Legal

Privacy Policy

Last updated: July 3, 2026

What we collect

We collect the minimum necessary to run the service:

  • Account data — name, email address, and hashed password if you create an account
  • Activity images — screenshots you upload for roasting, stored temporarily during processing
  • Roast results — the generated roast image and text, stored if you have an account
  • Usage data — how many roasts you've done, download events, IP address for rate limiting
  • Session data — a session token stored in a cookie to keep you signed in

What we don't do

  • We don't sell your data
  • We don't use your images to train AI models
  • We don't share your personal data with third parties except as needed to operate the service (see below)
  • We don't run ads
  • We don't track you across other sites

Third-party processors

We use the following services to operate. Each processes data only as needed for their function:

  • Neon — PostgreSQL database hosting (account data, roast records)
  • Cloudflare R2 — image storage (uploaded screenshots, roast images)
  • Ollama / xAI Grok — AI processing (activity text extraction, roast generation)
  • Resend — transactional email (account verification, password reset)
  • Netlify — hosting and serverless functions

How long we keep it

  • Uploaded images — original screenshots are stored in R2 and may be deleted after a reasonable retention period
  • Roast results — kept while your account is active
  • Account data — kept until you delete your account
  • Guest session data — kept for a short period for rate limiting purposes, then deleted

Your rights

You can:

  • Delete your account at any time from the account page — this removes your personal data and roast history
  • Request a copy of your data by emailing us
  • Request deletion of specific data by emailing us

Cookies

We use a single session cookie to keep you signed in. We don't use tracking cookies, analytics cookies, or advertising cookies.

Security

We use industry-standard practices: HTTPS everywhere, hashed passwords, short-lived session tokens, and access controls on storage. No system is perfectly secure — if you discover a vulnerability, please contact us.

Contact

Privacy questions: hello@roastmyactivity.com