Privacy Policy
1. What we collect
- Your email address — used for magic-link login and service notifications. Nothing else. No marketing without consent.
- Your decision text — the descriptions you write and your interview answers.
- Analysis results — the AI-generated output saved to your account.
- Subscription and credit records — your plan status and a credit ledger, linked to a LemonSqueezy customer id.
We do not collect or store passwords (magic links only), payment card details (handled entirely by LemonSqueezy on their servers), or anything beyond what you explicitly submit.
2. Automatic PII redaction
Before your decision text and interview responses are screened, sent to any AI provider, or stored in our database, we automatically scan for and redact email addresses, phone numbers, Social Security Numbers, and IP addresses, replacing each with a placeholder such as [REDACTED_EMAIL]. Redaction happens automatically on our server. Patterns can never be exhaustive, so we still recommend not pasting other identifiers (home addresses, card numbers, medical record numbers, passwords).
3. Who processes your data
We never sell your data and never use it to train AI models. To operate the Service, data is shared with these processors and no one else:
| Service | What it receives | Why |
|---|---|---|
| OpenRouter | Redacted decision text and interview answers | Routes analysis requests to the AI models below |
| OpenAI | Redacted decision text (via OpenRouter); AI output text | Primary analysis model (GPT-4o) and output safety moderation |
| Anthropic | Redacted decision text (via OpenRouter) | Fallback analysis model (Claude) when the primary is unavailable |
| Resend | Your email address | Delivers magic-link login emails |
| LemonSqueezy | Your email address and account id | Payment processing and checkout |
| Plausible | Anonymous page views (no cookies, no persistent identifiers) | Privacy-friendly site analytics |
| DigitalOcean | Everything above, encrypted at rest | Hosts our application and database |
| Google Fonts | Your IP address and browser user-agent | Serves the Inter font files |
Per their API terms, OpenAI and Anthropic do not train models on API inputs by default, and our OpenRouter account is configured not to log prompts.
4. How long we keep it
- Analyses and transcripts — until you delete them or delete your account.
- Login tokens — stored as one-way hashes, expire after 15 minutes, and are purged from the database shortly after expiry.
- Server logs — roughly 30 days (DigitalOcean default). Emails are redacted in logs; your decision text is never logged.
- Payment records — credit-ledger entries are retained for accounting.
5. Your rights
- Export — download everything we hold about you (account info plus all analyses) as JSON from your account menu.
- Delete an analysis — any time, from the app. Deletion is immediate and permanent.
- Delete your account — from your account menu, or email us. This permanently removes your account, analyses, transcripts, credit ledger, and login-token history.
6. Security
- All traffic is HTTPS; database connections are TLS-encrypted.
- Magic-link tokens are stored only as SHA-256 hashes and are single-use.
- Sessions expire automatically; no passwords exist to leak.
- If your input triggers our harm policy, nothing is saved and nothing is charged — and the content of your input is never written to logs.
7. Changes
We'll notify you by email about material changes to this policy. The "Last updated" date above always reflects the current version.
8. Contact
Privacy questions or data requests: [email protected].