Privacy Policy

Documents you upload. When you upload a file for analysis, we extract the text content and store it temporarily to run the AI analysis. The extracted text is stored in our database linked to an anonymized IP hash — never to your name or email unless you create an account.

Usage data. We track how many analyses have been run from a given IP address (stored as a one-way SHA-256 hash) to enforce our free tier limits. Raw IP addresses are not stored.

Account data (optional). If you sign in with Google, we receive your email address and Google profile ID from Google OAuth. We use this to identify your account and allow you to revisit past analyses.

Payment data. If you subscribe to GetScrewedScore Pro, payment is processed by Stripe. We do not store your full card number, CVV, or billing address — Stripe handles all payment data. We store your Stripe customer ID and subscription ID to manage your Pro status.

Analytics. We use Google Analytics (GA4) to understand how the site is used — page views, session duration, and general behavior. This data is anonymized and does not include document content.

• To analyze your uploaded documents and return results to you
• To enforce free tier usage limits (via anonymized IP hash)
• To provide Pro features to paying subscribers
• To show you your past analyses if you have an account
• To improve the accuracy and performance of our AI analysis
• To send transactional emails (subscription confirmation, receipts) if you subscribe

We do not sell your data. We do not sell, rent, or trade your personal information or document content to any third party, ever.

Uploaded documents and their extracted text are stored in our database to power the shareable results page at /r/[id]. If you did not explicitly share your result, your document data is not publicly accessible.

We do not use your document content to train AI models. Your documents are passed to Anthropic's Claude API for analysis and are subject to Anthropic's Privacy Policy. Anthropic does not train models on API inputs.

You may request deletion of your data at any time by emailing us (see Section 7).

We use the following third-party services to operate GetScrewedScore:

We use the following cookies:

• gss_pro — an HTTP-only, secure, signed token that identifies you as a Pro subscriber. Set when you complete checkout. Expires after 7 days (renewed automatically for active subscribers).
• Supabase auth cookies — set when you sign in with Google. Used to maintain your session.
• Google Analytics cookies — used by GA4 for anonymized usage tracking. You can opt out via your browser's cookie settings or a GA opt-out browser add-on.

GetScrewedScore is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request deletion of your data
• Request a copy of your data (data portability)
• Withdraw consent at any time

To exercise any of these rights, email us at privacy@rembydesign.com. We will respond within 30 days.

We take security seriously. All data is transmitted over HTTPS. Sensitive tokens are signed with HMAC-SHA256. Database access requires server-side authentication via service role keys that are never exposed to the client. IP addresses are stored only as one-way SHA-256 hashes.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@rembydesign.com.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions about this Privacy Policy? Contact us: