Privacy Policy

Last updated: March 2026

The short version: We collect your email if you sign up, what policies you've analysed, and basic analytics so we know which features people use. We don't sell your data. We don't share it with advertisers. We don't track you across the web. That's it.

What we collect and why

If you create an account

Your email address — so we can contact you about your account and product updates. That's the only reason.

If you use the live analyser

The policy text you paste and the results — so we can show you your analysis history and serve cached results faster for everyone. We store the analysis result, not the raw policy text. We also store a count of how many analyses you've run this month to enforce the fair-use limit (currently 3 per month). This count resets at the start of each calendar month.

The policy text you paste is sent to Anthropic's API to generate the analysis. Anthropic processes it under a zero data retention agreement — they do not store or train on text submitted via the API. See Anthropic's privacy policy for details.

If you request an analysis

The company name, policy URL, and optionally your email address — so we can prioritise analyses by demand and associate votes with repeat requests. You don't need to be signed in to submit. New curated write-ups appear on the leaderboard; we do not send automated emails when an analysis is published. If you provide an email, we don't add you to any mailing list.

If you make a voluntary contribution

Payment processing — handled entirely by Stripe. We never see or store your card number or payment details. Stripe gives us a confirmation that a payment was made. That's all.

When you use the site

Basic analytics — page views, which features you use, what device and browser you're on. We use this to understand what's working and what isn't. We use Vercel's built-in analytics for this. We don't use Google Analytics. We don't build advertising profiles.

Automatically via our hosting

Server logs — Vercel (our hosting provider) temporarily logs IP addresses and request data as part of standard web hosting. We don't access these for tracking purposes.

What we don't collect

✗We don't collect your name, location, phone number, or contacts
✗We don't use cookies for advertising or tracking
✗We don't fingerprint your browser
✗We don't sell, rent, or trade your data to anyone
✗We don't let third parties put trackers on our site

Who has access to your data

Supabase

Database, authentication — Stores your account, analysis history, and policy submissions

Vercel

Hosting, analytics — Serves the website, basic usage analytics

Anthropic

AI analysis — Processes policy text when you run an analysis (zero data retention agreement)

Stripe

Payment processing — Handles voluntary contributions — we never see your card details

That's the complete list. No data brokers. No ad networks. No unnamed "third-party partners."

Your rights

You can do any of these at any time by emailing us:

See your data — we'll send you everything we have on you
Delete your data — we'll remove your account and all associated data
Export your data — we'll send you a copy in a standard format
Unsubscribe — every email has an unsubscribe link

We respond to all requests within 7 days. No forms to fill out. No hoops to jump through.

Cookies

We use only essential cookies to keep you logged in. No tracking cookies. No third-party cookies. No cookie banner needed because we're not doing anything that requires your consent beyond basic functionality.

Data retention

Account data: Kept until you delete your account
Analysis history: Kept until you delete it or your account
Monthly usage count: Resets at the start of each calendar month; deleted when you close your account
Policy submission emails: Deleted after we send the notification, or within 90 days if no analysis is published
Server logs: Automatically deleted by Vercel after 30 days

If you delete your account, your data is removed within 30 days. Genuinely removed — not "deactivated" while we keep everything in a backup somewhere.

Changes to this policy

If we change this policy, we'll email you about it before the changes take effect. We won't quietly update it and hope you don't notice. That's the kind of thing we built this tool to expose.

For the lawyers

This site is operated from Australia. We comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). If you're in the EU, we respect your rights under GDPR. If you're in California, we respect your rights under CCPA. Regardless of where you are, we treat everyone's data with the same standard of care.

Contact

Questions about your privacy? Email us: privacy@privacydecoded.com

How we'd grade ourselves

We ran this policy through our own tool

✓ Plain language, no legalese
✓ Minimal data collection
✓ No data sold or shared with advertisers
✓ Clear data retention periods
✓ Easy deletion process
✓ Notification before policy changes
✓ Complete list of third parties

This is what a privacy policy should look like. We hope more companies start writing theirs this way.