What we touch, what we don't.

Email address: for magic-link sign-in. Stored against your user record.

Chat session content you upload: your user turns are stored so we can show you your own history and so you can share a report. Assistant text never leaves your browser; we never store it.

Derived report data: the score, archetype, per-dimension breakdown, and feedback the LLM returned for your session.

IP address: temporarily, for rate limiting. Not stored long-term against your account.

Operational metadata: model used, input/output token counts, and our internal cost in cents per analysis. Used to keep the lights on; never shown to anyone but us.

Names, postal addresses, phone numbers, or company affiliations. Your prompts go through a redaction pass before they reach the scoring model: emails, phone numbers, API keys, IPs, and credit-card-shaped digit groups are masked with placeholders like [EMAIL] before the LLM sees them.

Anything from your browser other than what you explicitly upload, beyond the standard analytics signals described below.

Google Tag Manager + Google Analytics: we run GTM on rubric.chat to measure traffic and product usage (page views, button clicks, anonymized session counts). GTM and any tags it loads receive your IP address, user agent, and anonymized usage events. We do not load advertising or remarketing tags through GTM. Google's data practices are described in their privacy policy.

If you'd rather not be measured, browser-level tracker blockers (uBlock Origin, Privacy Badger, Brave Shields, Safari ITP) will block GTM and the site will work normally without it.

OpenAI (model provider): your PII-redacted user turns are sent to their API for scoring and (if you use Premium rewrites) for rewrite generation. Per OpenAI's API terms, they don't train on this data by default.

Resend (email delivery): your email address, only when we're sending you a magic link or a one-time Premium-launch notification.

Paddle.com Market Ltd (payments): when you subscribe to Premium, Paddle acts as the merchant of record and processes the transaction. Paddle receives your email, billing details, and payment information directly. We never see or store your card details; we only receive a customer ID and subscription status back from Paddle. See Paddle's privacy notice for what they do with that data.

AWS (hosting + database): Postgres in AWS RDS (ap-south-1) and an EC2 instance for the API. Both within our private VPC.

Vercel (web hosting): serves the website. Sees standard request metadata (IP, user agent) but not your uploaded content.

Reports and uploaded sessions: until you ask us to delete them. There's no silent expiry.

Magic-link tokens: invalidated after first use, or after 30 minutes, whichever comes first.

Server access logs (nginx): 30 days. They contain IPs but not your uploaded content.

Delete your data: email hello@rubric.chat from the address you signed up with. We'll wipe your reports, sessions, share links, and account within 24 hours. A self-serve button is on the roadmap.

See what we have on you: same address; we'll export it for you.

Correct or update: sign in and re-analyze; or email us.

We store one thing in your browser's localStorage: your JWT sign-in token. That's it. No tracking cookies.

Signing out removes it.