Privacy Policy

RoastPlease ("we", "us", or "our") provides AI-powered website analysis. This policy explains what data we collect when you use roastplease.com, how we use it, and your rights regarding that data. We aim to be straightforward — no legalese, no surprises.

We collect only what is necessary to deliver the service:

• Account information. When you sign up, we store your email address and a hashed password (via Supabase Auth). We never store plain-text passwords.
• URLs you submit. We store the URLs you ask us to analyze so we can generate and display your report. We only analyze publicly accessible pages.
• Screenshots and page snapshots. We capture a screenshot and HTML snapshot of each submitted URL using Puppeteer. These are stored securely and used solely to produce your analysis report.
• Payment information. Payments are processed entirely by Stripe. We never see or store your full card number. We receive and store a Stripe customer ID and subscription status to manage your plan.
• Usage data. Basic server logs (timestamps, IP addresses, HTTP status codes) are retained for security and debugging purposes.

• To deliver the service. Your submitted URL, screenshot, and page snapshot are sent to the Anthropic Claude API to generate the roast report. No identifying account information is included in that request.
• To manage your account. Your email is used for sign-in, transactional emails (receipts, password resets), and critical service announcements.
• To process payments. Billing data is passed to Stripe to charge for paid plans and manage subscriptions.
• To improve the product. Aggregated, anonymized usage patterns help us understand how the service is used. We do not build individual profiles for advertising.

Running RoastPlease requires a small set of trusted third-party providers. Each one receives only the data it needs to do its job:

• Supabase — database and authentication. Your account data and roast history are stored here. Supabase operates under its own privacy policy.
• Stripe — payment processing. All payment data is handled directly by Stripe under PCI-DSS compliance. See Stripe's privacy policy.
• Anthropic (Claude AI) — analysis generation. Page content and screenshots are sent to Anthropic's API to produce your report. Requests are not used to train Anthropic's models under their API terms. See Anthropic's privacy policy.

We do not sell your data to any third party, ever.

• Account data is kept for as long as your account is active.
• Roast reports and screenshots are retained so you can revisit past analyses in your dashboard. You can delete individual reports at any time.
• Server logs are retained for up to 90 days for security and debugging, then automatically deleted.
• When you delete your account, all associated data — reports, screenshots, and account information — is permanently removed within 30 days.

We use cookies minimally. A single session cookie is set by Supabase Auth to keep you logged in across page visits. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Disabling cookies will prevent you from staying signed in, but you can still use the service without an account.

Regardless of where you live, you have the following rights with respect to your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to correct inaccurate data.
• Deletion. Request that we delete your account and all associated data. You can initiate this from your dashboard or by emailing us.
• Portability. Request an export of your data in a machine-readable format.
• Objection. Object to processing where we rely on legitimate interests as the legal basis.

To exercise any of these rights, email us at support@roastplease.com. We will respond within 30 days.

We use HTTPS for all data in transit, row-level security policies on our database, and industry-standard encryption for data at rest. No system is perfectly secure; if you discover a vulnerability, please disclose it responsibly to support@roastplease.com.

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Questions about this policy or your data? Email us at support@roastplease.com.