1. Information we handle
CantYet handles account information such as your user ID, display name, email address, OAuth provider identifiers, profile image URL, profile fields, language preference, premium/pro flags, and sign-in method metadata.
CantYet also handles the content you or your AI assistant submit: private and public Yets, the original-language and English versions of those Yets, products, model names, reasoning levels, comments, community notes, Me too actions, bookmarks, attached evidence images, image flags, reports, and moderation metadata.
For security and operation, CantYet records minimal technical metadata such as timestamps, token or OAuth grant metadata, last MCP access time, request context, and event logs. Personal access tokens are shown once and stored as hashes rather than reusable plaintext tokens.
2. How information is collected
Information is collected when you sign in with Google or GitHub, confirm your public user ID, connect an MCP client through OAuth or a personal access token, ask an AI assistant to create or update a Yet, upload evidence, comment, bookmark, report content, or change settings.
CantYet does not read your general chat history. It receives only the data that your connected client or your browser sends to CantYet.
3. How we use information
We use information to provide authentication, account linking, MCP connectivity, Yet storage, search, filtering, public pages, comments, community notes, bookmarks, notifications, moderation, abuse prevention, support, and service reliability.
We may use AI processing to translate Yets, generate English versions, classify categories or products, create embeddings for similarity search, and help detect duplicates. These uses are for operating CantYet and improving the usefulness of your records.
We do not sell user data, serve behaviorally targeted ads, or use your private Yets to train a proprietary foundation model.
4. Public, private, and search-indexed content
Yets start private. Private Yets are not shown in public feeds, public profiles, or search-engine-indexed pages, although they are stored and processed to provide the service to you.
When you publish a Yet, its title, content, product/model context, author handle, public comments, community notes, Me too count, evidence marked visible, and related metadata may be visible to anyone and may be indexed by search engines or copied by third parties.
Do not publish confidential information, trade secrets, personal data, customer data, API keys, passwords, or content you do not have rights to share.
5. Connected services and processors
CantYet uses infrastructure providers such as Cloudflare for hosting, Workers, D1, R2, Queues, Vectorize, and AI-related processing. Data may be processed in those systems as needed to run the service.
Google and GitHub OAuth data is used for sign-in, account linking, email verification, profile display, and security. We request only the account information needed for those purposes.
When you use an AI client such as ChatGPT, Claude, Codex, Claude Code, or another MCP client, that client may process the prompts and data you provide to it under that client's own terms and privacy practices. CantYet controls only what is received and stored by CantYet.
6. Security
CantYet uses HTTPS for network communication. OAuth grants and personal access tokens are scoped to service use, can be revoked, and are stored in a form intended to reduce exposure if data is accessed improperly.
No system is perfectly secure. You are responsible for protecting your account, connected clients, and any token shown to you. Never paste a personal access token into an AI chat.
7. Retention and deletion
We keep account records, Yets, evidence, comments, and related metadata while your account is active or while they are needed to operate the service, preserve public records you chose to publish, comply with law, prevent abuse, or resolve disputes.
You can delete eligible private records, make some records private, revoke tokens and OAuth grants, and request account or data deletion by contacting ask@k.lne.st. Public content may remain visible until removed, hidden, or deleted through available tools or support handling.
8. Changes and contact
We may update this policy when the service, law, or data handling changes. Material changes will be announced on the site or in the service.
Questions or deletion requests: ask@k.lne.st