← Back to home

Privacy Policy

Here's what data the tool collects, how it's handled, and what you can do about it. No corporate fog.

Last updated: June 22, 2026 · Effective: May 7, 2026

1. Who we are

The Second Half Assessment is operated by Warp 10 LLC, a Tennessee limited liability company. For all privacy questions, contact support@theredeemedsecondhalf.com.

2. What we collect

Account information

Your email address (used for authentication and necessary service messages) and your password (stored as a one-way cryptographic hash — we can't read it, though you can reset it through the app).

We don't collect your name, phone number, address, age, or demographic information at account creation.

Your assessment content

The answers you type or speak during an assessment, the conversational exchanges with the AI interviewer, which domains you selected, and the profile and 90-day action plan generated at the end. All of this is stored in our database (Supabase), encrypted at rest, and tied to your user ID.

Technical data

Basic server logs for error tracking and security monitoring. These don't contain the content of your assessment. Logs are purged on a regular rotation.

What we don't collect

Inside the assessment application itself — every screen where you answer questions, talk with the AI interviewer, or read your profile and 90-day plan — we run no third-party analytics, tracking, or advertising. No Google Analytics, no Facebook Pixel, no behavioral tracking, no fingerprinting, no ad networks, no data brokers.

Our public pages — everything outside the assessment application, including the landing page, How It Works, About, sign-in, the post-checkout thank-you page, and these policy pages (privacy, terms, safety, refund) — use Google Analytics (GA4) to measure aggregate traffic: how many people visit, which pages they land on, and where they came from. GA4 sets a first-party cookie and records approximate location (derived from your IP, which we don't store), device, and browser. It never sees your assessment content, and it stops at the application boundary — the moment you enter the assessment, no analytics runs.

If you use your device's native voice dictation (the mic button on your phone keyboard) to type answers, that processing is handled by your device or keyboard provider — not by the app — and only the transcribed text gets saved alongside your assessment.

Browser storage

The application uses your browser's localStorage to keep you signed in across visits (authentication tokens from Supabase). It also caches a minimal amount of app data locally for performance. The application sets no advertising cookies, no tracking pixels, no fingerprinting, and runs no behavioral analytics. On our public pages only, Google Analytics sets a first-party analytics cookie (described above); it is never set inside the assessment application and is not used for advertising.

3. Who can see your data

4. How we use your information

We use your data only to operate the tool:

• Email — to authenticate you and send essential service messages (e.g., password reset, account changes)
• Password hash — to verify sign-ins
• Assessment content — to store your work so you can return to it, to feed context to the AI during your session, and to generate your final profile
• Operator review of transcripts — to improve the AI interviewer, refine the framework, and catch cases where the tool didn't respond well
• Server logs — to diagnose errors and monitor security

We do not: use your data for advertising or behavioral targeting; sell, rent, lease, or broker your personal data; use your content to train AI models; share your assessment content or account information with analytics companies, ad networks, or data brokers; use sensitive content (beliefs, reflections, emotional material) for any secondary purpose.

5. Third-party services we use

We keep this list short on purpose.

• Supabase — database, authentication, and file storage. Data is encrypted at rest. Supabase privacy policy
• Anthropic — AI API provider for the Claude models that power the interviewer. Conversation content is processed through their API under their commercial terms. Anthropic does not use this data to train AI models. Anthropic privacy policy
• Vercel — hosting provider. Vercel privacy policy
• Cloudflare CDN — delivers the PDF generation library to your browser when you export your profile. Cloudflare sees your IP address as part of this delivery; they do not receive your assessment content. Cloudflare privacy policy
• Stripe — payment processing (when paid version launches). We never see your card number. Stripe privacy policy
• Resend — transactional email delivery (account verification, password resets). Resend privacy policy
• Google Analytics (GA4) — aggregate traffic measurement on our public pages only (everything outside the assessment application — landing, How It Works, About, sign-in, thank-you, and the policy pages). Never loaded inside the assessment application and receives none of your assessment content. Google privacy policy

On our public pages we keep third-party tools to a minimum. No Mixpanel, no HubSpot, no Mailchimp, no data enrichment services, no data brokers.

6. AI data flow

When you type an answer during an assessment:

1. Your message travels over an encrypted HTTPS connection to our server.
2. Our server forwards the message, plus the session context, to Anthropic's API.
3. The AI generates a response and returns it through our server to your device.
4. Your message and the AI's response are saved to your assessment record in our database (Supabase), encrypted at rest.

Anthropic's commercial API terms state that data submitted through their API is not used to train their models. We do not send your email address or other identifying information alongside your conversation content in API calls.

7. Sensitive content and explicit consent

An honest self-assessment involves sharing personal reflections, beliefs, and emotional experiences. Religious and philosophical beliefs are treated as a special category of personal information under GDPR (EU users) and sensitive personal information under CCPA (California users).

Because of that, we ask for your explicit, separate consent at signup before you can use the tool — not buried in the Terms, but as its own dedicated checkbox. You can withdraw that consent at any time by deleting your account.

8. How long we keep your data

The retention model below applies once subscription billing is active. While the tool is in its Founder phase and pre-subscription, your account and data stay available without time limit; deletion only happens if you request it (see User-requested deletion, below).

• Active subscriber: All your data stays available — assessment, profile, 90-day plan, check-ins, account.
• Cancelled, within 30-day grace period: All your data stays available. If you re-subscribe within 30 days, you return to a fully functional account with no data loss.
• Cancelled, past 30-day grace: Your account moves to view-only mode for 12 months. You can read, download, and copy your data, but cannot create new check-ins, run a new assessment, or refine your plan.
• Approaching auto-deletion: We send email warnings at month 11 and month 12 of view-only mode. If you don't re-subscribe, your data is permanently deleted at month 13 from cancellation.
• User-requested deletion: You can request immediate deletion at any time. After confirmation, your account enters a 30-day soft-delete grace period — invisible to you in the app, but recoverable via a one-click "Restore my account" link in the confirmation email. After 30 days, the deletion is permanent.
• Abandoned assessments: Incomplete assessments that haven't been touched in 90 days may be automatically deleted.
• Server logs: Retained on a short rotation (typically 30 days or less) and do not contain assessment content.
• Billing records: Stripe retains transaction records per their legal requirements, independent of our deletion.
• Encrypted backups: Backups containing your data roll off within 30 days of any of the deletions above.

9. Your rights

No matter where you live, you have the following rights regarding your data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Correct your email address through account settings. For other corrections, email us.
• Deletion. You can permanently delete your account and all associated data from inside the app: open the menu on your profile and choose Delete My Account. Deletion follows the soft-delete flow in Section 8 — a 30-day recovery window via the "Restore my account" link we email you, then permanent deletion. You can also request deletion by emailing support@theredeemedsecondhalf.com.
• Portability. You can export your transcripts and profile as a PDF at any time from your account. For other formats, email us.
• Withdraw consent. Deleting your account withdraws all consents you've granted.

To exercise any of these rights, email support@theredeemedsecondhalf.com. We aim to respond within 5 business days and no later than 30 days.

10. EU / EEA users (GDPR)

If you're in the European Union or European Economic Area, GDPR applies to your data. In addition to the rights in Section 9, you have:

• The right to restrict processing (Art. 18)
• The right to object to processing based on legitimate interests (Art. 21)
• The right to lodge a complaint with your national data protection authority (directory: edpb.europa.eu)

Data transfers outside the EU. Your session data is processed through US-based services (Anthropic, Supabase, Vercel). Standard Contractual Clauses apply through the respective service providers' data processing agreements.

Legal basis for processing. Account creation, authentication, and storing your assessment content rest on contractual necessity (Art. 6(1)(b)). Processing of reflections and beliefs you choose to share rests on explicit consent (Art. 9(2)(a)) — captured via a dedicated signup checkbox. Server error logging rests on legitimate interests (Art. 6(1)(f)).

11. California users (CCPA / CPRA)

California residents have rights under the CCPA and CPRA, including rights to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information.

We do not sell or share your personal information for behavioral advertising. Full stop.

Sensitive personal information we may process includes philosophical beliefs (§ 1798.140(ae)(4)) and reflections that touch on mental or emotional health (§ 1798.140(ae)(8)). We use this information only to operate the tool — not for profiling, advertising, or any secondary purpose.

To exercise California rights, email support@theredeemedsecondhalf.com.

12. AI disclosure

You're interacting with AI, not a human being. The AI will identify itself as AI if asked directly and will never claim to be human or a licensed professional. We will not use your assessment content to train AI models.

13. Security

Your content is encrypted at rest (via Supabase) and in transit (TLS / HTTPS). Access to the database is restricted. We use row-level security policies so users can only access their own records through the app.

No security system is perfect. If we become aware of a breach affecting your personal data, we'll notify affected users and relevant authorities as required by applicable law. You're responsible for keeping your password secure.

14. Children

The tool is for users 18 and older. We don't knowingly collect personal information from anyone under 18. If you believe someone under 18 has created an account, email us and we'll delete the account and all associated data.

15. Changes to this policy

We'll post updates here and update the "Last updated" date at the top. For material changes, we'll notify active users by email before the change takes effect.

16. Contact

Questions, requests, complaints, or anything else privacy-related:

support@theredeemedsecondhalf.com
Warp 10 LLC
Tennessee, USA

We respond within 5 business days for most inquiries, and no later than 30 days for formal data subject requests.