Privacy policy
last updated 2026-07-08 · written to be read, not to hide things
What we collect
Account data: your email address, an optional name, a hashed password (bcrypt; we never see or store the plaintext), and optionally how you heard about us.
Product data you create: projects, their descriptions, subreddit lists, drafts, logged comments and mentions, and results you record.
Operational data: standard server logs kept by our hosting provider, and a session cookie that keeps you signed in. We don't run advertising trackers.
How we use it
To run the product: your project brief is used to generate drafts, subreddit suggestions and keyword ideas; your logged activity powers your own plan, counters and reminders.
AI features send the relevant project text to AI providers (Google, Anthropic or OpenAI) to generate the output you asked for. We don't use your content to train models, and we choose provider settings accordingly.
Email: we send the emails you'd expect — password resets and, on paid plans, the posting reminders you can see in your outbox. No marketing lists you didn't join.
Who processes it
Hosting on Vercel, database on Supabase (EU region, Frankfurt), transactional email via Resend, and the AI providers named above when you use an AI feature. Each receives only what's needed for its job.
We never sell your data, and nobody else gets it, except if the law compels us.
Retention & deletion
Your data lives as long as your account does. You can delete individual projects at any time, and you can delete your whole account from Settings — that permanently removes every project, post, log and mention, immediately.
Your rights
If you're in the EU/EEA you have the usual GDPR rights: access, rectification, erasure, portability and objection. Most of them you can exercise directly in the product; for anything else, email us and we'll sort it out.
Contact
Questions about this policy: support@warmstart.app. Data controller: the operator of Warmstart.