Last updated: 2026-04-21
Privacy Policy
How MultiAI handles your data — what we collect, why, and how to delete it.
Who we are
MultiAI (multiai.itlibra.com) is operated by itlibra. Contact: via itlibra.com.
What we collect
Account: email address and hashed password (bcrypt). API keys for third-party AI providers (OpenAI, Anthropic, Google) that you voluntarily register. Keys are encrypted at rest with AES-256-GCM. Only the last 4 characters are ever shown back to you; the plaintext is never retrievable via the UI. Chat content: your prompts and the model responses you generate, stored so you can review session history. You can delete individual sessions at any time. Usage metadata: per-message latency, input/output tokens, and estimated cost, used for the cost dashboard shown to you. Analytics: Google Analytics 4 (page views, referrer, approximate geography, device class). Loaded only after you consent via the cookie banner. Ads: Google AdSense may set cookies to personalise or measure ads. Loaded only after consent.
How we use your data
To operate the service: authenticate you, deliver your prompt to the AI provider you selected, return and store the response, show you usage and cost metrics. To improve reliability: aggregate, non-identifying usage patterns. We do not sell your data. We do not use your chat content to train any model.
Third parties
When you send a prompt, it is transmitted to the AI provider you selected (OpenAI, Anthropic, or Google), using the API key you supplied, subject to that provider's own privacy policy and terms. Analytics: Google LLC (Google Analytics 4). Ads: Google LLC (AdSense). Hosting: Xserver VPS in Japan.
Cookies
Essential cookies: the authentication session cookie (required to keep you logged in). Optional cookies (analytics and ads): loaded only after you click Accept on the cookie banner. You can change this later by clearing site data in your browser.
Your rights
You can delete any chat session from the History page. You can delete stored API keys from the API Keys page. To delete your entire account and all associated data, contact itlibra.com — we will erase everything within 30 days. EU / UK users: you have the rights of access, rectification, erasure, and objection under GDPR. US users: rights under CCPA where applicable.
Security
HTTPS everywhere. API keys encrypted with AES-256-GCM. Database isolated per service. Regular security patches. No system is perfectly secure; use strong unique passwords and consider rotating API keys periodically.
Data retention
Accounts and chat history are retained until you delete them or delete your account. Analytics data is retained according to Google Analytics defaults.
Children
MultiAI is not intended for users under 13. Do not use the service if you are under 13.
Changes
We may update this policy as the service evolves. Material changes will be announced on the site. The “Last updated” date reflects the current version.