What we know about you

Nothing. No analytics, no cookies, no fingerprinting, no telemetry. We don't run Google Analytics, Plausible, Fathom, Mixpanel, Sentry, or any comparable third-party script. The only requests we make to external services are the ones explicitly triggered by your action (a domain check, a social handle lookup, an LLM call).

• Rate-limit counters — held in memory only, keyed by your IP address. Lost on every server restart. Used to keep the service usable for everyone.
• Active LLM sessions — if you opt in to AI generation, your provider key is encrypted with AES-256-GCM and stored in SQLite alongside an expiry timestamp. The session is deleted when it expires (TTL) or when you tap Disconnect.
• No search history. No favourites. No emails. No accounts. Nothing personally identifying.

• Search history — only in the mobile app. Stored locally via MMKV, capped at 500 entries. The web version is stateless and keeps no history at all.
• Favourites — saved brand names. Local on both web (browser localStorage) and mobile (MMKV).
• Provider API keys — encrypted in the device keychain on mobile. On web, kept in the tab's memory only and discarded when you close it.
• Theme preference and language choice.

When you check a name, your request hits the following services directly through our backend. We do not log, cache, or modify the payloads.

• RDAP registries — the public whois replacement that confirms .com availability.
• Social platforms — Instagram, X (Twitter), GitHub, TikTok, YouTube, Facebook. We hit each platform's public profile endpoint to detect a 200 vs 404, nothing more.
• Your chosen LLM provider — Groq, OpenAI, Anthropic, or Ollama, only when you start an AI generation session. Your provider sees the prompts you submit under their own privacy policy.

Questions, deletion requests, or security disclosures: open an issue on the project tracker. We're a small operation — there is no support inbox to file with, but real questions do get real answers.