Privacy Policy — Typical!

Who we are

Typical! is operated by Zentrafuge Limited, a company registered in England and Wales.

For the purposes of UK GDPR, Zentrafuge Limited is the data controller for personal information collected through Typical!.

Contact: zentrafuge@outlook.com

What we collect and why

Here is every category of data we handle, why we handle it, and the legal basis under UK GDPR.

Data	Why	Legal basis	Stored where
Email address (subscribers)	To verify your subscription and provide access	Contract	Firestore (Google)
Stripe customer ID and subscription ID	To manage your subscription and billing	Contract	Firestore (Google) and Stripe
Gift recipient name and email	To deliver a gift subscription by email	Contract	Firestore (Google) and Resend
Session statistics (turn count, character used)	To understand how the product is used and improve it	Legitimate interest	Firestore (Google)
Safety event flags (risk level, message length — not content)	To monitor our crisis safety system is working correctly	Legitimate interest	Firestore (Google)
Referral codes	To track and honour referral bonuses	Legitimate interest	Firestore (Google)
Access token (stored in your browser)	To remember that you are a subscriber without requiring an account login	Contract	Your browser only (localStorage)
Persona preference (stored in your browser)	To remember which character you last used	Legitimate interest	Your browser only (sessionStorage)

        Your conversations are not stored. What you say to our characters exists only in temporary server memory during your session and is permanently deleted when the session ends. We never read your moans. We never store transcripts. We never will.
      

What we don't collect

Conversation content — your messages are never written to any database
Payment card details — handled entirely by Stripe; we never see them
Passwords — Typical! has no account system requiring a password
Location data — we do not track where you are
Advertising identifiers — we have no advertising and no ad partners
Photo avatars — if you upload a photo, it is checked automatically for inappropriate content and then immediately discarded; nothing is stored on our servers

Third parties we work with

We use a small number of trusted third-party services to operate Typical!. Each receives only the data necessary for their specific function.

OpenAI — your messages are sent to OpenAI's API to generate character responses. OpenAI processes this data under their own privacy policy. We do not share your name, email, or any identifying information with OpenAI — only the conversation content itself.
Stripe — handles all payment processing. Stripe is PCI DSS compliant. We never receive or store your card details.
Google Firestore — our database, hosted on Google Cloud. Subscriber records and session statistics are stored here.
Resend — used to send gift subscription emails. Recipient name and email address are passed to Resend for delivery only.
Netlify — hosts our frontend website. Standard web server access logs may be retained by Netlify per their own privacy policy.
Render — hosts our backend server. Standard server logs may be retained by Render per their own privacy policy.

Cookies and browser storage

Typical! does not use tracking cookies or advertising cookies.

We use browser localStorage to store your access token (so you don't have to re-verify your subscription on every visit) and an install banner preference. We use sessionStorage to remember which character you last selected.

None of this data is sent to third parties. It lives in your browser only and can be cleared at any time through your browser settings.

How long we keep your data

Subscriber records — kept for as long as your subscription is active, plus 12 months after cancellation for billing dispute purposes, then deleted.
Gift records — kept for 12 months after the gift expires, then deleted.
Session statistics — kept for 24 months for product improvement purposes, then deleted.
Safety event logs — kept for 24 months to monitor system performance, then deleted.
Referral codes — kept for 6 months after redemption, then deleted.

Your rights under UK GDPR

You have the following rights regarding your personal data:

Access — you can ask us what data we hold about you
Correction — you can ask us to correct inaccurate data
Deletion — you can ask us to delete your data (the "right to be forgotten")
Portability — you can ask us to provide your data in a portable format
Objection — you can object to processing based on legitimate interest
Restriction — you can ask us to restrict processing of your data

To exercise any of these rights, email us at zentrafuge@outlook.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Data security

All data is transmitted over HTTPS. Access to our Firestore database is restricted to our backend server only. Subscriber email addresses are stored as document keys, not in plaintext fields accessible without authentication.

We are a small operation. We take security seriously and use industry-standard practices, but no system is completely impenetrable. In the event of a data breach that affects your personal data, we will notify you and the ICO as required by law.

Children

Typical! is not intended for use by anyone under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

If we make significant changes to this policy, we will update the date at the top of this page. For paying subscribers, we will notify you by email if changes affect how we handle your personal data.

Contact us

Get in touch

For any privacy questions, data requests, or concerns:

zentrafuge@outlook.com

Zentrafuge Limited
Kent, England