Privacy Policy

We collect several types of information to provide and improve our service. The categories below describe the data we gather and the circumstances under which we collect it.

Account Information. When you create an account using Google OAuth or email sign-up, we collect your name, email address, and profile picture. This information is used to identify you within the platform and personalize your experience.

Analytics Data. When you upload screenshots of your analytics dashboards or connect your analytics tools to receive an AI-generated analysis (a “roast”), we process that data to deliver the core functionality of our service. Uploaded images are stored securely in our cloud storage infrastructure.

Payment Information. If you subscribe to a paid plan, your billing and payment details are collected and processed directly by our third-party payment processor, Stripe. We never store your full credit card number, CVC, or other sensitive payment credentials on our servers. We do store a reference to your Stripe customer ID and subscription ID for managing your account.

Device and Usage Information. We automatically collect certain technical information when you visit our site, including your browser type, operating system, and device information. This data helps us maintain security, diagnose technical issues, and understand how users interact with the platform.

We use the information we collect for the following purposes:

• Providing our core service: processing your uploaded analytics screenshots through AI models and delivering structured insights and growth recommendations.
• Account management: creating, maintaining, and securing your user account, including managing authentication sessions.
• Processing transactions: managing your subscription, processing payments through Stripe, and sending payment-related notifications such as receipts or failed payment alerts.
• Communications: sending you technical notices, security alerts, support messages, and transactional emails related to your account or subscription status.
• Service improvement: analyzing aggregated, anonymized usage patterns to improve the quality and reliability of our platform.

We rely on trusted third-party services to operate our platform. Each provider has access only to the data necessary to perform their specific function and is contractually obligated to protect your information.

• Authentication (Better Auth): manages user registration, login sessions, and OAuth integrations with providers like Google. Handles session tokens and secure cookie management.
• Payments (Stripe): processes all subscription payments, manages billing information, handles invoicing, and provides the customer billing portal. Stripe is PCI-DSS Level 1 compliant.
• Database & File Storage (Supabase): securely stores your account data, generated roast results, and uploaded analytics screenshots in cloud-hosted PostgreSQL databases and object storage.
• AI Processing (OpenRouter): routes your uploaded analytics screenshots to AI models for processing and insight generation. Images are transmitted securely and used solely for the purpose of generating your requested analysis.
• Rate Limiting (Upstash Redis): manages API rate limiting to protect the service from abuse. Stores temporary, anonymized request counters only.
• Transactional Email (Resend): delivers account-related emails such as verification links, password reset emails, and payment failure notifications.

We use browser cookies and local storage to provide essential functionality and improve your experience. For a detailed breakdown of the specific technologies we use, please see our Cookies Policy.

We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (TLS/SSL), secure cloud hosting with Supabase, and access controls that limit data exposure to authorized personnel and systems only.

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents that may arise.

We retain your personal information for as long as your account is active or as needed to provide you with our services. Your uploaded analytics screenshots are stored until you choose to delete them through the application interface or delete your account entirely.

You may delete individual roasts and their associated images at any time from your dashboard. You may also delete individual images from a roast while preserving the AI-generated analysis. When you delete your account, all associated data (including stored images, roast results, and personal information) is permanently removed from our systems.

Depending on your jurisdiction, you may have certain rights regarding your personal data:

• Access and Portability: request a copy of the personal data we hold about you.
• Correction: request corrections to any inaccurate personal information.
• Deletion: request deletion of your personal data. You can delete your account and all associated data directly from your account settings page.
• Objection: object to our processing of your personal data in certain circumstances.

To exercise any of these rights, you can use the self-service options in your account settings or contact us directly at dashroast@gmail.com.

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently gathered personal data from a child under 16, we will take steps to promptly delete that information from our records. If you believe a child has provided us with personal information, please contact us immediately.

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction. By using our service, you consent to the transfer of your information to such locations. We ensure that any international transfers comply with applicable data protection laws and that your data receives an adequate level of protection.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page and revising the “Last Updated” date. Your continued use of the service after such changes constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at dashroast@gmail.com.