Privacy Policy

This Privacy Policy explains what data we collect when you use Abect Dev Tools (devtools.abect.com), how we use it, and what rights you have over your data. Last updated: June 20, 2026.

Browser-based tools

Image converters, image compressors, text converters, and form-based schema generators run entirely in your browser. Files you upload or paste are processed locally using the Canvas API and File API — they are never sent to our servers. No file data leaves your device.

User accounts

Creating an account is required only for the Lora AI assistant. If you register, we collect:

  • Your email address — used for login and transactional emails (verification, password reset)
  • A bcrypt-hashed password — your actual password is never stored in plain text
  • Display name and profile photo — only when you sign in via Google OAuth
  • Authentication provider — whether you use email/password or Google
  • Account creation date

All other tools on the website (image, text, and schema tools) work without an account.

Authentication and sessions

When you sign in, we issue two tokens:

  • Access token — a short-lived JWT (15 minutes), stored in memory only. It is never written to localStorage or cookies.
  • Refresh token — a 30-day session identifier stored as a secure, httpOnly cookie (refreshToken). It is not accessible to JavaScript. The token is stored in our database as a random UUID — not as a decodable JWT.

Each time you open the site, the refresh token is used to silently restore your session. Logging out immediately invalidates the token and removes the cookie. Refresh tokens are automatically deleted from the database after 30 days. A daily cleanup job removes any remaining expired tokens.

Lora AI assistant

When you send a message to Lora, your input and the conversation history are transmitted to the DeepSeek API to generate a response. We store your conversation history — messages, selected skill, and token usage per message — in our database, linked to your account.

We do not use your messages for advertising, model training, or any purpose other than generating the AI response. Conversations are private by default and are only visible to you. You can delete individual conversations from the sidebar or delete all data by deleting your account.

Token system

Each AI request deducts tokens from your monthly balance. We maintain a transaction log of charges, refills, and bonuses linked to your account. This log is used to display your usage history in Profile → Usage and to maintain balance accuracy. The transaction log is permanently deleted when you delete your account.

Analytics

If you accept analytics cookies, we use Google Analytics 4 and Microsoft Clarity to understand how visitors use this website — page views, clicks, scrolling behavior, device type, and general usage patterns. We use this data to improve the website and identify usability issues.

Neither service loads until you explicitly accept analytics cookies via the consent banner.

Cookies

  • refreshToken — set when you sign in. Secure, httpOnly, SameSite=Strict. Expires after 30 days. Used to maintain your session.
  • Analytics cookies — Google Analytics 4 and Microsoft Clarity. Loaded only after you accept analytics cookies through the consent banner.
  • Preference storage — your cookie consent choice, color theme, and sidebar mode are stored in localStorage in your browser. This data never leaves your device.

Third-party services

  • DeepSeek — processes Lora AI requests. Your messages are sent to the DeepSeek API for inference. See DeepSeek's privacy policy.
  • Brevo — sends transactional emails (email verification codes, password reset codes). Your email address is shared with Brevo only to deliver these messages.
  • Google — handles Google OAuth sign-in. If you use "Continue with Google", Google shares your name, email, and profile photo with us. See Google's privacy policy.
  • Google Analytics 4 — analytics, consent-gated.
  • Microsoft Clarity — session analytics, consent-gated.

Data retention

  • Account data, conversations, and transaction history — retained until you delete your account
  • Refresh tokens — automatically expire after 30 days; expired tokens are purged daily
  • Analytics data — retained according to Google Analytics and Microsoft Clarity policies

Your rights

You can permanently delete your account at any time from Profile → Account → Delete account. This action is immediate and irreversible — it deletes your account, all stored conversations, all token transaction history, and invalidates all active sessions. We retain no personal data after deletion.

If you have questions about your data, contact us at support@abect.com.

Your cookie choice

You can accept or reject analytics cookies when the consent banner appears. To change your choice later, use the Cookie Settings link in the sidebar footer. Rejecting analytics cookies does not affect the core functionality of the website or the Lora AI assistant.

Changes to this policy

We may update this policy as the product evolves. The current version is always available at devtools.abect.com/privacy-policy.