Privacy Policy.

• ✓Anonymous handles by default. No real-name account required.
• ✓Photos are encrypted in transit and at rest, EXIF-stripped client-side, processed in private compute, and purged within 15 minutes unless you unlock the case file.
• ✓We don't sell or share your photo, ever. We don't train models on it.
• ✓Payments go through Stripe. We see a customer ID and an amount, nothing else.
• ✓You can download or delete every artifact (photos, case files, skins, account) at any time.

From everyone: a generated handle, your IP address (used for rate-limiting and stored only as a one-way SHA-256 hash truncated to 32 hex characters, so it can't be reversed to the source IP), a short user-agent string for abuse detection, and the photo you choose to upload (treated separately — see §3).

From accounts only: your email address (for sign-in and receipt delivery), an auto-generated public handle, a self-declared birth year (for the 18+ age check), and the case files + skins you've purchased. Optional fields like nationality or visibility preferences only get stored if you explicitly fill them in via Settings.

Photos are treated as the most sensitive data class. Upload pipeline:

1. EXIF is stripped in your browser before upload.
2. Photo is encrypted with TLS 1.3 in transit.
3. Server stores it encrypted at rest in private compute. Only the analysis pipeline can decrypt it.
4. The pipeline emits the case file (numbers, archetype, narrative) and discards the photo's pixels from RAM immediately.
5. The encrypted photo file is purged after 15 minutes unless you unlock the case file. After unlock, retention is lifetime — until you delete it.

We never train models on user photos. We never share them with anyone. We never use them to advertise. Period.

The only third parties that touch your data:

• Vercel — application hosting + CDN. Sees TLS-terminated request metadata (IP, user-agent). Doesn't see decrypted photo bytes — those are forwarded to the inference compute and discarded.
• Supabase — database + authentication. Stores your handle, email, case-file metadata, and the encrypted photo in its private object storage. Operates from our project on US-West-1.
• RunPod — GPU compute that runs the visual analysis pipeline. Receives the photo over TLS, decrypts in RAM, emits numbers, discards the pixels immediately. No persistence beyond the request lifetime.
• xAI — produces the short narrative paragraph in each report. Receives anonymized numeric features only — never the photo, never your handle or email.
• Stripe — payments. Sees card data, amount, customer ID. Doesn't see your photo or case-file content.
• SendGrid — transactional email delivery (receipts, password resets, future notifications). Sees the recipient email address and the message body. No marketing list integration.
• Google Analytics 4 — aggregate page-view counts. Off by default; runs only after you accept the cookie banner. See our Cookie Policy for specifics.

That's the complete list. No data brokers, no ad networks, no marketing SaaS, no session-replay vendors.

We do not sell your data. We do not share it for marketing. We don't share it with affiliates because we don't have any.

Three exceptions, all reactive: (a) law-enforcement requests we are legally compelled to honor, (b) imminent-harm cases (mostly minors), (c) acquisition or merger of the company, in which case you'd be notified before transfer.

The public Atlas (currently in preview) will show aggregate-only statistics once a minimum cohort threshold is reached: cohort size, median scores, country medians, archetype prevalence, score distributions. No individual handle is ever shown without explicit opt-in via Settings → Visibility. Until the threshold is reached, the Atlas page shows the cohort progress bar instead of any data.

When released, the Atlas data file will ship under CC-BY-SA with all PII columns dropped. We'll announce the release on the home page and in this policy's changelog (see §13).

The cookies + browser storage we touch fall into three buckets: strictly necessary (auth session, cart, Stripe checkout — no consent required because the site doesn't function without them), functional (local UI preferences that never leave your browser), and analytics (Google Analytics 4 in cookieless mode by default, plus our own aggregate page-view counter). Analytics is off by default — it only turns on after you accept the cookie banner.

No tracking pixels, no marketing tags, no third-party retargeting, no cross-site fingerprinting beyond the abuse-detection hash mentioned in §2. The full inventory and category breakdown — plus live controls to change your consent without clearing browser data — lives at our Cookie Policy, which is the source of truth and is updated whenever the list changes.

From Settings and the report pages you can:

• See exactly what we hold for you (handle, email, case files, purchases).
• Delete individual case files (the row + the stored photo are both wiped).
• Delete your account (cascades to every case file, share link, and skin grant; account-recovery emails stop the same hour).

Three rights that require an email rather than a button (we'll plumb them into Settings as the product matures):

• Data export — request a JSON bundle of everything we hold under your account.
• Correction — fix any field we got wrong (rare, but a GDPR Article 16 right regardless).
• Restriction / objection — temporarily pause processing while a dispute is resolved.

Send any of these (plus general GDPR / CCPA inquiries) to support@ratewithai.co. We respond within 30 days, usually within 5 business days.

Photos: 15 minutes for free previews, lifetime (until you delete) for unlocked case files. Case file metadata: lifetime (until you delete). Sync email: until account deletion, plus 30 days for handle hold-back. Stripe customer ID: 7 years (legal requirement for tax records). IP addresses: transient — never retained beyond TLS termination.

TLS 1.3 in transit. AES-256 at rest (Supabase Storage default). Encrypted backups via Supabase point-in-time recovery. Strict separation between the web tier (Vercel functions with scoped Supabase service-role access) and the inference tier (RunPod pod reached only via a per-request signed header). Responsible-disclosure inbox: support@ratewithai.co — we acknowledge within 48 hours.

The service is not for anyone under 18. We age-gate at upload, age-confirm at account creation, and report any uploads that appear to depict minors to NCMEC as required by law.

Operating from the United States. Data is processed and stored in US data centers. By using the service, EU/UK/CA users consent to international transfers under the relevant standard contractual clauses.

Material changes will be announced on the home page and in release notes 14 days before they take effect. Minor edits (typos, link updates) ship as-is. Effective date at the top of this page reflects the latest change.

Privacy questions, GDPR/CCPA requests, security disclosures: support@ratewithai.co. We respond within 5 business days, faster for security issues.