Skip to main content
← Back to Home

Privacy Policy

1. Introduction

Authentyc AI, Inc. ("Authentyc", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website and services (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

Service Status: Authentyc is currently in waitlist/beta phase. This policy covers both the waitlist and future full service launch.

2. Information We Collect

2.1 Information You Provide Directly

  • Email Address: When you join our waitlist or sign up for the Service
  • Interest Categories: Your selected categories (hiring, dating, co-founder matching, mastermind groups, or other specified interests)
  • ChatGPT Conversation Experience Level: Whether you have extensive, some, or no ChatGPT conversation history
  • ChatGPT Share Links: Only when you explicitly paste and submit a ChatGPT shared conversation link for personality analysis

2.2 Information Collected Automatically

  • Analytics Data: Page views, scroll depth, button clicks, form interactions, and session duration via PostHog (cookieless mode)
  • Marketing Attribution: UTM parameters (source, medium, campaign), referrer URL, and landing page
  • Technical Information: Browser type, device type, operating system, IP address, and user agent string
  • Rate Limiting Data: IP address and request timestamps to prevent abuse (3 analyses per hour, 10 per day per IP)

2.3 AI-Generated Analysis Data

  • Personality Analysis: AI-generated insights about communication style, problem-solving approach, and personality traits based on ChatGPT conversations you share
  • Match Profiles: AI-generated example matches (hiring candidates, dating profiles, or co-founder profiles) based on your personality analysis
  • Metadata: Analysis timestamps, AI model versions (e.g., gpt-4o-mini, Gemini), confidence scores, processing times, and message counts

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Provide personality analysis based on ChatGPT conversations
  • Generate personalized match profiles and compatibility insights
  • Manage waitlist position and notify you when we launch
  • Send transactional emails (welcome, updates, invitations)

3.2 Product Improvement

  • Improve our AI models and personality analysis algorithms
  • Train and refine matching logic for better compatibility predictions
  • Analyze aggregate trends to understand which categories resonate most
  • Conduct A/B testing on features, prompts, and user experience

3.3 Analytics & Research

  • Understand user engagement and product-market fit
  • Measure conversion rates and optimize marketing campaigns
  • Track feature usage to prioritize development
  • Monitor service performance and error rates

3.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Prevent fraud, abuse, and violations of our Terms of Service
  • Respond to legal requests from law enforcement or courts

4. Third-Party Services

We use the following third-party services to operate our Service. Each service has its own privacy policy governing how they handle your data:

Supabase (Database Hosting)
  • Purpose: Store waitlist data, personality analyses, and rate limiting data
  • Data Shared: Email, interests, analysis results, IP addresses (hashed)
  • Location: US-based servers with encryption at rest and in transit
  • Privacy Policy: supabase.com/privacy
OpenAI (AI Analysis)
  • Purpose: Generate personality insights from ChatGPT conversation text (model: gpt-4o-mini)
  • Data Shared: De-identified conversation text extracted from ChatGPT share links
  • Retention: OpenAI retains API data for 30 days for abuse monitoring, then deletes it (per OpenAI API policy)
  • Privacy Policy: openai.com/privacy
Google Gemini (Character Generation)
  • Purpose: Generate personalized match profiles based on personality analysis
  • Data Shared: Personality analysis summaries (not raw conversations)
  • Privacy Policy: policies.google.com/privacy
Resend (Email Delivery)
  • Purpose: Send welcome emails, waitlist updates, and notifications
  • Data Shared: Email address, first name (if provided), waitlist position
  • Privacy Policy: resend.com/legal/privacy-policy
PostHog (Analytics)
  • Purpose: Track user engagement, scroll depth, button clicks, and conversion funnels
  • Data Shared: Anonymized user IDs, page views, events, IP addresses (for geolocation)
  • Mode: Cookieless tracking — no persistent cookies are set for analytics
  • Privacy Policy: posthog.com/privacy
Vercel (Hosting)

Important: We do not sell your personal information to third parties. We only share data with service providers necessary to operate our Service.

5. Data Retention & Deletion

5.1 Waitlist Data

We retain your email address and interest preferences for up to 2 years from your last interaction with the Service, or until you request deletion, whichever comes first. This allows us to:

  • Notify you when we launch
  • Grant you early access based on your waitlist position
  • Build a long-term relationship with early supporters

After 2 years of inactivity, your waitlist data will be automatically deleted. We may send a re-engagement email before deletion. You can also request deletion at any time by emailing privacy@authentyc.ai.

5.2 Personality Analysis Data

Personality analyses (including insights, match profiles, and metadata) are automatically deleted after 30 days. This protects your privacy while allowing us to demonstrate the Service during the waitlist phase.

  • ChatGPT share URLs are hashed (SHA-256) before storage — we never store raw URLs
  • Conversation text is not stored — only extracted, analyzed, and discarded
  • After 30 days, all analysis results are permanently deleted via automated database cleanup

5.3 Rate Limiting Data

IP addresses and request timestamps used for rate limiting are retained for 7 days to prevent abuse, then automatically purged.

5.4 Analytics Data

PostHog analytics data is retained according to PostHog's data retention policy. This data is anonymized and cannot be linked back to your email address.

6. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Access Controls: Database access restricted to service role credentials with row-level security policies
  • Hashing: ChatGPT share URLs are hashed before storage to prevent reverse lookup
  • Rate Limiting: API endpoints are rate-limited (3 requests/hour, 10 requests/day per IP) to prevent scraping and abuse
  • Monitoring: Automated error tracking and security alerts for suspicious activity

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Cookies & Tracking

We use cookieless analytics via PostHog. This means we do not set persistent tracking cookies on your device for analytics purposes. Our analytics collect anonymized, session-level data (page views, clicks, scroll depth) without storing cookies in your browser.

We may use essential cookies strictly necessary for the operation of the Service (e.g., session management, security tokens). These do not require consent under most privacy regulations as they are necessary for the Service to function.

We do not use third-party advertising cookies or tracking pixels from ad networks.

8. Data Ownership & Usage Rights

You own your personality analysis data. We generate personality insights and match profiles on your behalf based on the ChatGPT conversations you share with us.

8.1 Your Rights

  • You retain ownership of your personality analysis and generated match profiles
  • You can request a copy of your analysis data at any time
  • You can request deletion of your analysis data at any time

8.2 Our License

By using our Service, you grant Authentyc a non-exclusive, royalty-free license to:

  • Store and process your analysis data to provide the Service
  • Use aggregated, de-identified analysis data to improve our AI models and algorithms
  • Analyze trends and patterns across multiple users to enhance matching accuracy

We never share your individual personality analysis with other users or third parties (except as required by law).

9. Your Privacy Rights

9.1 All Users

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Correction: Request correction of inaccurate personal information
  • Opt-Out: Unsubscribe from marketing emails (via link in email footer or by contacting us)
  • Portability: Receive your data in a machine-readable format (JSON)

9.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the "sale" of personal information (we do not sell data)
  • Right to non-discrimination for exercising your CCPA rights

9.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Legal Basis for Processing: We process your data based on (1) your consent (for optional features like personality analysis), (2) contractual necessity (to provide the Service), and (3) legitimate interests (to improve our Service).

Given the nature and scale of our current data processing, we have determined that a Data Protection Officer (DPO) appointment is not required under GDPR Article 37. For all privacy-related inquiries, including GDPR requests, please contact us at privacy@authentyc.ai.

9.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@authentyc.ai. We will respond within 30 days (or as required by applicable law).

10. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@authentyc.ai and we will delete it promptly.

11. International Data Transfers

Our Service is hosted in the United States. If you access our Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using our Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

For EEA users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Sending an email to registered users (if material changes affect your rights)
  • Displaying a prominent notice on our website

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@authentyc.ai

Company: Authentyc AI, Inc.

Response Time: We aim to respond within 5 business days for general inquiries, and within 30 days for formal data rights requests.