// privacy policyv0.1 · effective 2026-05-13

What we collect. Why. For how long.

hitlooper·delaware
// v0.1 draft · pre-legal-review

Working draft, plain English, not yet reviewed by counsel. A reviewed version replaces this before public launch. Don't rely on it as legal advice.

// 01 What we collect

Account data: email, optional handle, optional time zone, optional skill set, role flags (requester / Hitlooper / admin). We don't collect your name unless you give it to us in a profile or via the contact form.

Project data: the projects you post (target URL, instructions, NDA toggle), the projects you claim, every message in a clarification thread, the structured deliverable you submit.

Recordings: the screen + audio capture from each session, plus its transcript (generated by Cloudflare Stream auto-captioning or Whisper) and its AI score breakdown.

Payment metadata: Stripe customer id, payment intent id, transfer id, refund id, payout status. We never see or store full card numbers, CVCs, or bank account numbers — that data lives only on Stripe's servers.

Operational logs: request URL, response code, IP (Cloudflare CF-Connecting-IP), user agent, timestamp. Retained for 90 days for abuse triage. Not used for analytics or ad targeting.

// 02 Why we collect it

To run the loop. Specifically: to deliver projects to matching Hitloopers, to authenticate sign-in, to settle payments and refunds via Stripe, to evaluate submissions (AI scoring, transcript), to resolve disputes when filed, to email you about actions on your projects, and to enforce these terms.

// 03 Third parties we send data to

Cloudflare — the entire platform runs on Cloudflare's edge. Workers, D1, R2, Stream, Workers AI, the AI Gateway. Data is encrypted at rest.

Stripe — payments and payouts. They receive your email and, for Hitloopers, KYC data you provide via Stripe Connect Express onboarding.

Resend — transactional emails. They receive your email address and the email body for delivery.

Anthropic (Claude) — when used as the scoring model, transcripts are sent for AI scoring. Per Anthropic's API terms, this content is not retained for training.

No advertisers, no data brokers, no analytics resellers. We do not sell, rent, or trade your data.

// 04 How long we keep it

Recordings + transcripts persist for the life of your account. We delete them on request within 7 business days.

Project data (posts, claims, clarifications, deliverables) persists for the life of your account.

Payment metadata persists for at least 7 years for tax and dispute purposes (1099 generation, chargeback response).

Operational logs retain for 90 days.

Deletion request: contact us via the form (intent "support") asking to delete your account. We will close the account, anonymize records that must persist for legal / accounting reasons, and remove recordings + identifying personal data within 7 business days.

// 05 Your rights

You can: access your data (your dashboard surfaces all project data; for the rest, contact us); correct any inaccurate data (email, profile via the settings page; other data via contact); delete your account (see above); export your data (we'll send a JSON export within 7 business days).

If you're in the EU/UK (GDPR) or California (CCPA), you have additional rights under those laws — right to know, right to delete, right to opt out of "sale" of personal data (we don't sell), right to non-discrimination. Exercise these by contacting us with intent "support" and the words "data request" in the message.

// 06 Children

The platform is not for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we'll close it.

// 07 Cookies + similar

We use exactly one cookie: an HttpOnly Secure SameSite=Lax session token issued at sign-in, valid for 30 days. No tracking cookies, no third-party trackers, no analytics scripts. If we add any in the future, this page updates first.

// 08 International transfers

Cloudflare's edge means data is processed near the user geographically, but Stripe, Resend, and Anthropic are primarily US-based. By using the platform, you consent to transfer of your data to the United States for processing.

// 09 Security

The full security posture is at /security. Highlights: no passwords (magic-link only), JWT in HttpOnly cookies, D1 encrypted at rest, recordings on Stream with signed playback, no long-running origin server.

// 10 Changes

Substantive changes to this policy will be announced via email to your account address at least 14 days before taking effect. Non-substantive edits (typos, link updates) ship without notification. The current version is always at /privacy.

Your data is yours. Tell us if anything here is off.→ Reach a human