Privacy Policy

Last updated: April 8, 2026

Heads up — you’re early. Tronix Library is in open beta. Things are changing fast: features appear, disappear, and mutate between visits. This privacy policy is our honest attempt to document current practices, but it’s a moving target right now. By using the system during this period, you’re acknowledging that you’re part of an experiment — a willing participant in something that’s still figuring itself out. We’ll settle down eventually. Until then, treat everything here as “accurate as of the last time we remembered to update it.”

The short version: We collect very little, by design. No tracking, no analytics, no ad networks. If you sign in, we store your account info, reading ledger, and conversation history so the Librarian can know you over time. Your queries pass through third-party AI providers to generate responses — we’re transparent about all of it below.

1. Our Philosophy on Data

Tronix Library is a tool for thinking. It works better when people feel free to explore ideas without wondering who’s watching. So we built the system to know as little about you as possible — except for the things that make the experience genuinely better.

We require a Google sign-in to use the conversational features and personal library. That means we know your email address, name, and profile image from Google. We store your reading ledger and conversation history so the Librarian can remember what you’ve read and discussed. Beyond that, we don’t track behavior, don’t run analytics, and don’t use cookies for anything except authentication. This isn’t a marketing stance — it’s a design decision.

2. Your Account

When you sign in with Google, we create a user record in our database containing:

Your email address, display name, and profile image (from Google)
Your role (member, patron, or admin)
When your account was created

That’s the identity layer. It exists so the system can remember your preferences and reading history across sessions — not so we can market to you.

3. What Happens When You Use the System

Reading Ledger (My Library)

When you mark a book as “reading,” “want to read,” or “read,” that status is stored in our database linked to your user account. Optional ratings (1–5) are stored the same way. This data is used to:

Show your personal library back to you
Show aggregate reading counts on book pages (e.g., “12 readers”) — no individual names or identifiers are exposed
Give the Librarian context about what you’ve read, so conversations can build on your history

Conversations (Chat, Oracle & Hyperstition)

When you send a message through any conversational interface, here’s what happens:

Your query is used to search our vector database (hosted on Pinecone) for relevant passages and concepts from the corpus. Pinecone receives a mathematical representation of your query (an embedding), not the raw text.
Your query, along with the retrieved context, is sent to an AI language model (currently OpenAI or Anthropic, depending on configuration) to generate a response.
The response is streamed back to your browser in real time.

We store your conversation history. Messages you send and the Librarian’s responses are stored in our database, linked to your user account and organized into sessions. We also generate short AI-written summaries of past conversations. This serves two purposes:

Memory: Your past conversations and reading history are injected into the Librarian’s context, so it can build on what you’ve discussed before. The depth of this memory varies by account type — patrons get longer memory.
System improvement: We use logged conversations to improve retrieval quality and debug issues. We do not share this data with third parties, sell it, or use it for advertising.

We also maintain a separate operational log (endpoint, email, message, response) for debugging and analytics. This predates the conversation history feature and may be consolidated in the future.

If you want your conversation history or account deleted, contact us at the email below and we will remove everything.

Browsing (Archive, Explore, Timeline, Concepts, Authors)

When you browse the archive, knowledge graph, timeline, or concept pages, you’re interacting with static or server-rendered data. No queries are sent to AI providers. No personal data is collected or transmitted. It’s just you reading a page.

Search

Semantic search queries are sent to Pinecone as vector embeddings and to the configured LLM provider for embedding generation. The same data flow as conversations applies.

3. Third-Party Services

Tronix Library relies on the following third-party services to function. When you use conversational features, your queries pass through these systems:

AI Language Models

OpenAI — Used for generating embeddings and conversational responses. Your queries and retrieved corpus context are sent to OpenAI’s API for processing. See OpenAI’s Privacy Policy.
Anthropic — An alternative language model provider that may be used for conversational responses. See Anthropic’s Privacy Policy.

Both providers offer API terms that generally prohibit using API inputs to train their models. We use these services through their standard APIs, not consumer-facing products. That said, we encourage you to review their policies directly — they’re their policies, not ours.

Vector Database

Pinecone — Hosts semantic embeddings of corpus passages. Receives vector representations of your queries (not raw text) to find relevant passages. See Pinecone’s Privacy Policy.

Database

Neon — Hosts our Postgres database, which stores corpus metadata and conversation logs (your messages, AI responses, and email address). See Neon’s Privacy Policy.

Hosting

Vercel — Hosts the web application. Standard server logs (IP addresses, request timestamps, user agent strings) are generated by the hosting infrastructure. We don’t actively analyze these, but they exist as part of normal web hosting. See Vercel’s Privacy Policy.

These providers may change as the project evolves. We’ll keep this list current. The commitment doesn’t change: we’ll always be transparent about where your data flows.

4. Cookies

We do not use tracking cookies, advertising cookies, analytics cookies, or any third-party cookie.

5. What We Don’t Collect

To be explicit about what’s absent:

No analytics (Google Analytics, Mixpanel, Amplitude, Plausible, nothing)
No advertising networks or pixels
No device fingerprinting
No usage pattern tracking beyond the conversation logs and reading ledger described above
No selling or sharing of your data with third parties for marketing purposes

6. Data About the Corpus (Not About You)

The data Tronix Library does store and process is about books, not people. The corpus metadata, knowledge graph, semantic embeddings, and chapter-level analysis are all about the texts in the library. This data is stored in JSON files on the server and in a Pinecone vector index.

7. Children’s Privacy

Tronix Library is not directed at children under 13 and does not knowingly collect any personal information from children. Since we don’t collect personal information from anyone, this is straightforward — but we state it here for completeness and compliance.

8. Your Rights

If you’re in a jurisdiction with data protection laws (GDPR, CCPA, etc.), you have rights regarding your personal data. We store your account information (email, name, profile image), reading ledger, and conversation history as described above. You can request access to, correction of, or deletion of any of this data at any time.

Deleting your account will remove your user record, reading ledger, conversation history, and all associated data. The operational chat logs (which predate the account system) can be deleted separately on request.

For any privacy-related requests or questions, contact us at librarian@tronixlibrary.org.

9. Server Logs

Like any web service, Tronix Library’s hosting infrastructure generates standard server logs. These typically include IP addresses, request URLs, timestamps, HTTP status codes, and user agent strings. These are generated automatically by Vercel’s infrastructure and are subject to their retention policies.

We don’t actively mine or analyze these logs. They exist as a byproduct of how the internet works, not as a data collection strategy.

10. Security

We take reasonable measures to protect the system: admin authentication uses HMAC-SHA256 signed tokens with timing-safe comparison, connections are encrypted via HTTPS, and administrative functions are protected behind authentication.

That said, this is a research project, not a bank. We use industry-standard practices appropriate to the sensitivity of the data involved — which is low, because we store very little.

11. Changes to This Policy

If our data practices change, this policy will be updated before those changes take effect. The “last updated” date at the top will always reflect the most recent revision.

Since we don’t have your contact information (by design), we can’t notify you directly about changes. We encourage you to review this page periodically if you’re a regular user.