Privacy Policy
Last updated: 2026-04-27
This is a small, solo-operated service. The privacy policy is short and accurate.
What we collect
- Email address — when you sign in, so we can issue magic links and contact you about your account.
- IP-hash — your IP address is salted and hashed into an opaque token for anonymous-tier rate-limiting and abuse prevention. We do not store the raw IP.
- Payment metadata — Stripe handles all card data. We see only the customer ID, subscription state, and pack purchases. We never see card numbers.
- Chat content — your messages are sent to Anthropic's Claude API to generate responses. We don't store chat history server-side at MVP. Logs may briefly contain truncated request data for debugging.
- Usage counters — daily and monthly message counts per account, used for plan enforcement.
What we don't collect
- No marketing tracking. No third-party analytics scripts.
- No persistent chat logs beyond Anthropic's API retention.
- No advertising IDs, no fingerprinting, no cross-site tracking.
Sub-processors
- Vercel — hosting and serverless functions.
- Upstash (Redis) — session and quota storage.
- Stripe — payments and billing.
- Resend — transactional email (sign-in links, deletion confirmations).
- Anthropic — AI model serving chat responses.
Retention
Account data lives until you delete the account. After deletion, a tombstone marker is kept for 30 days to prevent immediate re-registration with the same email; the data row itself is replaced when you re-register or naturally expires shortly thereafter.
We send only transactional email — sign-in links, payment receipts (via Stripe), and deletion confirmations. No marketing email.
Cookies
One cookie: gs_session, an HttpOnly session token, set when you sign in. It's strictly necessary for authentication. No tracking cookies.
Your rights
Delete your account from the Account page to remove your data. For specific access or correction requests, reply to your sign-in email.
Contact
Reply to your sign-in email — it goes to a real inbox.