Privacy Policy

Last updated: 2026-06-17

Mediator.ai LLC ("we", "us", "Mediator") provides a collaborative document editor with an AI assistant for each participant. This page explains what we collect, why, and what we do with it. The short version: your shared documents are visible only to the people you invite, and your private notes, files, and assistant chat are not shared with the other participants. We do not sell your data, and we collect only what we need to run the service. Our own team's access is limited to running, debugging, and improving the product, as described below.

What we collect

• Account information: the email address you sign up with, and an optional display name.
• Document content: the shared document you and the people you invite edit together, plus its edit history.
• Your private workspace: the chat with your own assistant, your private notes, and any reference files you upload. These are private to you; other participants never see them.
• Usage and analytics: standard product analytics (page views, button clicks, feature usage), via PostHog, to see how the product is used and to debug issues. PostHog session replay is on for the app, but it is set up to mask the content of your work. It records how you move through the interface — the layout, where you click, which panels you open, and how far you get — while the text of your document, your chat with the assistant, your private notes, and your display name and email are hidden (shown as blanks) in the recording. Participant names are masked where they appear as content, though a name may still show in an incidental interface label such as a hover tooltip. Anything you type into a field is masked as well. We use these recordings to understand how people actually use the product and where they get stuck, not to read what was written. Recordings are visible only to the Mediator team (this is part of the 'Operator visibility' described below), and we do not sell them or share them outside our service providers. We also strip invite and sign-in tokens out of the analytics events we record, so those links don't land in our dashboards. Some analytics events (such as a sign-up confirmation) do include your email in our dashboards.
• Payment information: credit-card and billing data is processed by Stripe; we never see or store full card numbers.
• Marketing attribution: if you arrived via a paid Google ad, we capture the click ID (gclid) so we can measure the ad campaign's effectiveness.

How we use it

• To run the AI assistant: your document and your chat are sent to our large-language-model provider (currently OpenAI) to generate your assistant's replies and the edits it proposes.
• To bill you for usage: we record token costs and debit your prepaid balance accordingly.
• To improve the product: aggregated, anonymized usage patterns inform what we build and what we fix.
• To send service emails: verification, payment receipts, and the occasional product update. We don't sell your email or send marketing blasts.

Confidentiality of your content

The shared document is visible only to the people you invite to it, and your private workspace (your assistant chat, notes, and reference files) is private to you alone. We treat all of it as confidential. We do not use it to train models. We do not share it with anyone outside the people you invited into that specific document, except (a) with our service providers, (b) when our team needs access to run the service (described below), and (c) under the Safety exception.

Operator visibility

The Mediator team may access document content for these specific purposes: debugging product issues, reviewing flagged or unusual activity (including the safety review described below), evaluating product quality, and improving prompts. We do not browse documents for any other purpose, and most day-to-day product work runs on aggregated and anonymized data. If you would prefer that we not retain a particular document, you can email hello [at] mediator.ai and we will delete it.

Service providers

To operate the service we send data to a small set of operational service providers, each under their own contractual terms. The current list:

• OpenAI: the LLM provider that powers your assistant and the edits it proposes. Your document and chat are sent to OpenAI for inference. OpenAI's API terms specify they do not retain (beyond a short abuse-monitoring window) or train on data sent via the API.
• Neon: our hosted PostgreSQL database. Account, document, and billing data live here.
• PostHog: product analytics and session replay (see "Usage and analytics" above). PostHog Cloud is hosted in the United States.
• Stripe: payment processing for credit purchases.
• Resend: transactional email delivery (verification, receipts).
• Google: Google Sign-In as an alternative to magic-link sign-up. We receive only the email address and basic profile fields you authorize.
• Fly.io: application hosting and edge delivery (currently the Chicago region).

We may add or substitute service providers as the product evolves; material changes are reflected in this page with a new "Last updated" date.

If any provider's policies change in a way that affects how your data is handled (for example, if OpenAI ever changed its retention or training policy), we will update this page and notify users.

Safety exception

In rare cases we may access or disclose content if we have a good-faith belief it's necessary to (a) comply with the law or a valid legal request, or (b) prevent imminent and serious harm, for example a credible threat of violence or self-harm, or unlawful content such as child sexual abuse material. In such a case we may share the relevant portion of the document, the account metadata, and any related logs with law enforcement or emergency responders, the at-risk person or their representatives, and our outside counsel. We will share only what is reasonably necessary for that purpose, and we will record each disclosure in an internal audit log. This is a narrow exception to the general confidentiality commitment above and is not used for routine product operation, marketing, or analytics.

Cookies and tracking

We use a small set of first-party cookies for: keeping you signed in, remembering your last conversation, attributing paid ad clicks, and measuring funnel performance. We honor browser Do Not Track signals where the analytics provider supports them, and we apply Google Consent Mode v2 defaults that deny advertising and analytics storage by default for visitors from the EU, UK, and EEA.

Your rights

You can request a copy of your data, ask us to correct it, or ask us to delete your account, by emailing hello [at] mediator.ai. EU residents have additional rights under GDPR, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

Data retention

We retain account and conversation data for as long as your account is active. When you delete your account, we delete personal data within 30 days, except where we are required to keep records for legal or tax purposes (e.g., transaction records).

Security

Data in transit is encrypted via TLS. The application database (PostgreSQL on Neon) is encrypted at rest. We use industry-standard practices for authentication and access control. No system is perfectly secure; if you suspect a vulnerability, please report it to hello [at] mediator.ai.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced on this page with a new "Last updated" date. Continued use of the service after a change constitutes acceptance of the updated policy.

Contact

Questions about this policy or how your data is handled: hello [at] mediator.ai.