Make This Clear logo

Make This Clear

Try it free

Last updated: December 9, 2025

Privacy Policy

Make This Clear is built to be a private, reliable writing environment. This policy explains what we collect, how we use it, the infrastructure that keeps your data safe, and what choices you have under GDPR, CCPA, and similar regulations.

Information we collect

We collect the minimum amount of information necessary to run the product:

Account info

  • Email address and hashed password handled through Supabase Auth.
  • Optional profile data you add (for example, a display name).
  • Email verification status, authentication tokens, and timestamps tied to your account.

Usage records

  • Credits purchased, credits spent, and feature-specific counters so we can enforce quotas.
  • Query history, saved documents, and timestamps if you enable the history feature.
  • Session metadata, such as when you last logged in or changed settings.

Content you write

Text you type into the editor or send to an AI feature is processed in-memory, relayed to the configured LLM provider, and—only if you save it—stored in Supabase Postgres so you can revisit it later. Temporary buffers and worker logs automatically clear within hours.

Device and diagnostics

  • Browser type, screen size, and approximate location (city-level) captured via first-party analytics to debug layout issues.
  • Crash logs, rate-limit counters, and abuse indicators kept in Cloudflare KV so we can block malicious traffic.

Payments

Stripe processes all payments. We receive billing events (plan, status, last four digits, expiration month/year) from Stripe webhooks but never store or even see full card numbers or bank details.

How we use data

  • Authenticate you with Supabase Auth and keep your session active.
  • Provide writing, editing, detection, plagiarism, imagine, and other LLM-backed features.
  • Track credit consumption so billing is accurate and abuse is prevented.
  • Improve reliability by monitoring Worker latency, success rates, and error codes.
  • Notify you about account changes, subscription updates, or critical product news via email.
  • Comply with legal, tax, and security obligations.

What we never do

  • Sell or rent your personal information.
  • Use your prompts, documents, or feedback to train our own or third-party AI models.
  • Run advertising trackers or share data with data brokers.
  • Expose Worker API keys or Supabase service secrets to the client application.

Where and how data is stored

Supabase Postgres: Account data, saved documents, and credit ledgers are stored in Supabase with Row Level Security so each query is scoped to your user ID. Backups follow Supabase's managed retention schedule in the region configured for this project (currently US-based).

Cloudflare Workers & KV: The Worker proxies every AI request, injects API keys, keeps short-lived rate-limit counters in KV, and never writes your raw prompt to disk. Secrets stay server-side only.

Vercel hosting: The marketing site and dashboard ship from Vercel's CDN with HTTPS enforced. Logs include standard web metadata (IP, user-agent) for security and automatically purge per Vercel policy.

Local storage: We store small UI preferences (collapsed sidebar, last editor input) locally on your device. Delete your browser data to remove them.

How AI content is handled

Your prompts and documents are forwarded only to the LLM provider you select (OpenAI, Anthropic, or another compatible model) via our Cloudflare Worker proxy. We disable provider-side training flags wherever offered and request that providers do not use your data to improve their public models. We do not log content beyond the short-lived traces required to debug failed requests.

When you delete a document or disable history, we remove the stored text from Supabase and clear cached embeddings. Credit usage records remain so invoices stay accurate, but they no longer reference the deleted content.

When we share information

We only share data with vendors that keep Make This Clear running, all of whom are under contractual confidentiality obligations:

  • Supabase (authentication, database storage, storage of files you save).
  • Stripe (subscription billing, credit-pack purchases, payment dispute handling).
  • Cloudflare (Worker runtime, edge cache, security protections, DNS).
  • LLM providers (processing the text you explicitly send for AI-powered features).
  • Observability services we configure (e.g., Vercel analytics, Supabase logs) for uptime and incident response.

We may disclose account details if required by law, to respond to lawful requests, or to enforce our Terms of Service. We do not provide broad government access or backdoors.

Data retention and deletion

  • Account data remains active until you delete your account or we deactivate it for abuse.
  • Usage analytics (credits, feature counts, error logs) are kept for up to 18 months to support billing and abuse investigations.
  • Cloudflare Worker diagnostics clear automatically, typically within 24 hours.
  • Backups that include your data rotate per Supabase's schedule; deletions propagate to backups as they expire.

Your privacy rights

If you live in the EU/EEA, UK, California, or any region with similar rights, you can:

  • Access and export your Supabase records by submitting a request through our support page.
  • Update profile details inside Settings.
  • Delete your account at any time from Settings → Delete account. We queue removal jobs that purge Supabase rows and Cloudflare keys within 30 days.
  • Request erasure of specific documents, which removes them from history and search indexes.
  • Opt out of non-essential communication (product tips, launch announcements) through email footer links.

Security practices

  • HTTPS/TLS enforced across Vercel, Supabase, and Cloudflare endpoints.
  • Row Level Security plus service-role tokens ensure each Supabase query is scoped to the authenticated user.
  • Secrets (LLM keys, Stripe keys) live in Cloudflare Worker/Vercel environment variables and are never shipped to the browser.
  • Strict rate limiting and anomaly detection block credential stuffing, scraping, and automated abuse.
  • Access to production systems is limited to the founding team via SSO and hardware-based 2FA.

Children's privacy

Make This Clear is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect information from children, and we delete any such data if we discover it.

Changes to this policy

We may update this policy when we release new features, onboard a new infrastructure vendor, or to comply with new laws. If we make material changes, we will email active account holders and post a notice inside the app before the change takes effect.

Contact us

Questions, export requests, or privacy concerns? Visit our support page or message us through the in-app support chat.