// Legal

PRIVACY
POLICY

Last updated: May 2026

This site is a portfolio project built by Alex Turner — a software engineering student at BYU-Idaho. The demo simulates a real AI agent deployment for a fictional plumbing business called "Rapid Flow Plumbing." This policy is honest about what data the demo collects and how it's handled. No legalese. No fluff.

1. What This Site Is

This is a live portfolio demonstration of an AI agent system I built from scratch. It's not a commercial product and it's not affiliated with any real plumbing business. "Rapid Flow Plumbing" is a fictional client I created to show how the system works in a real-world context.

The system behind this demo is something I'm genuinely proud of. Here's what I actually built:

A multi-tenant AI agent platform with a 9-table Supabase (PostgreSQL + pgvector) backend
A RAG pipeline using Gemini embeddings (768-dimensional vectors) for semantic knowledge retrieval
Dynamic LLM routing across Claude, GPT-4, Gemini, and Llama 3.3 via Groq
n8n workflow orchestration with a Python (FastAPI) sidecar for AI processing
Rate limiting, full audit logging, and conversation history stored as JSONB
Self-hosted on AWS Lightsail with Docker containers and Cloudflare tunnels for secure ingress
Per-client knowledge bases, system prompts, and API key isolation
Intelligent human handoff when the agent can't answer or the customer requests it

2. What Data This Demo Collects

When you use the chat

The messages you send to the AI agent
A randomly generated session identifier (created fresh each visit, not tied to your identity)
Any information you voluntarily provide during the conversation (name, address, phone) as part of the booking flow demo

Note: This is a demo. No real appointments are booked. Any personal info you enter during the booking flow is stored temporarily for demo purposes and deleted within 24 hours.

What I don't collect

No cookies or tracking pixels
No browser fingerprinting
No IP addresses stored by me (Cloudflare may log these at the network layer per their own policy)
No payment information of any kind

3. How Your Messages Are Processed

When you send a message, here's exactly what happens under the hood:

Your message is received by an n8n workflow running on my AWS Lightsail server
A FastAPI Python service generates a Gemini embedding of your message and searches the knowledge base using cosine similarity
The top matching knowledge base entries are passed as context to an LLM (Claude, GPT-4, Gemini, or Groq depending on configuration)
The LLM generates a response, which is returned to the chat interface
The conversation is logged to Supabase for audit purposes

Your message content is transmitted to the following third-party AI providers to generate a response:

Anthropic (Claude) — Privacy Policy
OpenAI (GPT-4) — Privacy Policy
Google (Gemini + embeddings) — Privacy Policy
Groq (fast Llama inference) — Privacy Policy

I don't authorize these providers to use your data to train their models beyond what their own policies allow. If that concerns you, check their policies directly.

4. Data Retention

I want to be upfront about this: I don't currently have an automated data deletion system in place. Conversation data and audit logs are stored in Supabase and may be retained indefinitely until I implement automated lifecycle management (pg_cron scheduled deletion is on the roadmap).

Demo conversations — stored in Supabase, no automated deletion currently. If you want yours removed, email me and I'll delete it manually within 30 days.
Audit logs — stored for debugging and security review, no automated expiry set yet
No data is sold, shared with advertisers, or used for any commercial purpose — ever

5. Security

I built security into this system from the start — not as an afterthought. Here's what's in place:

All data transmitted over HTTPS / TLS
Database access restricted to service role keys — not exposed to the frontend
Row-level security (RLS) policies on all Supabase tables
API endpoints protected by bearer token authentication
No sensitive data exposed in browser-side code
Regular API key rotation built into the system architecture
Full audit logging of all requests, responses, handoffs, and errors
Rate limiting to prevent abuse (20 messages per hour per session)

6. Your Rights

Even though this is a demo, I'll treat your data with respect. You can request:

Deletion — I'll remove any data associated with your session
Access — I can tell you what data was stored from your session

Just email me and I'll handle it within 30 days.

7. Changes to This Policy

If I update this policy, I'll change the "Last updated" date at the top. Since this is a portfolio project, changes will usually just reflect new features I've added to the demo.

8. Contact

Alex Turner

Software Engineering Student · BYU-Idaho · AI & Full-Stack Developer

Email: [email protected]

Portfolio: alexturner-portfolio.com

Response time: within 30 days

PRIVACYPOLICY