Legal

Terms of Service

Last updated: March 24, 2026

1. Encryption Architecture and Liability

Balon AI uses client-side end-to-end encryption (E2EE) for certain data categories. Where active, encryption occurs in your browser using a Master Encryption Key (MEK) derived from your password — we never receive your password or MEK in plaintext.

Currently encrypted: Chat message content (after delivery), your encryption key material, and hashed user API keys.

Not yet encrypted: Preset system prompts, uploaded files, and the brief plaintext window during active message streaming. We are actively expanding coverage.

For data protected by active E2EE, Balon AI cannot read, decrypt, or recover your data without your credentials. If you lose your password and your recovery key, encrypted data is irretrievable. By using our service, you acknowledge and accept that Balon AI bears zero liability for data loss resulting from lost credentials.

2. API Keys and Schema Normalization

To balance our Zero-Trust Architecture with the need for autonomous server-to-server operations (such as backend API calls or background jobs), Balon AI utilizes a dual-key schema normalization protocol.

  • User API Keys: When you generate a User API key, the plaintext is shown to you exactly once. Our servers instantly discard the plaintext and retain only a one-way cryptographic hash. It is your responsibility to securely store the plaintext key immediately.
  • System API Keys: System keys used for autonomous backend services are securely encrypted symmetrically by our servers. To prevent cryptographic targeting, User Keys are padded with encrypted decoy data (schema normalization) to render them indistinguishable from System Keys in our database.

You agree to properly secure your User API keys in dedicated vaults and understand that Balon AI cannot recover the plaintext of a User API key once the initial generation dialog is closed.

3. Ephemeral Storage and Physical Security

To provide a seamless experience, Balon AI temporarily caches decryption keys in your browser's local session storage during active sessions. This avoids requiring your password on every action.

This ephemeral caching places responsibility for physical device security on you. An adversary with physical access to your unlocked device could theoretically extract session keys. Balon AI is not liable for data compromises resulting from unsecured local endpoints.

4. Shared Organization Workspaces

When you invite a member to an organization, our system wraps the Organization Master Encryption Key (Org MEK) with the invitee's public RSA key. You acknowledge that under the current architecture, granting organization access provides the invitee with cryptographic capability to decrypt the entire historical encrypted state of that organization workspace.