H2T2HBeta

Privacy Policy

Last updated: June 9, 2026

1. Information We Collect

We collect the following types of information:

  • Account information — your email address, optional display name, and a hashed (never plaintext) version of your password when you create an account.
  • Message content — text you submit to the translator is sent to our AI provider to generate a suggestion. Message text is not stored on our servers after the response is delivered.
  • Usage data — a timestamp is recorded each time you use the translator. This is used only to enforce the free-tier hourly limit and is not tied to message content.
  • Feedback ratings — if you submit a thumbs up or thumbs down rating, we store your rating, the translator mode (rewrite or reply), your audience setting, any active tone modifier, and optional category tags you select. Message content is never included in feedback records.
  • Contact form submissions — if you write to us through the contact page, we store your name, email, subject, and message so we can respond.
  • Subscription data — if you subscribe, we store your Stripe subscription ID, plan status, and billing period end date. Full payment card details are handled by Stripe and never stored on H2T2H servers.
  • Browser storage — we use your browser's localStorage to remember your audience preference (e.g., “her” or “humans”) between visits, and sessionStorage to carry a pending message through the sign-in flow. Both are stored only in your browser and are not sent to our servers independently.
  • Authentication tokens — a JWT session token is stored in your browser to keep you signed in. It expires automatically and can be cleared by signing out.

2. How We Use Information

  • Authenticate your account and manage sessions
  • Process translator requests and return suggestions
  • Enforce the free-tier hourly usage limit
  • Manage subscriptions and billing through Stripe
  • Respond to contact form submissions
  • Analyze anonymized feedback patterns to improve output quality
  • Maintain service reliability and investigate security issues

We do not sell your data, use it for advertising, or share it with third parties outside of the service providers listed in section 3.

3. Third-Party Service Providers

We use the following providers to operate H2T2H:

  • xAI (Grok) — message text you submit to the translator is sent to xAI's API to generate suggestions. xAI processes this data subject to their own privacy policy. Message text is not retained by H2T2H after the response is delivered.
  • Stripe — payment processing for subscriptions. Stripe handles all card data under their own PCI-compliant privacy policy. We store only the subscription status and identifiers Stripe returns to us.
  • Cloudflare — H2T2H runs on Cloudflare Workers and Pages, and account data is stored in Cloudflare D1. All traffic, including message content in transit, passes through Cloudflare infrastructure.
  • Cloudflare Turnstile — bot and abuse protection used on the sign-up and contact forms. Turnstile processes a browser challenge that does not require solving a puzzle or storing personal identifiers.

4. Data Retention

  • Message text — not retained after the AI response is delivered.
  • Account data — retained while your account is active. Deleted immediately when you delete your account in Settings.
  • Usage timestamps — retained while your account is active for rate-limiting purposes. Deleted with your account.
  • Feedback ratings — retained to inform ongoing quality improvements. Deleted with your account.
  • Contact submissions — retained to track and respond to your inquiry.
  • Billing records — retained as required for financial record-keeping and dispute resolution.
  • Password reset tokens — expire automatically within one hour and are deleted when used.

5. Security

We use reasonable technical safeguards including encrypted connections (HTTPS), hashed passwords, and short-lived authentication tokens. No system can guarantee absolute security. If you believe your account has been compromised, please contact us immediately.

6. Your Choices

  • Update your name or email in Settings.
  • Delete your account and associated personal data at any time from Settings. Any active subscription is canceled automatically. Billing records may be retained by our payment processor as required by law.
  • Request a summary of the personal data we hold about you by contacting us through the contact page.
  • Clear your browser's localStorage and sessionStorage at any time through your browser settings to remove locally stored preferences.

7. A Note on Sensitive Topics

H2T2H is a communication coaching tool. It is not a substitute for therapy, legal counsel, medical advice, or crisis support. If you are in crisis or danger, please contact emergency services or a qualified professional.

8. Policy Updates

We may update this Privacy Policy when our data practices change. We will post the revised date at the top of this page. Continued use of H2T2H after an update constitutes acceptance of the revised policy.

9. Contact

Privacy questions and data requests can be submitted through the contact page.