Privacy Policy

This Privacy Policy explains what data WealthGlitch ("we", "us") collects, how we use it, and your rights. It applies to your use of WealthGlitch Suite (the "Service"). 1. Data controller. WealthGlitch is the data controller for personal data processed in connection with the Service. Contact: support@wealth-glitch.com. 2. What we collect. (a) Account data: email address, full name, hashed password, authentication tokens. (b) Billing data: Stripe customer ID, subscription status, plan, billing history. Card details are handled entirely by Stripe and never touch our servers. (c) Usage data: inputs you submit (niche keywords, product briefs), outputs generated, credit transactions, timestamps, IP address, browser and device metadata. (d) Support data: messages you send us via email or in-app forms. 3. How we use it. We use personal data to: (a) provide and operate the Service; (b) process payments and manage subscriptions; (c) meter credit usage and prevent abuse; (d) send transactional email (sign-up, password reset, receipts, account notices); (e) diagnose errors and improve the Service; (f) comply with legal obligations. We do not sell personal data. We do not use your inputs or generated outputs to train AI models. 4. Legal bases (GDPR). We rely on: (a) contract — to deliver the Service you signed up for; (b) legitimate interests — to secure the Service, prevent fraud, and improve product quality; (c) legal obligation — for tax, accounting, and responding to lawful requests; (d) consent — only where required, which you may withdraw at any time. 5. Sub-processors. We share data only with processors needed to run the Service, under contractual data-protection terms: - Supabase — authentication and database hosting (EU region) - Stripe — payment processing (PCI-DSS certified) - OpenAI — AI model access for niche analysis - Anthropic — AI model access for product generation - Resend — transactional email delivery - Vercel — application hosting and CDN - Sentry — error monitoring (IP addresses pseudonymized) 6. International transfers. Some processors are based in the United States. Transfers rely on Standard Contractual Clauses and, where applicable, supplementary measures. 7. Retention. Account and content data is retained while your account is active. When you delete your account we remove profile, product, and usage rows within 30 days. Billing records are retained for 7 years to comply with tax law. Backups are rotated within 35 days. 8. Your rights. Under GDPR and similar laws you can: access your data, correct it, delete it, export it in a portable format, object to processing, and lodge a complaint with your local supervisory authority (in Romania: ANSPDCP, https://www.dataprotection.ro). Most rights can be exercised directly from Settings; for the rest, email support@wealth-glitch.com and we'll respond within 30 days. 9. Cookies. We use strictly necessary cookies for authentication and session management. We do not use advertising or third-party tracking cookies. 10. Security. Data is encrypted in transit (TLS) and at rest. Access is limited to authorized personnel on a need-to-know basis. We will notify affected users and regulators of any data breach as required by law. 11. Children. The Service is not directed to anyone under 18. We do not knowingly collect data from children. 12. Changes. We will post changes to this Policy on this page and, for material changes, notify you by email at least 14 days before the change takes effect. Contact: support@wealth-glitch.com