Privacy Policy

Last updated: March 20, 2026

This document is a template and requires legal review before use in production.

1. Information We Collect

Account Information: Email address, display name, and password hash when you create an account.

Steam Data: When you connect your Steam account, we access your public profile information and the public review data for your games via Steam's public API. We do not access private account data.

Usage Data: Pages visited, features used, response drafts generated and approved.

Payment Information: Processed by Stripe. We do not store credit card numbers. We receive subscription status and billing events.

2. How We Use Your Information

  • Providing and improving the Service
  • Generating AI response drafts based on your game's reviews
  • Performing sentiment analysis and review intelligence
  • Sending transactional emails (onboarding, billing, crisis alerts)
  • Sending marketing emails (with your consent, unsubscribable)
  • Detecting and alerting on review score crises

3. AI and Data Processing

We use Anthropic's Claude API to generate response drafts and perform review analysis. Review text from Steam (which is publicly available) is sent to the AI for processing. Generated responses are stored in our database and associated with your account. We do not use your data to train AI models.

4. Data Storage and Security

Data is stored in Supabase (PostgreSQL) with row-level security policies ensuring users can only access their own organization's data. All connections use TLS encryption. Passwords are hashed using bcrypt.

5. Data Sharing

We do not sell your data. We share data only with:

  • Stripe — for payment processing
  • Anthropic — for AI response generation (review text only)
  • Resend — for transactional email delivery
  • Supabase — for database hosting

6. Cookies

We use essential cookies for authentication (session tokens). We do not use tracking cookies or third-party advertising cookies.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Unsubscribe from marketing emails at any time

8. Data Retention

Active accounts: data retained while subscription is active. After cancellation: data accessible for 30 days, then permanently deleted. Email audit cache: retained for 7 days. Analytics events: retained for 90 days.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email. The “Last updated” date at the top reflects the most recent revision.

11. Contact

Privacy questions? Contact us at support@steamreviewrescue.com.