Privacy Policy
Last updated: June 23, 2026
This Privacy Policy explains what data Pitchsmith (“we,” “us,” “our”) processes when you use pitchsmith.tech, and how we handle it. We aim to collect as little as possible.
API keys: we use our own
Pitchsmith generates pitches using our own server-side Anthropic (Claude) API key. We never ask for, collect, or store your personal Anthropic or any other third-party API key. The Anthropic key lives only on our servers and is never sent to your browser. You do not need to provide a key to use the service.
What we process
- Pitch inputs. The idea text you submit is sent to our servers and to Anthropic solely to generate your one-pager. It is processed in-memory during the generation request and is not stored in any Pitchsmith database. We do not retain a copy after the request completes.
- Generated outputs. The one-pager and audit report we return are streamed to your browser and are likewise ephemeral on our side — we do not persist them. If you want to keep an output, use the copy or download buttons.
- Account / authentication. We sign you in with a passwordless magic link sent to your email. We store a short-lived sign-in token and a session, plus a one-way hashed identifier derived from your email address (used for credit ledger keys and logs). We do not store your raw email address in those ledger keys.
- Credits and payments. If you purchase a credit pack, we store your credit balance keyed to the hashed identifier above. Payment card details are handled entirely by Stripe — we never see or store your card data.
- Rate-limiting and abuse prevention. For free runs we may temporarily process your IP address to enforce rate limits.
Third parties
We rely on the following processors to run the service:
- Anthropic — Claude API, used to generate your one-pager from your pitch input.
- Vercel — hosting and basic, privacy-friendly analytics.
- Upstash (Redis) — storage of sign-in tokens, sessions, credit balances, and rate-limit counters.
- Resend — delivery of magic-link sign-in emails.
- Stripe — payment processing for credit purchases.
Retention
Pitch inputs and generated outputs are not retained after the generation request finishes. Sign-in tokens expire automatically (within about 15 minutes). Sessions and credit balances persist while your account is active. You may request deletion of your account data at any time by contacting us.
Your rights (GDPR / CCPA)
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict its processing, and to opt out of any “sale” or “sharing” of personal information. We do not sell your personal information. To exercise any of these rights, email us at the address below and we will respond as required by applicable law.
Contact
Questions or requests about this policy: rob@cartooli.com.