Privacy Policy

whynotmeyc.com is an independent entertainment website. We are not affiliated with, endorsed by, or connected to Y Combinator or any of its subsidiaries in any way. For data enquiries, contact us at hey@whynotmeyc.com.

Pitch text: The startup idea or text you submit for analysis. This is sent to Anthropic's Claude API and stored in our database so you can share your result via a unique link.

Account data: If you create an account — your first name, email address, and hashed password (we never store your password in plain text).

Payment data: Processed entirely by Stripe. We store only your Stripe customer ID and purchase history. We never see, store, or process your card number, CVV, or full payment details.

Usage analytics: Anonymised, aggregated data about how pages are used (e.g. total roast count). Collected via Vercel Analytics — no personal identifiers.

Session cookie: A single HMAC-signed first-party cookie (“ys_sess”) that tracks how many free roasts you've used. It contains no personal information and cannot be used to identify you.

Referral codes: If you were referred via a link, we store your referral relationship to credit both users with a bonus roast. This is a pseudonymous UUID, not your name or email.

We do not store your IP address in our database. We do not use tracking or advertising cookies. We do not sell, rent, or share your personal data with third parties for marketing. We do not use your startup pitches to train AI models — your ideas belong to you.

Contract: Processing your pitch to generate and deliver the roast result you requested.

Legitimate interests: Fraud prevention, security (CAPTCHA), abuse prevention (rate limiting), and basic analytics to keep the service running.

Consent: Sending transactional emails if you provide your email address or create an account. You can withdraw consent at any time by emailing us.

We use your pitch text solely to generate and display your roast result, and to store that result at a shareable URL. We use your email address only to send transactional emails (welcome, first roast result) — never unsolicited marketing. We use payment data only for billing and fraud prevention.

The following third parties process data on our behalf:

• Anthropic (Claude API) — your pitch text is sent to generate the AI response. Subject to Anthropic's Privacy Policy.
• Supabase — database and authentication (servers in EU/US). Supabase Privacy Policy.
• Stripe — payment processing. Stripe Privacy Policy.
• Resend — transactional email delivery. Resend Privacy Policy.
• Cloudflare Turnstile — bot/CAPTCHA protection. Cloudflare Privacy Policy.
• Vercel — hosting and edge network. Vercel Privacy Policy.

We do not authorise any third party to use your data for their own purposes.

Roast results are retained indefinitely so shareable links continue to work. If you delete your account, your profile and email are deleted within 7 days, but anonymised roast results (with no user ID attached) may remain to preserve shareable links. You can request full deletion of all associated data at any time.

Session cookies expire when your browser session ends or after 30 days, whichever comes first.

We use one functional first-party cookie (“ys_sess”) strictly necessary for the free-roast counting feature. This cookie does not track you across sites and contains no personally identifiable information. We do not use advertising, tracking, or third-party cookies.

Cloudflare Turnstile may set cookies as part of its bot-detection service. Vercel Analytics uses no cookies and collects no personal data.

If you are located in the UK or EEA, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Ask us to correct inaccurate data.
• Erasure: Request deletion of your personal data.
• Portability: Receive your data in a machine-readable format.
• Restriction: Ask us to limit how we process your data.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email hey@whynotmeyc.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU supervisory authority.

This service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

Some of our service providers (including Anthropic, Supabase, and Stripe) may process data in the United States. Where data is transferred outside the UK or EEA, appropriate safeguards are in place including Standard Contractual Clauses (SCCs) or equivalent mechanisms.

We may update this policy from time to time. We will update the “Last updated” date at the top. Continued use of the service after changes constitutes acceptance of the updated policy.

For any privacy questions, data requests, or complaints: hey@whynotmeyc.com or use our contact form.