Privacy Policy

Last updated: March 10, 2026

1. Who We Are

withPOISE is operated by Ana Dobre, a sole trader registered in Romania. We are the data controller for personal data collected through this Service.

Contact: hello@withpoise.net

2. Data We Collect

We collect the following categories of personal data:

Account data

  • Name (optional)
  • Email address
  • Hashed password (we never store your password in plain text)
  • Account creation date

Usage data

  • Objection types selected
  • Tone and context inputs
  • Client messages you paste in (used only to generate the response)
  • Generated responses and timestamps
  • Credit balance and transaction history

Billing data

  • Stripe customer ID, subscription ID, and plan details
  • Payment card details are handled entirely by Stripe — we never see or store your card number

Technical data

  • IP address (used for rate limiting, not stored long-term)
  • Browser type and device information (via standard server logs)

3. How We Use Your Data

PurposeLegal basis
Providing and operating the ServiceContract performance
Processing payments and managing subscriptionsContract performance
Generating AI responses via Anthropic APIContract performance
Preventing abuse and rate limitingLegitimate interest
Sending transactional emails (account, billing)Contract performance
Complying with legal obligationsLegal obligation

We do not sell your personal data. We do not use your data for advertising. We do not use your client messages to train AI models.

4. Third-Party Services

We share data with the following third parties only to the extent necessary to operate the Service:

  • Anthropic — receives your selected objection type, tone, and optional client message to generate a response. Anthropic's privacy policy applies: anthropic.com/privacy
  • Stripe — processes all payments. Stripe is PCI-DSS compliant. Stripe's privacy policy: stripe.com/privacy
  • Upstash — Redis infrastructure used for rate limiting. IP addresses are processed temporarily and not stored. Upstash's privacy policy: upstash.com/trust/privacy
  • Vercel — cloud hosting provider. Standard server logs may be retained per Vercel's policy: vercel.com/legal/privacy-policy

5. Data Retention

  • Account data — retained for as long as your account is active. Deleted within 30 days of account deletion request.
  • Generated responses — retained to power your response history. Deleted when your account is deleted.
  • Billing records — retained for 7 years as required by Romanian fiscal law.
  • IP addresses for rate limiting — not stored beyond the active rate limit window (maximum 1 hour).

6. Your Rights (GDPR)

As a resident of the EU/EEA, you have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your account and personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request that we limit how we process your data

To exercise any of these rights, email us at hello@withpoise.net. We will respond within 30 days.

You also have the right to lodge a complaint with the Romanian data protection authority (ANSPDCP) at dataprotection.ro.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including password hashing (bcrypt), encrypted data transmission (TLS/HTTPS), and access controls. No system is 100% secure — if you suspect a breach, contact us immediately at hello@withpoise.net.

8. Cookies

withPOISE uses a minimal number of cookies:

CookiePurposeTypeDuration
next-auth.session-tokenKeeps you logged inEssentialSession / 30 days
next-auth.csrf-tokenPrevents cross-site request forgeryEssentialSession

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.

You can manage or delete cookies through your browser settings. Deleting the session cookie will log you out of the Service.

9. International Transfers

Some of our third-party providers (Anthropic, Stripe, Vercel) are based in the United States. Data transfers to the US are covered by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

10. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any privacy-related questions or requests, contact us at:
hello@withpoise.net