Before You Hit Send

Privacy

Last updated: [launch date]

What happens to the text you paste

When you paste a piece of writing into this tool and click Analyze, the text is sent to an AI model that reads it and returns an analysis. That analysis streams back to your browser. Then the request is finished, and the text is gone from this site's systems.

There is no database. There is no log file storing what you pasted. The text exists in this site's systems only in memory, during the few seconds the request takes. When the request ends, that memory is freed. Nothing about your text persists on this side. This isn't a policy we promise to follow — it's a structural fact, because there's nowhere in the architecture for the text to be saved.

What we do store

Two things, neither of which is your text:

A salted, truncated hash of your IP address, stored in a key-value cache for rate limiting. We never store the raw IP. The hash exists so the tool can count requests from the same source over short time windows (minutes, hours, a day) and reject obvious abuse. Hashed IPs expire automatically — the longest TTL is one day.

A monthly cost counter. A single number tracking how much the tool has spent on model calls this calendar month, used to enforce a hard cost ceiling. It contains no information about any individual request — just the running total. It resets at the start of each month.

What we don't do

We don't require accounts. There's no login, no profile, no "your past analyses" — because we don't store analyses, yours or anyone else's.

We don't use tracking cookies. We don't set persistent identifiers in your browser. We don't use analytics products that build profiles of you across visits.

We don't sell data. There is no data to sell.

Third parties this tool relies on

This tool is a small piece of software running on top of infrastructure provided by other companies. We can speak only for what this site does. For what each third party does on its own systems, you should read its privacy policy directly. We link each one below.

Anthropic. Provides the AI model that reads your text. The text is sent to Anthropic's API for the purpose of generating the analysis you receive back. We use Anthropic's commercial API, governed by their Commercial Terms of Service and Privacy Policy. If Anthropic's handling of API traffic matters to you, read those documents — they speak with authority on what Anthropic does, and we don't.

Vercel. Hosts the site. Like any web host, Vercel's platform handles the network connection to your browser and may record standard request metadata (timing, status, IP) at the platform level. We do not write the text you paste to any log on Vercel's platform. Vercel's privacy policy covers what Vercel itself does.

Upstash. Provides the key-value cache used for rate limiting and the monthly cost counter. The data we write to Upstash is described above (hashed IPs, the cost counter). We never write request content to Upstash. Upstash's privacy policy covers what Upstash itself does.

Resend. Sends cost-threshold alert emails to the operator of this site (us). These emails contain spending percentages and totals — never user text or anything derived from a user request. Resend's privacy policy covers what Resend itself does.

Cloudflare. Provides two services: a proxy/CDN that sits in front of this site (handling DNS, TLS, and basic abuse protection), and Cloudflare Web Analytics, a privacy-respecting traffic measurement product that doesn't use cookies or build user profiles. As a network proxy, Cloudflare necessarily sees connection metadata for traffic to this site. Cloudflare's privacy policy and Web Analytics description cover what Cloudflare itself does.

Sentry. Receives error reports when something in this site's code fails (a network error, a parsing error, an unexpected exception). The error reports include information about the failure — the stack trace, browser, and request metadata — but are configured not to include the text you pasted or the analysis output. Sentry's privacy policy covers what Sentry itself does.

What we can't promise

We can describe how this site's code is built and what it does and doesn't do. We can't guarantee how the third parties above behave on their own systems, because we don't run those systems. The most accurate thing we can tell you is what we do and what we don't do, and direct you to the third parties for the rest.

If a third party's policy changes in a way that meaningfully affects what this page says, we'll update this page. If you spot something that looks out of date, tell us — the contact email is below.

Children

This site is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. The tool requires no account and stores no user content, so in the ordinary course of using it, there is nothing to collect from a child or anyone else.

If you believe a child under 13 has used the tool in a way that involved providing personal information to us, please contact privacy@beforeyouhitsend.app and we'll address it promptly.

Changes to this policy

When we change anything material about how the tool handles data, we'll update this page and change the "Last updated" date at the top. There is no email list, so we can't notify you directly.

Contact

Privacy questions: privacy@beforeyouhitsend.app.