LEGAL STUFF

PRIVACY
POLICY

Last Updated: January 2025
We don't sell your data. We don't train AI on your specs. We don't do shady shit. Here's exactly what we collect and why.

WHAT WE COLLECT

Account Information

  • Email address (for login and support)
  • Password (hashed via Supabase Auth - we never see it)
  • Subscription status (Basic, Pro, Enterprise)

Ticket Content

  • Your raw ticket text (temporarily stored)
  • AI-generated roasts and questions
  • Final polished specifications
  • History limited to 30 days (Basic) or 90 days (Pro)

Payment Information

  • Processed by Stripe (PCI-DSS compliant)
  • We store only: Stripe Customer ID, subscription status, renewal dates
  • We NEVER see your credit card details

Usage Analytics

  • Number of tickets roasted
  • Feature usage (which tools you use most)
  • Performance metrics (page load times, error rates)
  • No IP tracking, no creepy behavior profiling

WHAT WE DON'T DO

✗We DON'T train AI models on your tickets. Your specs stay yours. Claude (our AI provider) has a zero-retention policy for API data.

✗We DON'T sell your data. Not to third parties, not to advertisers, not to anyone. Our business model is subscriptions, not surveillance.

✗We DON'T use cookies for tracking. Session cookies only (to keep you logged in). No marketing pixels, no cross-site trackers.

✗We DON'T share specs publicly. No case studies without permission. No "featured specs" gallery. Your work stays private.

HOW WE USE IT

To roast your tickets: We send your raw spec to Claude AI, get back analysis/questions/specs, then store results temporarily so you can iterate.

To manage your account: Login, subscription status, payment processing, customer support.

To improve the product: Aggregate usage stats (e.g., "80% of users regenerate at least twice"). Never individual ticket content.

To send transactional emails: Password resets, payment receipts, subscription updates. No marketing spam unless you opt in.

YOUR RIGHTS

Access Your Data

Email us anytime. We'll send you everything we have on you within 7 days.

Delete Your Data

Cancel subscription → Account deleted → All specs wiped within 30 days.

Export Your Data

Download all your specs as Markdown files. One-click export coming Q2 2025.

Correct Errors

Wrong email? Update in settings. Billing issue? Contact Stripe support.

SECURITY

Encryption: HTTPS everywhere. Data encrypted in transit (TLS 1.3) and at rest (Supabase AES-256).

Authentication: Managed by Supabase (SOC 2 Type II compliant). Passwords hashed with bcrypt.

Database Security: Row Level Security (RLS) policies. You can only access YOUR tickets.

API Keys: Stored as environment variables, never committed to code. Rotated quarterly.

Breach Protocol: If compromised, we'll notify you within 72 hours via email. No PR spin, just facts.

THIRD PARTIES

Anthropic (AI Provider)

Processes your tickets via Claude API. Zero data retention policy. See anthropic.com/privacy

Stripe (Payments)

Handles billing. PCI-DSS Level 1 certified. We only store Customer ID + subscription status.

Supabase (Database & Auth)

SOC 2 Type II compliant. Data stored in AWS us-east-1. Encrypted backups every 24h.

Vercel (Hosting)

ISO 27001 certified. Edge caching for performance. No data persistence on edge nodes.

QUESTIONS?

We're here to help.

Privacy concerns? Data deletion request? Just curious?

EMAIL PRIVACY TEAM →

Response time: 24-48 hours