AvoidJunk← Back to home

Privacy Policy

Last updated: [TODO: date]

1. Who is responsible

The data controller for this Service is [TODO: legal operator name and address], contactable at [TODO: privacy/support email]. See the Impressum for full operator details.

2. What we collect

  • Account data — your email address, used for magic-link sign-in.
  • Research data — the product URLs/titles you submit and the briefs we generate, stored so you can revisit them.
  • Billing data — your prepaid balance ledger and payment metadata. Card details are handled entirely by Stripe; we never see or store them.
  • Technical/error data — limited diagnostic information when something goes wrong.

3. Where your data goes (sub-processors)

We rely on the following processors to run the Service:

  • Supabase — authentication and database (hosted in the EU, Frankfurt). Stores your account, research, and ledger data.
  • Stripe — payment processing for top-ups.
  • Anthropic — the AI provider that processes your submitted product input to generate briefs.
  • Vercel — application hosting.
  • Sentry — error monitoring (EU region).

Some processors may transfer data outside the EU under appropriate safeguards (e.g. Standard Contractual Clauses). [TODO: confirm each provider’s current data-processing terms.]

4. Legal basis and purpose

We process this data to provide the Service you request (performance of a contract), to take payment, and to keep the Service secure and working (legitimate interest). We do not sell your data and do not run advertising.

5. Retention

We keep your account, research, and ledger data for as long as your account exists, plus any period required for legal/accounting obligations. [TODO: confirm retention periods.]

6. Your rights

Under the GDPR you may request access to, correction of, deletion of, or a copy of your personal data, and you may object to or restrict certain processing. To exercise these rights, contact [TODO: privacy email]. You also have the right to lodge a complaint with a supervisory authority (in Austria, the Datenschutzbehörde).

7. Cookies

We use only the cookies strictly necessary for sign-in and session handling. [TODO: confirm — add a cookie/consent notice if any non-essential cookies are introduced.]

8. Contact

[TODO: privacy/support email].