Privacy Policy

Last updated: May 2025

Honest by Designodin is a one-time audit service. We collect the minimum data needed to deliver your report and nothing else. This policy explains exactly what we collect, why, and how long we keep it.

What we collect

• Email address — required to deliver your report. Stored in our database.
• Uploaded files (CSV) — processed to generate your report, then permanently deleted from storage. We do not keep your raw data files.
• Website URL — for URL-based audits, used to run automated analysis. Not stored beyond the report.
• Business context — optional free-text you provide. Processed for the report, then deleted from storage.
• Generated report — the AI-generated audit output. Stored so you can access it via your report link.
• Purchase amount — the amount charged. Stored for our records. No payment card data is handled by us.

What we do not collect

• No cookies or tracking pixels
• No browsing behaviour or analytics
• No account, password, or profile
• No payment card details — Stripe handles all payment data under their own privacy policy

Third parties who process your data

• Stripe — payment processing. Your payment details go directly to Stripe and are governed by Stripe's Privacy Policy.
• Anthropic — AI report generation. Your uploaded data and URL are sent to Anthropic's API to produce the audit. Anthropic's API usage is governed by Anthropic's Privacy Policy.
• Amazon Web Services (SES) — email delivery. Your email address and report are sent via AWS Simple Email Service to deliver your report.
• Cloudflare — infrastructure. Our service runs on Cloudflare Workers. Cloudflare may process request metadata as part of routing.

How long we keep your data

• Uploaded files — deleted immediately after your report is generated, or within 48 hours if processing fails.
• Email address and report — retained indefinitely so you can access your report via your report link. Contact us to request deletion.
• Purchase records — retained for accounting and fraud prevention purposes.

Your rights (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing of your data
• Request a copy of your data in a portable format

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

Data security

Data is stored on Cloudflare's infrastructure with encryption at rest. Files uploaded to R2 object storage are deleted after processing. Access to our systems is restricted and all secrets are encrypted. No plain-text credentials are stored in our codebase or configuration.

Changes to this policy

If we make material changes to how we handle your data, we will update this page and change the date above. We are not in the business of quietly moving goalposts.