Stillwind Logo

Privacy Policy

Last updated: 2026-05-19

This Privacy Policy describes how P2P Industries Inc., a Delaware corporation (“Stillwind”, “we”, “us”), collects, uses, and discloses information when you use our website at stillwind.ai, the Stillwind Search application, and any related services (collectively, the “Service”).

We operate from the United States and Switzerland. Our primary backend servers are located in the United States (Amazon Web Services). Our frontend and the search agent are deployed on Cloudflare Workers and may execute in any Cloudflare data center worldwide. Search chat history and related agent state are stored in Cloudflare Durable Object storage.

1. Information We Collect

1.1 Information you provide

  • Account information. When you create an account, we collect your name, email address, and (depending on the sign-in method you choose) information from your OAuth provider (GitHub, Google, Apple, or Microsoft), or your passkey credentials. If you set or change a password, we store only a salted hash; we never store passwords in plain text.
  • Waitlist information. If you join our waitlist, we collect your name, email address, and (optionally) company name.
  • Search queries and chat content. We store the queries, chats, and messages you submit to the search agent so we can show you your search history and improve the Service.
  • Uploaded files. Logged-in users may upload PDF documents (for example, datasheets) as part of a chat. We store these files indefinitely so you can return to them. You can ask us to delete uploaded files at any time (see Section 6).
  • Communications. If you email us or otherwise contact us, we keep a record of that correspondence.

1.2 Information collected automatically

  • Anonymous user accounts. If you use the Service without signing in, we create an anonymous user record so we can associate your session and search history with a stable identifier. This anonymous account is not linked to a name, email, or any other direct identifier we hold.
  • Session and authentication cookies. We set a session token cookie (including for anonymous users) so the Service can remember your session across requests. This cookie has an expiration longer than a single browser session. It is strictly necessary for the Service to function.
  • Local and session storage. The Service stores small pieces of non-identifying state in your browser’s local storage and session storage (for example, UI preferences and PostHog analytics identifiers).
  • Usage and device data. When you use the Service, we and our analytics provider (PostHog) automatically receive standard log information such as IP address, user agent, referrer, pages visited, and timestamps. PostHog does not set cookies; it stores a session identifier in your browser’s local storage.

2. How We Use Information

We use the information described above to:

  • provide, operate, secure, and improve the Service;
  • authenticate you and maintain your session;
  • respond to your inquiries and provide customer support;
  • send you transactional emails (for example, sign-in links or account notices);
  • analyze usage patterns and product performance, including through PostHog analytics;
  • detect, investigate, and prevent fraud, abuse, and security incidents;
  • comply with legal obligations and enforce our terms;
  • improve our search agent and underlying models, including by training, fine-tuning, and evaluating our own models on data you submit to the Service. Where reasonably practicable, we use deidentified or aggregated forms of that data for these purposes. You can opt out of having Your Content used for model training as described in our Terms of Service. Note that we cannot reverse training that has already occurred or remove content that has already been incorporated into a trained model.

3. Legal Bases (EEA / UK / Swiss Users)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR / Swiss FADP to process your personal data:

  • Performance of a contract — to provide the Service you have requested (account creation, sign-in, search, chat history, file uploads).
  • Legitimate interests — to operate, secure, and improve the Service, to perform analytics, and to communicate with you about the Service. You may object to processing based on legitimate interests at any time.
  • Consent — where we ask for it (for example, optional marketing communications). You may withdraw consent at any time.
  • Legal obligation — where we must process data to comply with applicable law.

4. Sharing and Disclosure

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes. We share information only as described below.

4.1 Service providers (sub-processors)

We use third-party service providers to host and operate the Service. These providers act as our processors and may store or process your data on our behalf:

  • Amazon Web Services (US) — primary database and object storage.
  • Cloudflare — frontend hosting, search agent execution, Durable Object storage for chat history, KV-based session cache, and analytics relay.
  • OpenAI, Anthropic (via Amazon Bedrock), and Google (Vertex AI) — large language models used by the search agent. Queries and chat content you submit to the search agent are sent to these providers so they can generate responses. Each provider processes data subject to its own terms; for example, Amazon Bedrock contractually does not use customer prompts or completions to train its or third-party models, but we cannot make the same guarantee for every model provider, and we do not independently audit their practices.
  • Resend — transactional email delivery (for example, sign-in and account emails).
  • PostHog — product analytics.

Although some of these providers store data in their own infrastructure, that storage is private to Stillwind and is not made available to other customers of those providers.

4.2 Legal and safety

We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or is necessary to protect the rights, property, or safety of Stillwind, our users, or others.

4.3 Business transfers

If Stillwind is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will require the receiving entity to honor this Privacy Policy with respect to your information.

5. International Data Transfers

Because we operate from the United States and Switzerland and use Cloudflare’s global edge network, your information may be transferred to, stored in, and processed in countries outside your country of residence, including the United States. Where required by law, we rely on appropriate transfer mechanisms (such as the European Commission’s Standard Contractual Clauses or the EU-US Data Privacy Framework where applicable) to protect data transferred out of the EEA, the UK, or Switzerland.

6. Data Retention and Deletion

We retain account data, search history, chat content, and uploaded files for as long as your account is active. We do not currently delete inactive accounts automatically.

If you would like to delete your account or any specific data we hold about you (including uploaded files or particular chats), please email privacy@stillwind.ai. We will verify your identity and process valid requests within the timeframes required by applicable law (within 30 days under the GDPR / UK GDPR, and within 45 days under the CCPA/CPRA, in each case subject to any permitted extension). After deletion, residual copies may persist in routine backups for a limited period before being overwritten.

Anonymous users. If you use the Service without signing in, we cannot reliably link the resulting anonymous user record back to you, and we therefore cannot respond to deletion requests for anonymous activity. As a result, data associated with anonymous users (including search queries and chat history) may be retained indefinitely. If you want to be able to delete your data later, please create an account.

7. Your Rights

7.1 EEA, UK, and Swiss residents

Subject to applicable law, you have the right to (a) access the personal data we hold about you, (b) request correction of inaccurate data, (c) request deletion, (d) object to or restrict certain processing, (e) request portability of data you have provided to us, and (f) withdraw any consent you have given. You also have the right to lodge a complaint with your local data protection authority — in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC).

7.2 California residents

Subject to the CCPA/CPRA, California residents have the right to (a) know what personal information we collect, use, and disclose, (b) request deletion or correction of personal information, (c) opt out of the “sale” or “sharing” of personal information, and (d) not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.

7.3 How to exercise your rights

To exercise any of these rights, email privacy@stillwind.ai. We may need to verify your identity before responding. You may use an authorized agent to submit a request on your behalf where permitted by law.

8. Cookies and Similar Technologies

The Service uses the following browser storage:

  • Authentication / session cookies (strictly necessary). Set by our authentication system to keep you signed in. These are also set for anonymous users so the Service can recognize your session.
  • UI preference cookies. For example, a cookie that remembers whether the sidebar is expanded.
  • Local storage and session storage. Used for non-tracking UI state and for a PostHog analytics session identifier. PostHog does not set cookies on this Service.

Because we currently use only strictly necessary cookies and non-cookie analytics storage, we do not display a separate cookie banner. You can block or delete cookies and clear local storage in your browser settings, but doing so may prevent parts of the Service from working correctly.

9. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS), encryption at rest for our primary databases and object storage, hashed passwords, scoped credentials, and access controls. No method of transmission or storage over the internet is completely secure, and we cannot guarantee absolute security.

10. Children

The Service is not directed to, and we do not knowingly collect personal information from, anyone under the age of 16. If you believe we have collected information from a child under 16, please contact us at privacy@stillwind.ai and we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by additional notice (for example, by email or an in-product notice). Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the changes.

12. Contact

If you have questions or requests about this Privacy Policy or our data practices, please contact us at privacy@stillwind.ai.

P2P Industries Inc.
1111B S Governors Ave STE 25585
Dover, DE 19904
United States