Soothsay

Last updated · 2026-06-18

Privacy.

The short version: we collect what we need to audit your writing, run your subscription, and keep the lights on — and nothing else. We don’t sell data, we don’t train models on your drafts, and you can delete everything any time.

What we collect

Account data

When you sign in we receive your email address, your user id, and your sign-in method from Clerk (our auth provider). We store the email + an internal user id in our database.

Audit data

When you submit an audit we store the input text or URL, the resulting findings and scores, and a hash of the content for deduplication. Anonymous audits are tagged with a hashed fingerprint (SHA-256 of IP + User-Agent) so we can apply the 1-free-audit rule.

Anonymous audits are automatically deleted after 30 days(configurable in ANON_AUDIT_RETENTION_DAYS). Signed-in audits stay until you delete them.

Billing data

When you upgrade to Pro, Stripe handles payment. We never see your card number. We store your Stripe customer id, subscription id, subscription status, and the current period end date for plan-gating decisions.

Usage analytics

We record events (audit created, rewrite called, probe started, upgraded) so we can measure activation and improve the product. Events include your user id and non-sensitive metadata. We use PostHog as our analytics provider; you can opt out via the Do-Not-Track header (we honor it).

Cookies

We use one essential cookie (sooth_anon) to track anonymous audit quota, plus session cookies from Clerk for authentication. We do not use third-party advertising cookies.

What we DON'T do

  • Sell your data to anyone. Ever.
  • Train AI models on your drafts.
  • Run advertising trackers. There’s no Google Ads pixel, no Meta pixel, no third-party retargeting on this site.
  • Share your draft content with the LLM providers we use for citation probes — we synthesize generic questions from your topic and send those, never your raw text.

Who can see what

Your audits

Only you (when signed in, by your internal user id) and our administrators (env-configured email allowlist) can read your audits. Audit URLs use UUIDv4 which is practically un-guessable, and every read/export route enforces an ownership check on the server.

Anonymous audits are tied to the hashed fingerprint cookie in your browser. If you clear the cookie, the audit becomes inaccessible to you.

Third-party processors

The companies we use to run Soothsay, and what they touch:

  • Neon — Postgres database (account, audit, billing data)
  • Upstash — Redis queue + rate limiter (transient job IDs)
  • Clerk — authentication (email, sign-in method)
  • Stripe — billing (name, email, card, address)
  • Together AI — LLM rewrites (the passage you ask to rewrite)
  • Perplexity / OpenAI / Anthropic / Google — citation probe queries (synthesized questions, never your raw draft)
  • Vercel — web hosting (request metadata, error logs)
  • Railway — worker hosting (job logs)
  • Sentry — error monitoring (stack traces, request ids; we redact bodies)
  • PostHog — product analytics (event names + ids, no PII in event payloads)

Your rights

Wherever you live, you can ask us to:

  • Show you everything we store about you
  • Delete your account and every audit, finding, score, rewrite, and probe attached to it
  • Stop using your data for analytics
  • Port your data out (we’ll send you a JSON dump)

Email privacy@soothsay.io with your request. We respond within 30 days.

Children

Soothsay is not intended for users under 13. If you believe a child has signed up, email us and we’ll delete the account.

Changes to this policy

When we make material changes, we’ll email signed-in Pro users and update the “last updated” date at the top of this page. Continued use after a change means you accept the new policy.

Contact

Questions about anything on this page → privacy@soothsay.io.

Privacy Policy — Soothsay · Soothsay