Privacy Policy

Last updated: 2026-05-13

This Privacy Policy describes how realistgpt ("we", "us", "our") collects, uses, and shares personal data when you use our website and AI chat service (the "Service"). By using the Service you agree to the practices described here.

1. Data we collect

• Account data: email address, password (stored as a salted hash, never in plaintext), display name if provided.
• Conversation data: the prompts you submit and the AI responses generated. If you are signed in, conversations are stored so you can return to them.
• Billing data: if you subscribe, our payment processor (Stripe) handles card details. We never see or store full card numbers. We receive transaction metadata (amount, status, subscription tier).
• Usage data: timestamps, request volume, model used, approximate token counts, browser type, and IP address (for rate limiting and abuse prevention).
• Cookies / local storage: we use httpOnly session cookies for authentication and localStorage for in-progress draft messages and UI preferences. No third-party advertising trackers.

2. How we use data

• To provide, secure, and operate the Service.
• To process payments and manage subscriptions.
• To prevent abuse, fraud, and violations of our Terms.
• To improve the Service in aggregate, anonymized form.
• To communicate with you about your account (transactional email only — no marketing without consent).

3. Third-party processors

We use the following sub-processors to deliver the Service. They process data on our behalf under contractual safeguards.

• OpenAI — model inference. Your conversation messages are sent to OpenAI to generate responses. Per OpenAI's API terms, API content is not used to train their models.
• Supabase — authentication and database hosting. Stores your account, conversations, and metadata.
• Stripe — payment processing for paid plans.
• Render — application hosting.
• Cloudflare — content delivery, DDoS protection, edge security.
• Resend (or comparable provider) — transactional email delivery (account verification, password reset).

4. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Request a portable export of your data.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise these rights, email support@realistgpt.com. We respond within 30 days. Note that some data must be retained to comply with legal obligations (billing records, fraud prevention).

5. Data retention

• Account data: retained while your account is active and for 30 days after deletion (for restore/refund handling).
• Conversation history: retained while your account is active. Deletable on request or via account settings.
• Billing records: retained for at least 7 years as required by tax / accounting law.
• Usage / abuse logs: retained for up to 12 months.

6. Children

The Service is not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect data from such children. If you believe we have, email us and we will delete it.

7. International transfers

Our processors operate globally. Personal data may be transferred to and processed in the United States or other jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

8. Security

We use TLS in transit, encryption at rest on our database provider, hashed passwords, and role-based access controls. No system is perfectly secure. We will notify affected users of any breach involving personal data, as required by applicable law.

9. Changes

We may update this Policy. Material changes will be announced by email or in-app notice. Continued use after the effective date constitutes acceptance.

10. Contact

Questions or requests: support@realistgpt.com.