Zero Server Storage
No database. No Redis. No file system writes. The POST /api/refine endpoint processes requests in-memory and discards everything on return.
No Training Contribution
All providers operate under commercial API terms that explicitly exclude your inputs from model training datasets. Your prompts stay yours.
Client-Side Only
History is stored in your browser's localStorage under two keys. We have no server-side copy — clear your browser and it's gone permanently.
How Your Data Moves
Every request follows the same stateless path. Nothing persists on our infrastructure after the response is returned.
- User fills in dashboard fields
- Client-side validation runs
- POST /api/refine sent over TLS 1.3
- Clerk auth: userId + orgId extracted
- 401 if either credential is missing
- Payload parsed in-memory (no DB write)
- Request forwarded via OpenRouter
- Provider generates response
- Commercial API terms apply
- JSON response returned to client
- Result saved to localStorage
- Server memory cleared — zero retained
Dual-Key Authentication
Every API request is protected by a two-factor gate. Clerk, a SOC 2 Type II certified identity provider, manages all sessions, passwords, and token rotation. Advi never sees or stores your credentials.
The server extracts both a userId and an orgId from every request via await auth(). If either is missing, the request is rejected with a 401 before any processing begins.
Identity provider
Clerk (SOC 2 Type II)
Auth gate
userId + orgId required — dual-key on every request
Session tokens
JWTs with automatic rotation, managed by Clerk
Password handling
Advi never receives, transmits, or stores passwords
const { userId, orgId } = await auth();
if (!userId || !orgId) {
return NextResponse.json(
{ error: "Unauthorized: Organization membership required" },
{ status: 401 }
);
}
Stateless by Design
The POST /api/refine endpoint is a pure function. Your input arrives, gets processed in-memory alongside the system instruction, and the result is returned. That's the full lifecycle. No database call, no queue, no background job, no log file touches your prompt content.
If our server restarts mid-request, there is zero user data to recover — because there was none to begin with. This architecture eliminates entire categories of data breach risk by design.
Server storage
None — no database, no Redis, no file system writes
Error logging
Metadata only (status codes, timing) — no prompt content
Data retention
0 seconds — processed in-memory, discarded on return
Backups
N/A — nothing exists to back up
const { goal, role, audience, ... } = await req.json();
─────────────────────────────────
const completion = await openai.chat
.completions.create({...});
─────────────────────────────────
return NextResponse.json(
{ result: completion.choices[0].message.content }
);
Your Data Lives in Your Browser
Advi writes exactly two keys to your browser's localStorage: advi_history for your generation records and advi_selected_model for your model preference. No cookies, no IndexedDB, no session storage.
This data never syncs to any server. We don't back it up, replicate it, or read it remotely. If you clear your browser storage, it's permanently gone — and that's by design. You have complete ownership.
Storage method
Browser localStorage — per-origin, client-side only
Keys written
advi_history (JSON array), advi_selected_model (string)
Server replica
None — we cannot access your history
Deletion
Clear browser data or use in-app delete — instant and permanent
Organization-Level Separation
Every prompt generation is tagged with the active orgId. When you switch organizations in the sidebar, the dashboard filters history to show only that organization's data. Cross-org visibility is impossible — the filter runs on every read.
Teams working across multiple client accounts will never see cross-contaminated data. Clearing history only affects the current organization — other organizations remain untouched.
Scoping mechanism
history.filter(h => h.orgId === currentOrgId)
Cross-org access
Impossible — data is keyed per organization on write and read
Bulk clear scope
Current organization only — other org data unaffected
const newItem: HistoryItem = {
id: Date.now().toString(),
orgId: orgId,
goal, result, inputs: {...}
};
─────────────────────────────────
if (orgId) {
setHistory(all.filter(h => h.orgId === orgId));
}
Model Provider Privacy
All model requests route through OpenRouter, a unified API gateway that forwards to the selected provider and returns the response without retaining content. The OPENROUTER_API_KEY lives exclusively in a server-side environment variable — it is never bundled in client code or exposed in browser responses.
Under commercial API terms, every provider explicitly excludes API traffic from model training datasets. Your proprietary prompts, business context, and generated outputs will not appear in future model versions.
Gateway
OpenRouter — routes to selected provider, no content storage
API key exposure
Server-side env var only — never in client bundle
Training opt-out
Enforced by commercial API terms across all 5 providers
Provider Training Policies
Google (Gemini)
API data excluded from model improvement pipelines
Anthropic (Claude)
Commercial API inputs excluded from training datasets
OpenAI (GPT-4o)
API data not used to train models by default
xAI (Grok)
Enterprise API traffic excluded from training
Meta (Llama)
Open-weight model — inference runs via OpenRouter, no data sent to Meta
Transport & Hosting
Every layer of the stack runs on production-grade infrastructure trusted by thousands of enterprise applications.
Encryption in Transit
TLS 1.3
All traffic between your browser and our API is encrypted with the latest TLS protocol. Enforced at the infrastructure level — no opt-out.
Hosting & Edge
Vercel
Deployed on Vercel's edge network with automatic DDoS mitigation, geographic routing, and serverless function isolation.
Authentication
Clerk
SOC 2 Type II certified identity platform handling all passwords, sessions, MFA, and organization management.
Secrets Management
Env Variables
CLERK_SECRET_KEY and OPENROUTER_API_KEY stored in server-side environment variables. Never in client bundles or git history.
Where Your Data Lives
Transparency Checklist
Stateless API — no server-side prompt storage
Browser-local history with full user control
Organization-level data isolation on every read
TLS 1.3 encryption on all connections
SOC 2 Type II certified auth provider (Clerk)
API keys in server-side env vars only
We do not store your prompts on any server
We do not log prompt content in error reports
We do not sell, share, or monetize your data
We do not use your inputs for model training
We do not track prompt content in analytics
We do not have access to your prompt history
Questions from your security team?
We're happy to fill out vendor security questionnaires, provide architecture diagrams, or walk your team through the codebase on a call.