Privacy Policy

We believe privacy is a fundamental right. Here's exactly what we do and don't do with your data.

The Short Version

  • We do NOT store your conversation transcripts. They are processed in real-time and immediately discarded.
  • We do NOT create accounts or track users. There's no login, no cookies for tracking, no user profiles.
  • We do NOT sell any data. We have no advertising and no data monetization.
  • We do NOT log your transcript content. Only metadata (timestamp, platform selected, transcript length) is logged for basic analytics.

What We Collect

When you analyze a conversation

When you submit a transcript for analysis, here's exactly what happens:

  1. Your transcript is sent to our server over an encrypted (HTTPS) connection
  2. We send the transcript to Claude (Anthropic's AI) for analysis
  3. Claude returns the analysis results
  4. We send the results back to you
  5. The transcript is discarded from memory—it is never saved to disk or database

What we store ourselves (in Cloudflare KV, with TTLs that auto-expire):

  • Rate-limit counters: a per-minute, per-hour, per-day counter keyed by an HMAC-SHA256 hash of your IP address salted with the current UTC date and a server-held secret. Counter entries auto-expire within 25 hours. The HMAC is collision-resistant; while the secret is held by the operator, the hash for a known IP on a given day can be re-derived. The site does not retain past days' hashes — they expire with the counters they key.
  • Daily cost meter: total Anthropic API spend so far today (a single number). Auto-expires after 25 hours.

What we never store:

  • The content of your transcript (the request body is read once, sent to Anthropic, and discarded)
  • The content of the analysis (returned to you and discarded)
  • Your IP address in unhashed form
  • Account, session, or any cross-request identifiers

What Cloudflare (our hosting and CDN) maintains independently of our code, as part of standard edge logging for security and abuse prevention:

  • IP address, user agent, timestamp, request path, response status
  • These are Cloudflare's standard server logs, retained per Cloudflare's privacy policy. They include metadata for any request to our domain but never the request body.

When you visit our site

We do not deploy any analytics product. No analytics beacon, tracking pixel, or third-party script loads on any page. Cloudflare maintains the standard edge access logs described above for security and abuse prevention; we do not access aggregate analytics derived from them.

Third Parties

Anthropic (Claude API)

Your transcript is sent to Anthropic's Claude API for analysis. Important details about Anthropic's data handling:

  • Anthropic states they do not use API inputs to train their models
  • By default, Anthropic retains API data for up to 30 days for abuse detection and safety monitoring
  • If Anthropic's safety systems flag content, retention may extend up to 2 years (or longer where required by law). Crisis-language transcripts may be more likely to be flagged than neutral content.
  • We have no control over Anthropic's data retention or flagging practices
  • See Anthropic's Privacy Policy and API Data Privacy documentation for full details

If you're concerned about this, you may want to remove personally identifiable information from your transcript before submitting.

Cloudflare (Hosting & CDN)

Our site is served through Cloudflare. Cloudflare processes standard server logs (IP, user agent, request path) for security and abuse-prevention purposes. See Cloudflare's Privacy Policy for details.

Data Retention

Because we don't store your transcript or personal information, there's nothing to retain or delete. Any anonymous analytics data (page views) is retained by Cloudflare according to their standard policy.

Your Rights

Because we don't collect personal data, most data rights (access, deletion, portability) don't apply. However:

  • You can use our site without providing any personal information
  • You can use browser privacy tools (incognito mode, VPN) for additional privacy
  • If you have questions about your privacy, contact us

Who operates this site

The data controller is Justin Stimatze, an independent operator based in the United States. Contact: hello@ismyaialive.com. The site is not operated by, partnered with, or commercially affiliated with Anthropic, OpenAI, Google, or any other AI lab. There is no commercial entity behind it; no DPO is appointed because the site is non-commercial and processes no persistent personal data.

Anthropic data-processing relationship

Anthropic acts as a processor for the limited purpose of generating analysis findings on transcripts you submit. Anthropic publishes a Data Processing Addendum covering this relationship at scale; we operate under Anthropic's standard API terms and the privacy commitments referenced in their privacy policy and API data-privacy documentation. Cross-border transfers from EU/UK users to Anthropic (US) rely on Anthropic's Standard Contractual Clauses, which they publish.

International Users & GDPR

For users in the European Union, United Kingdom, and other jurisdictions with data protection laws:

  • Legal basis: We process your transcript data based on your consent (by submitting the form) for the purpose of providing analysis
  • Data minimization: We only collect what's necessary to provide the analysis
  • No retention: We don't store your transcript, so there's nothing to delete. The data exists only during processing.
  • Third-party transfer: Your transcript is sent to Anthropic (US-based) for analysis. This constitutes an international data transfer. Anthropic maintains standard contractual clauses for data protection.
  • Right to object: You can object by simply not using the service

Because we don't retain personal data and don't create user accounts, we cannot respond to data access or deletion requests—there's no data to access or delete.

Security

  • All data transmission uses HTTPS encryption
  • We don't store sensitive data, eliminating database breach risks
  • Our serverless architecture minimizes attack surface
  • API keys are stored securely as environment variables

Children

This service is not intended for children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

If we make significant changes to this policy, we'll update the date below and add a notice to the site. Minor clarifications may be made without notice.

Contact

Questions about privacy? Contact us at hello@ismyaialive.com

Last updated: April 2026 (architecture migration in progress: heuristic browser-only default planned, with optional consent-gated server analysis)