Back to Reuniverse

Privacy Policy

Last updated · June 30, 2026

Reuniverse ("Reuniverse", "we", "us") is a founder-supervised AI venture workspace at reuniverse.ai, operated by its founder. This policy explains what we store, what we deliberately do not, and the choices you have. The core idea: Reuniverse is built local-first, so the substance of your work stays on your own device.

The short version

  • Your venture content — ideas, planets, drafts, notes, and code — lives in your browser. We do not store it on our servers.
  • Your API keys (for AI providers, social tools, or Google service accounts) live in your browser and are sent only to the provider you chose, or to a runner on your own machine — never to us.
  • Our servers hold only the account metadata needed to sign you in and sync across your devices — never your content.

What we store on our servers (metadata only)

If you create an account, we store a small amount of metadata so that sign-in and cross-device sync work:

  • Account profile: your name, email address, and avatar URL, as provided by your sign-in method (Google, GitHub, or a one-time email code).
  • Authentication records: session tokens and basic login information.
  • Sync metadata: which planets exist (by ID), timestamps, and status flags — never their content.
  • Organization membership, when you create or join an org.
  • Managed-tier flags: whether your account is approved for the managed AI tier, and an aggregate per-day usage counter used to enforce limits — not your prompts or outputs.
  • Discord link: if you connect Discord, the mapping between your account and your Discord user ID, so the remote control can authorize you.

We enforce metadata-only in code

Our build pipeline runs an automated check that fails the build if a content-bearing column is ever added to our database schema. This keeps the metadata-only rule from drifting over time.

Your API keys stay with you

When you connect an AI provider, a social-posting tool (Ayrshare), or a Google service account, that key is stored in your browser and transmitted only to that provider's API, or to the optional local runner you run on your own computer. It is never sent to, stored by, or logged on a Reuniverse server.

The optional local runner

If you run the optional Reuniverse runner on your own machine, it listens only on your computer's loopback address (127.0.0.1), never connects to Reuniverse servers, and uses your own Claude and Git credentials, which it resolves locally.

The managed AI tier (optional, approval-only)

If the operator approves your account for the managed tier, your prompts are sent to our server so we can attach the operator's own AI provider key and forward the request to the AI provider (currently DeepSeek). We forward these prompts to fulfill your request and do not store or log their content; we keep only an aggregate per-day usage counter to enforce the daily limit. This tier is off by default, is granted at the operator's discretion, and runs on the operator's own paid API key.

Third-party services

Depending on which features you use, data flows to these services, each under its own privacy terms:

  • Hosting and database: Vercel (hosting) and Neon (Postgres) — account metadata only.
  • Sign-in: Google and GitHub (OAuth), or email one-time codes.
  • AI: the provider whose key you supply (your key, your account), or DeepSeek for the managed tier.
  • Optional integrations you choose to connect: Ayrshare (social posting), Google Search Console and Analytics (via your service account), GitHub (your repositories), and Discord (remote control).

Cookies and local storage

We use a first-party cookie to keep you signed in. We use your browser's local storage to hold your universe (your content) and any API keys you add. We do not use third-party advertising or cross-site tracking cookies.

Keeping and deleting your data

Your local content stays in your browser until you clear it — clearing your browser storage removes it. Account metadata stays until you delete your account. To delete your account and its server-side metadata, or to ask what we hold about you, contact us at yy5091@nyu.edu.

Your rights

You can access, correct, or delete your account metadata and disconnect any integration at any time. Depending on where you live (for example the EEA, the UK, or California), you may have additional rights over your personal data; contact us to exercise them.

Children

Reuniverse is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their data.

International users

We operate from the United States. If you use Reuniverse from elsewhere, your account metadata may be processed in the United States.

Changes to this policy

We may update this policy. We will revise the "Last updated" date above and, for material changes, provide reasonable notice.

Questions about this page? Contact us at yy5091@nyu.edu.