Skip to main content

Privacy Policy

Last updated: July 6, 2026

1. Introduction

ReadBeneath (“we,” “us,” “our”) operates the ReadBeneath platform, an in-depth relationship analysis service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, if you register with a password, a securely hashed version of your password. If you sign in via Google OAuth, we receive your email address and Google account identifier. We do not store your Google password.

Conversation Data

When you upload chat exports for analysis, we process the message content to generate your report. All data moves over encrypted connections (TLS). The raw files you upload are removed from temporary storage once processing finishes. The parsed conversation (messages, senders, timestamps) is retained in our database so your report and its cited-message previews keep working — it stays until you delete the conversation or your account. We do not read, share, sell, or use your conversation data for AI model training.

Payment Data

Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers, CVVs, or full payment details on our servers.

Usage Data

We collect anonymized analytics events (e.g., feature usage counts) to improve our service. These events do not contain conversation content or personal messages.

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To process payments and manage subscriptions
  • To generate AI-powered relationship analysis reports
  • To communicate with you about your account or service updates
  • To detect and prevent fraud, abuse, or security incidents

4. Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers, under strict contractual obligations:

  • AI Processing: OpenAI (for analysis generation). Before any message is sent, we mask personal identifiers in the content — email addresses, phone numbers, street addresses, and card/ID numbers. Participants' first names are kept, because the analysis has to attribute patterns to the right speaker. No account details (your email, password, or payment information) are ever shared with OpenAI.
  • Payment Processing: Stripe (for subscription and payment handling).
  • Product Analytics: PostHog (feature-usage events only, and only if you accept analytics cookies). Events never contain message content.
  • Error Monitoring: Sentry (technical error reports so we can fix failures). Reports are scrubbed of message content.
  • Infrastructure: Cloud hosting providers for database and application hosting.

5. Data Retention

  • Uploaded files: Removed from temporary storage after processing completes.
  • Parsed conversations: Retained in our database to serve your report and cited-message previews, until you delete the conversation or your account.
  • Analysis reports: Retained for 30 days in cache, then served from the database as long as your account exists.
  • Account data: Retained until you delete your account.

6. Your Rights

You have the right to:

  • Access & portability: Download everything we hold about you as a single JSON file from Settings → Privacy & data.
  • Deletion: Delete your account and all associated data at any time from Settings → Privacy & data.
  • Correction: Update your account information.
  • Objection: Object to processing of your personal data.

To exercise any of these rights, use the account deletion feature in your dashboard settings or contact us at privacy@readbeneath.com.

7. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, JWT authentication, rate limiting, input validation, and role-based access controls. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your data.

8. Cookies

We use essential cookies and local storage for authentication (JWT tokens) and session management. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@readbeneath.com.