effective February 28, 2026

Privacy Policy

what we collect, why, who we share it with, and what rights you have. written the way we'd want it explained to us — plainly, not buried in lawyer-speak.

1. the short version

  • your data is not sold. ever.
  • your data is not used to train AI models.
  • we collect only what we need to run DontFumble for you.
  • you can delete your account and all associated data by emailing dontfumbleai@gmail.com.

2. who is the data controller?

for the purposes of GDPR / India's DPDP Act 2023 / similar laws, DontFumble is the data controller of personal data you submit. you can reach us at dontfumbleai@gmail.com.

3. what we collect

account data

  • your email address
  • password (stored as a one-way hash by our auth provider — we never see plaintext)
  • display name (if you set one)
  • chosen plan (free / pro / elite)
  • account creation date, last login time
  • if you sign in with Google: your Google email, name, and profile photo URL (no Google account password ever passes through us)

content you create

  • chat messages you send to the AI (the text and any captions you write)
  • screenshots and files you upload (e.g. dating app conversations, work emails)
  • per-chat metadata you provide: mode (personal / business), goal, who you're messaging
  • per-chat AI-generated summaries (so memory continues across long chats)
  • aggregated, soft user-level patterns (e.g. "tends to overtext when anxious") used to personalize future responses — generated by the AI based only on your own past messages, never shared externally

usage & technical data

  • daily message / upload counts (for plan limits and abuse prevention)
  • IP address (for security, fraud detection, and Razorpay verification on payment events) — retained for a maximum of 90 days
  • browser type + OS (only the user-agent string)
  • standard server logs (timestamps, request paths, status codes) — retained for a maximum of 30 days

payment data

when you buy a paid plan, payments are processed by Razorpay. we do not store your card number, CVV, or bank credentials. we receive a transaction ID, the amount, currency, status, and your email back from Razorpay so we can credit your account. Razorpay has its own privacy policy at razorpay.com/privacy.

4. how we use your data

we use the data above ONLY to:

  • run the service for you — generate AI replies, save your chats, restore them when you return
  • personalize your experience (memory, tone profile, recurring patterns)
  • enforce plan limits, prevent abuse, and detect payment fraud
  • communicate with you about your account or service-impacting issues
  • comply with legal obligations (tax, regulatory requests, court orders)

we do not use your data for behavioral ad targeting. we do not sell, rent, or lease your data to brokers. we do not let our AI providers retain your content for model training (see "subprocessors" below).

5. legal bases (GDPR / DPDP)

  • contract performance — most processing happens because you signed up and we need to deliver the service.
  • legitimate interests — security, fraud prevention, basic analytics.
  • consent — where local law requires it (e.g. some cookies, marketing emails if/when we send them).
  • legal obligation — for tax records, lawful access requests, etc.

6. who we share data with (subprocessors)

DontFumble is a small team. we rely on a short list of trusted infrastructure providers ("subprocessors") to operate. they only see what they need to do their job. as of the effective date:

  • Supabase (database, auth, storage) — hosts your account, your chats, your uploaded images. privacy policy
  • Anthropic (Claude AI) — the LLM that generates your replies. when you send a message, the relevant chat context + the current message + any screenshot is sent to Anthropic via the Emergent proxy to generate a response. Anthropic does not retain prompts or completions for model training when accessed through API. Anthropic privacy policy
  • Emergent — the platform we use to host the backend and proxy LLM requests. emergent.sh
  • Razorpay — payment processing for paid plans. privacy policy
  • Google — only if you choose to sign in with Google. we receive a verified email, name, and profile picture URL.

we share data only as needed to run those services for you. we do not share data with advertisers, brokers, or marketers.

7. where data is stored

data is stored on our subprocessors' servers, which may be located outside your country (Supabase & Anthropic are US-based; Razorpay is India-based). by using DontFumble you agree to this cross-border transfer. we rely on each provider's standard contractual clauses / industry-standard safeguards.

8. how long we keep your data

  • account data & content — until you delete your account, plus up to 30 days for backup rotation.
  • payment records — minimum 7 years (or as required by Indian tax / financial regulations).
  • server logs — 30 days.
  • IP address records — up to 90 days, then anonymized or deleted.
  • screenshots / uploaded files — stored only while the originating chat exists; deleted within 7 days of chat deletion.

9. your rights

depending on where you live, you may have the right to:

  • access the personal data we hold about you
  • correct inaccurate data
  • delete your data ("right to be forgotten")
  • export your data in a portable format
  • object to or restrict processing
  • withdraw consent (where consent is the legal basis)
  • lodge a complaint with your local data protection authority

to exercise any of these, email dontfumbleai@gmail.com from the address linked to your account. we'll respond within 30 days.

10. security

we use industry-standard safeguards: encryption in transit (TLS), encryption at rest (Supabase & storage providers), row-level security so users can only access their own data, hashed passwords, and access controls inside our team. no system is perfectly secure — if we discover a breach affecting your data we will notify you and the relevant authorities promptly as required by law.

11. children

DontFumble is not intended for users under 16. we do not knowingly collect data from children. if you believe we have, contact us and we will delete it.

12. cookies

see our separate Cookie Notice for how we use cookies and local storage.

13. changes

we may update this policy. material changes are posted here with a new "effective" date and, where reasonable, surfaced in-app. continued use after a change means you accept the updated policy.

14. contact

questions, requests, or complaints? dontfumbleai@gmail.com. we read everything.