Privacy

Short version. No accounts, no analytics, no cookies for tracking. We log what each dial-in saw and returned so we can improve the tool, not who you are.

What we collect

Every time you submit a dial-in, we record:

• The form input. Bean origin, machine, grinder, dose, yield, time, taste, goal.
• The model's response. Diagnosis, recommendation, reasoning.
• Timing. How long the model took, how many tokens it used, what the call cost us.
• A hashed version of your IP address. Twelve characters of SHA-256, enough to dedupe rate-limit counters (10 dial-ins per IP per month) but not enough to reverse to your IP.
• Your browser's user agent string. The same one any website you visit can see.

What we don't collect

• Your name. There's no account, so we never ask.
• Your email. Unless you submit the contact or feedback form, in which case we use it only to reply.
• Tracking cookies. We don't set any. Your shot history lives in localStorage client-side only.
• Analytics. No Google Analytics, no Plausible, no PostHog, no anything.
• Third-party tracking. No Facebook pixel, no ads, no retargeting.

Why we log dial-ins at all

The knowledge base is a curated piece of work, and like any structured advice system, it's wrong sometimes. The dial-in logs let us find specific cases where the recommendation diverged from what the community would have said. A Breville user who got the wrong basket advice. A bimodal-grinder case the knowledge base didn't catch. We patch those.

We also use logs to spot abuse. One IP hammering the API to drain our budget would show up here.

We do not use logs for training, profiling, or advertising. The tool exists to give you advice, not to harvest you.

Where data lives

• Neon Postgres. Dial-in logs and feedback submissions, hosted in AWS US East 1 (Virginia).
• Upstash Redis. Rate-limit counters (your hashed IP and request count), hosted in AWS US East 1.
• Vercel. The app itself, served from edge locations globally.
• Anthropic. Your form input is sent to Claude to generate the advice. See Anthropic's privacy policy for what they do with it.
• Resend. Sends notification emails when you submit feedback or use the contact form. Standard email infrastructure provider.

Retention

We currently keep dial-in logs and feedback submissions indefinitely. They're stored anonymously (hashed IP) so retention is low-risk. We'll write a proper deletion policy when there's reason to.

Contact

Privacy questions, deletion requests, anything else. Use the contact form in the footer. A human reads everything.

This isn't legal boilerplate. It's an honest description of what the tool does. If you need a more formal version because your employer demands it, get in touch and we'll write one.