Privacy Policy

Last updated: March 14, 2026

Overview

Chinilla is an AI-powered system design tool operated by Alex Kwon, DBA Chinilla. This policy describes what data we collect, why, and how we handle it. The short version: we collect as little as possible, we never sell your data, and we never train AI models on your designs.

What We Collect

Designs. Your designs are stored locally in your browser's localStorage. They never leave your device unless you explicitly use an AI feature, which sends canvas context to xAI's Grok API for processing.

Account information. When cloud accounts are available, signing in with Google or GitHub will provide your name, email address, and profile picture from the OAuth provider. We will store this to identify your account and enable cloud saving.

No analytics or tracking pixels. We do not use Google Analytics, Facebook Pixel, or any third-party tracking. We do not fingerprint your browser.

AI and Your Data

When you use AI features (chat, validation, simulation scenarios, PRD generation), your canvas data and messages are sent to xAI's Grok API for processing. This happens only when you actively use an AI feature.

We do not train models on your data. Your designs, messages, and canvas content are not used to train or fine-tune any AI model.

xAI processes requests under their own privacy policy. We recommend reviewing xAI's privacy policy for details on how they handle API requests.

How We Use Your Information

  • Process AI requests when you use chat, validation, or generation features
  • Respond to support requests submitted through our contact form

Third-Party Services

We use the following third-party services:

  • xAI (Grok) for AI chat, validation, and generation features
  • Render for hosting and infrastructure

We do not share your data with anyone else. We do not sell data to advertisers, data brokers, or any other third party.

Data Storage and Security

Chinilla is local-first. Your designs are stored in your browser's localStorage and never transmitted to our servers unless you explicitly use an AI feature.

All traffic between your browser and our servers is encrypted in transit via TLS. Server-side API keys (for xAI) are stored as environment variables and never exposed to the client.

Data Retention

Local designs remain in your browser's localStorage until you clear your browser data or delete them. We do not retain copies of local designs on our servers.

AI chat messages are held in memory during your active session only. They are not persisted to disk on our servers.

Your Rights

  • Export: You can export your designs as JSON directly from the canvas at any time.
  • Delete: You can delete individual designs from the workspace. Since designs are stored locally, clearing your browser data removes all designs.
  • Control: All data stays in your browser by default. No account is required to use Chinilla.

Children

Chinilla is not directed at children under 13. We do not knowingly collect personal information from children under 13.

Changes

We may update this policy. Significant changes will be communicated through the app or via email. Continued use of Chinilla after changes constitutes acceptance.

Contact

Questions about this policy? Email squeak@chinilla.com or use our contact form.