Privacy Policy

Last updated: February 2026

1. What We Collect

• Email address — required to create your account
• Case details — title, description, category, opponent name and contact information, your state
• Evidence — text notes, uploaded files (PDFs, images, videos, documents)
• Generated letters — all letters generated through the service
• Activity log entries — notes you add to your case timeline
• Basic usage logs — IP address and timestamps, for security and abuse prevention only

2. What We Do With It

We use your data for one purpose: to provide the TyrantCrusher service. That means storing your case files, generating letters from your evidence, and delivering emails you request.

That's it. We do not sell your data. We do not share it with advertisers. We do not use it for marketing to third parties. We do not use it for any purpose other than running the service you signed up for.

3. What We Don't Do

• We do not sell your data. Ever. To anyone.
• We do not run advertising on the platform.
• We do not use tracking pixels or third-party analytics trackers.
• We do not train AI models on your case content.*

* Important note: Your case content IS sent to xAI (Grok) to generate letters. xAI's data practices govern how they handle that content once it reaches their servers. See xAI's privacy policy for details on their data handling.

4. File Storage

Uploaded files are stored in Supabase Storage in a private bucket. Only you can access your files, via time-limited signed URLs that expire after one hour. Files are deleted when you delete the associated case or your account.

5. Authentication

Authentication is handled by Supabase Auth. We store only your email address and a user ID. Passwords are managed entirely by Supabase — we never see, store, or have access to your password.

6. Third-Party Services

We use the following services to operate TyrantCrusher. Each handles a specific part of the service and has their own privacy policy:

• Supabase (authentication, file storage, database) — supabase.com/privacy
• xAI (letter generation — receives your case content) — x.ai/privacy
• Stripe (payment processing — receives your email and payment info) — stripe.com/privacy
• Resend (email delivery) — resend.com/privacy
• Fly.io (hosting) — fly.io/legal/privacy-policy

7. Data Retention

• Active accounts: Your data is retained as long as your account exists.
• Deleted accounts: All data is deleted within 30 days of account deletion.
• Waitlist entries: Retained until you unsubscribe or ask us to remove you.

8. Your Rights

• Access: Email support@tyrantcrusher.com to request a full export of your data.
• Deletion: Delete individual cases in the app, or email us to delete your entire account and all associated data.
• Correction: Edit your case details and evidence directly in the app at any time.

9. Cookies

We use one session cookie for authentication. That's it. No tracking cookies. No advertising cookies. No third-party analytics cookies.

We may add privacy-respecting analytics (such as Plausible) in the future. If we do, we will update this policy.

10. Contact

Questions about your privacy? Email us at support@tyrantcrusher.com.