Legal

Privacy Policy

Last updated: 15 May 2026

Plain-English summary. Seahorse is designed to keep your data on your computer. We do collect a Seahorse account record (email, display name, tier, trial expiry, list of devices you have activated) so the app knows who you are across machines, plus your purchase details if you buy a licence via Lemon Squeezy, plus an optional anonymous monthly heartbeat. Crucially, we do NOT collect your conversations, memory cards, notes, calendar, connector tokens, or any other content Seahorse processes on your behalf. We do not sell data. We do not run analytics that profile you. The legal text below explains all of this in detail.

Some systems described below — licence verification, billing via Lemon Squeezy, and the optional anonymous telemetry — activate when Seahorse moves from early access to public launch. During the early-access period Seahorse runs fully local and none of those calls are made.

1. Who we are

This Privacy Policy applies to SEAHORSE, a desktop application and accompanying website (seahorseapp.co.uk) operated by Ironbridge Games LTD (Company No. 16882669), a company registered in England and Wales with its registered office at 2 Jarvis Place, St Michaels, Tenterden, TN30 6DQ, United Kingdom.

For the purposes of UK GDPR and the Data Protection Act 2018, Ironbridge Games LTD is the data controller for personal data we process. You can reach our data contact at henry@seahorseapp.co.uk.

2. What data we collect, and why

We have deliberately built Seahorse so that the vast majority of your data never leaves your computer. The categories below cover everything we ever touch.

2.1 Your Seahorse account

When you create a Seahorse account (via the website signup or in-app sign-in), we store the following on a Cloudflare-hosted database (D1) we operate:

That is the complete account record. We use it to know who you are across machines, whether your account is active, and how many devices you have activated against your tier's device cap.

2.2 Magic-link authentication tokens

Sign-in is by emailed magic link, no passwords. When you request a sign-in, we generate a short-lived (15-minute) one-time token, store it briefly, and email you a link containing it. The token is single-use and is deleted after consumption. We may retain a hashed reference to it for 30 days for audit (to investigate phishing or brute-force attempts). No password is ever set, transmitted, or stored.

2.3 Purchase and billing information

If you upgrade to the Paid tier, the payment is processed by Lemon Squeezy (Lemon Squeezy LLC), who act as the merchant of record. They collect and process your name, billing address, payment method, and email address under their own privacy policy at lemonsqueezy.com/privacy. Ironbridge receives only your email address and the fact that you bought a licence, attached to your account record. We never see your card number or full billing address.

2.4 Account/licence verification calls

Once you are signed in on a device, the Seahorse app contacts our account server periodically (roughly every 5 minutes while open, and on app focus) to refresh your tier and trial expiry. These calls send:

No conversation content, no Brain data, no connector data, no usage statistics. Cloudflare access logs (IP + user agent) are retained for 30 days for fraud detection then deleted.

2.5 Optional anonymous telemetry

If you turn it on in Settings (it is off by default), Seahorse will send a single message once per month containing: a random installation identifier, the current Seahorse version, and the month it was opened. No keystrokes, no content, no behaviour data, no personally identifiable information. The purpose is to know how many people are actively using Seahorse. You can turn it off again at any time, and any past anonymous identifiers cannot be linked back to you.

2.6 Cookies on the website

seahorseapp.co.uk uses only strictly-necessary cookies. We do not use Google Analytics, Facebook Pixel, or any cross-site tracking. If you submit the signup form, a small Cloudflare Turnstile cookie may be set to verify you are not a bot. That cookie is set by Cloudflare on a single page-load and expires shortly after.

3. What data we DO NOT collect

This list is deliberate. None of these things ever leave your computer or reach Ironbridge:

4. Optional cloud AI

Seahorse runs primarily on a local AI model on your machine, so day-to-day use sends nothing off your device. If you choose to opt in to a cloud AI provider (Anthropic Claude or OpenAI) using your own API key, the conversation context for those specific requests will be sent to that provider. From that point, the provider's own privacy policy applies:

Cloud AI is off by default. You can turn it on, off, or switch providers at any time in Settings. Ironbridge never sees the content of those requests.

5. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

6. Third-party processors

We use a small number of processors to deliver Seahorse. Each is contractually bound by a data-processing agreement.

7. International transfers

Some of our processors are based outside the UK. Where personal data leaves the UK or EEA, we rely on UK and EU approved transfer mechanisms (Standard Contractual Clauses and the UK International Data Transfer Addendum). Cloudflare and Lemon Squeezy have published their compliance with these mechanisms.

8. How long we keep your data

9. Your rights under UK GDPR

You have the right to:

To exercise any of these rights, email henry@seahorseapp.co.uk. We will respond within 30 days.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Children

Seahorse is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Security

We take the following measures to protect personal data: