Privacy Policy
Last updated: October 2025
π Data Minimization, Not Data Hoarding
Simple Policy only asks for what it needs to run: a Gumroad license key and the document you want summarized. The platform does not build profiles, sell data, or run third-party trackers. Payment happens entirely on Gumroad (Terms Β· Privacy).
Because the app runs on AWS, standard access logs (IP address, user agent, request timing) exist for security and abuse prevention. Those logs stay within AWS services and aren't combined with marketing or analytics tools (AWS Data Privacy FAQ).
Your Gumroad license key is used as an anonymous identifier for quota tracking only. It's a random token that does not expose your name or email.
1. What Information Does Simple Policy Access?
π What You Provide
- Your License Key: The code you got when you bought Simple Policy (needed to verify you're a real customer)
- Website Links: The URLs of privacy policies or terms you want analyzed (like "https://example.com/privacy")
πΎ What Gets Saved on Your Computer
- Your License Key: Saved so you don't have to type it every time
- Last Website You Checked: So it's still there if you refresh the page
β Good News: The license key and last URL stored under this section live only in your browser. Clear your local storage and they're gone. Server-side copies exist separately for processing (explained below).
2. How Does Simple Policy Use This Info?
- π Check Your License: Your license key gets sent to the servers to verify you're a paying customer
- π Analyze Websites: The website URL gets sent to the servers so the tool can read and analyze the privacy policy for you
- β³ Temporary Job Storage: Submitted text or URLs live in an encrypted job queue for ~48 hours so the worker can finish the analysis, then the job entry expires automatically
- ποΈ Summary Cache: The generated summary is saved under a content hash so repeat requests return instantly without re-running the AI
- π Make Life Easier: Your browser remembers your license key and last website so you don't have to type them again
3. Is Your Info Shared?
Here's exactly what happens:
- π€ To the Servers: Your license key and website URLs go to Simple Policy's AWS-hosted API so the analysis can run
- π€ To Anthropic: If a summary isn't already cached, the full document text is sent to Anthropic's Claude API to generate the analysis. Anthropic processes it to deliver the response and does not keep it for training (see Anthropic API Terms).
- π‘οΈ Infrastructure Logs: AWS API Gateway and Lambda automatically log the fact that a request happened (IP address, timestamp, user agent). Those logs are used only for security, abuse detection, and debugging (see AWS Data Privacy FAQ).
- π« No Sneaky Trackers: Simple Policy doesn't run Google Analytics, Facebook tracking, or other marketing pixels on the site
- π Never Sold or Reused: The submitted documents and summaries are never sold, and they're not used to train proprietary models beyond the single Anthropic request (see Anthropic statements)
β Complete Transparency: The server code has been checked too! The only third-party services involved are Gumroad for license checking (Terms) and Anthropic (Claude models for AI analysis, see API Terms).
4. Data Retention - How Long Things Are Kept
Here's exactly how long different types of data are kept:
- π Analysis Results (Cache): Stored indefinitely to save costs and speed up repeated queries. Only the AI summary is cached - not your original documents. Cache uses content hashing so identical documents share one analysis
- π Job Queue: When you submit an analysis request, a job entry holds the text/URL so the worker can finish. Your browser acknowledges the job once it receives the result, which deletes the entry immediately. If that acknowledgement never arrives (e.g., you close the tab), DynamoDB removes the job automatically after ~48 hours.
- π Monthly Usage Counter: Tracks how many analyses you've done this month (50/month limit). Automatically resets at the end of each month. Uses URL/content deduplication so you're not charged twice for the same policy
- π License Verification: Your license key is checked with Gumroad in real-time (cached for 1 hour by the API). No license verification logs are stored on Simple Policy servers
- πΎ Your Browser Storage: License key and last URL stay in your browser until you clear them (you control this completely)
- π Original Documents: The full text you submit lives in the processing queue for ~48 hours so the worker can finish, then the queue item expires. It is not kept in the long-term cache.
5. How to Delete Your Data
Want to clear everything? Here's how:
- ποΈ Clear Browser Data: Go to your browser settings and clear "site data" or "cookies and site data" for simplepolicy.ca - this deletes your license key and last URL
- π§ Or Use Developer Tools: Press F12, go to Application tab, find "Local Storage" β simplepolicy.ca and delete the entries
- π Cached Analyses: Currently stored indefinitely. Join the Discord to request manual deletion of cached analysis results associated with documents you submitted
- π Monthly Usage Counters: Automatically expire and delete at the end of each month (no manual deletion needed)
- π Job Queue Entries: Normally deleted instantly after your browser acknowledges the result; otherwise DynamoDB cleans them up within ~48 hours
6. What Really Happens on the Servers
The server code has been reviewed too, so here's exactly what happens behind the scenes:
π When You Enter Your License Key
- Gumroad Check: Your license key gets sent to Gumroad's API to verify you actually bought Simple Policy (happens on every API request)
- Status Check: The system checks if your purchase was cancelled or refunded
- Access Decision: If valid and not cancelled/refunded, you get access to use the tool
- Caching: API Gateway caches the validation result for 1 hour to reduce API calls to Gumroad
- Usage Tracking: Your license key is used as your user identifier to track your monthly usage limit (50 analyses/month)
π When You Submit a Website URL
- Deduplication Check: The URL is canonicalized (tracking parameters removed, lowercased) and checked if you already analyzed it this month
- Fetch Content: The servers visit the website and download the privacy policy/terms page
- Cache Lookup: The document text is normalized and hashed. If this exact content was already analyzed before, the cached result is returned immediately
- Send to Anthropic: If not cached, the complete document text gets sent to Anthropic's Claude API for analysis (Anthropic API Terms)
- Get Analysis: Claude analyzes it and sends back a structured report including a trust score, key points, warnings, and your rights
- Cache Results Indefinitely: The analysis (not the original document) gets saved permanently so if anyone checks the same document again, it's instant
- Usage Counter: Your monthly counter increments by 1 (unless this URL was already counted this month for you)
π¨ Important: The complete text of privacy policies and terms of service gets sent to Anthropic (the company that makes Claude AI). This is how the tool can analyze them for youβreview Anthropic's usage commitments in their API Terms. The analysis includes a trust score rating and detailed breakdown of data practices.
7. Questions? Just Ask!
Got questions about your privacy? Want to know what really happens to your data? Join the Discord!
π¬ Join the Discord: https://discord.gg/simplepolicy
You'll get the straight answer about how data is handled - no corporate jargon, just honest answers!
Prefer email? Use the "Contact the creator" link in your Gumroad receipt and the same person behind this project will reply there.