Privacy

Here's some extra details about how your data is handled and how AI is used in this tool.

Most data stays on your browser

Your conversation lives in localStorage on your device. It is:

• Not sent to any analytics service
• Not kept on servers
• Not shared with third parties except as required to generate the reply (see below)

Clear your browser's site data to wipe it.

What gets sent off your device

Each time you send a message, your conversation history is sent to a server, which forwards it to the Anthropic API to generate the reply. Anthropic excludes API traffic from model training by default. Your response is not used to train models, nor can it be read by anyone but you.

A random UUID (a unique code) is generated per session and sent to Anthropic as a metadata.user_id. It does not identify you.

I am counting tokens as people chat so I don't accidentally spend $1mill on this tool, but the actual details of the chat cannot be seen.

Ethics

'AI is neither artificial nor intelligent' - Kate Crawford

Don't copy-paste!!

This tool is not a cultural policy generator (no, really!).

I made this tool to help anyone who wants to brainstorm and draft submissions that are grounded in evidence and oriented to the open submission call.

It should not be used to copy-paste into a submission, and I've tried to design it in a way that shows options and suggestions.

Using it might involve rejecting its suggestions entirely, and that’s a good outcome.

Data and training

At its worst, this kind of system could accelerate homogenisation and

I've used a simple form of model 'shaping' in this tool that means it is subtely influenced and able to cite other best-practice cultural policy and relevant literature.

The tool and its context are all available on my GitHub, and you can spin it up or copy it yourself if you want.

Climate

The environmental cost of AI is real, unevenly distributed and often obscured behind abstract concepts like 'the cloud'.

I'm not entirely convinced by a lot of the 'AI Offset' programs out there that claim to accurately offset token usage.

As an alternative, I make ongoing donations to the Australian Conservation Foundation. It’s not a perfect metric, but it is a small and tangible way of acknowledging that this work has a material cost.

Reporting a concern

Open an issue on GitHub, or email me at hello@ciaranframe.com.au

More technical stuff (if you're insterested)

What data is logged

The website logs contain:

• Timestamps of requests
• Whether a Cloudflare Turnstile challenge passed
• Rate-limit counters per IP (integers only, short TTL)
• Per-session token counts
• Errors (with stack traces) — never message content

The logs and data I can see do not contain:

• Message text, from you or the chat agent
• Conversation history
• A link between your IP and what you said

Threat model

• Prompt injection: user messages are wrapped in <user_message> tags and the system prompt treats them as data. Off-topic / jailbreak attempts get a polite redirect.
• Abuse: Cloudflare Turnstile + per-IP rate limits + hard session caps guard against automated abuse.
• Data exfiltration: server is stateless; there is no database to exfiltrate from.
• Model leaks: system prompt is treated as confidential by the agent. Not a cryptographic guarantee, but a simple backstop.
• XSS via agent output: agent replies render through a strict markdown allowlist (no HTML, no scripts, no iframes, no images).