Privacy policy

Your account email and name (via Supabase authentication, including Google sign-in if you use it), the queries and reports you run, your credit usage, and anonymous page-view counts per report so we can show which reports are most read.

Payments are processed by Paddle.com, our merchant of record. We never see or store your card details. Paddle shares with us your email and order / subscription status so we can activate your plan — see Paddle's privacy policy for how they handle payment data.

BYOK API keys (and Reddit OAuth tokens) are encrypted with AES-256-GCM before storage and decrypted only at run time to execute your reports. Keys are never logged and never shown again after saving — only the last four characters are displayed. Disconnecting an integration deletes the stored key.

Public Reddit posts, comments, and usernames are read via the Reddit official API in compliance with Reddit's terms, under your own Reddit OAuth where connected. Quotes shown in reports link back to the original post. If you would like a specific post or username removed from our reports, email support@painfinder.appand we'll remove it within 5 business days.

No advertising trackers. No selling email addresses or report data. Cookies are limited to authentication (Supabase session) and view-count dedup — see the cookies page.

Email support@painfinder.app to delete your account and associated data (we action deletions within 5 business days), export the data we hold about you, or ask anything about this policy.

We'll update the date at the top of this page if the policy changes. Material changes (anything that broadens what we collect) will be announced by email to account holders.