | Process your payment securely | Essential (set by the processor, governed by its policy) |
| Analytics (Cloudflare Web Analytics) | Privacy-first, cookieless measurement of aggregate page views, top pages, and referrers. It sets no cookies, does not track you across sites, and does not fingerprint you or collect personal data. | Understand traffic so we can improve the site | Non-essential, privacy-first |
| First-party event counters | Anonymous, cookieless counters for a handful of product events (e.g. "a signup happened", "the calculator was used"). We store only a daily total per event — no IP address, no device info, no identifier of any kind, nothing linked to you. | Understand which features matter so we can improve the product | Non-essential, privacy-first |
We do not use third-party advertising or cross-site tracking cookies. Our analytics (Cloudflare Web Analytics) is cookieless and collects no personal data, so it sets no tracking cookies. Because our essential storage is required to run the app you chose to use, and our analytics sets no cookies, this does not require a consent banner under most frameworks — but confirm cookie-consent requirements for your audience (EU/UK/California) with your lawyer.
Depending on where you live, you may have additional rights:
To exercise any right, contact [email protected]. We'll verify your identity and respond within the time the law requires.
We take reasonable measures to protect your data, including: passwords stored only as secure hashes (Better-Auth); bearer-token auth scoped per user with per-user data isolation; keeping provider API keys off our servers by default; HTTPS in transit; and access controls on our database. No method is 100% secure — see the browser-storage caveat in Section 5. If we ever suffer a breach affecting your personal data, we will notify you and any required authorities as the law requires. We will publish our hosting region, encryption-at-rest status, and backup practices in-app once the production service is deployed.
The Service is operated from the United States, and your data may be processed there and in any country where our infrastructure or our payment processor operates. If you are in the EU/UK and we transfer data outside it, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required. Our payment processor independently handles its own cross-border payment-data compliance.
The Service is not directed to anyone under 18, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact [email protected] and we will delete it.
We may update this Policy. We'll change the "Last updated" date and, for material changes, notify you in-app or by email. Continued use after the effective date means you accept the update.
Last updated June 16, 2026. Spanvero is operated by Cynosure LLC, a Florida limited liability company. Questions? [email protected].
Privacy · Terms · How we stay honest · Pricing · Open the free advisor →
A short email of real AI price moves, straight from the daily log — no hype. We're collecting the list now; the first issue goes out when it opens. Unsubscribe with one click.