Privacy Policy

TwoHeads is an expected-value decision analysis tool. When you use the Service, you describe a decision in plain language and receive an AI-generated analysis. This policy explains what information we process in the course of providing that service.

Decision text. When you submit a decision for analysis, your text is transmitted to Anthropic's Claude API to generate the response. We do not log or store this text on our own servers beyond the duration of the API call. Anthropic's own privacy policy governs how they handle data sent to their API — see anthropic.com/privacy.

IP address. We record your IP address in memory for rate-limiting purposes (to enforce the daily limit on API calls). Our lawful basis for this processing is legitimate interests — specifically, protecting the Service from abuse and managing infrastructure costs. This record is not persisted to disk, is not linked to any account or identity, and is cleared when the server restarts.

Usage analytics. If you consent via the cookie banner, we use Google Analytics to collect anonymised data about how visitors use the site (pages visited, session duration, approximate location). This data is processed by Google and is subject to Google's privacy policy. You can withdraw consent at any time by clearing your browser's localStorage for this site.

We do not collect names, email addresses, or any personal information unless you voluntarily provide it (e.g. via the waitlist form). We do not share data with advertisers. We do not sell data. Analytics cookies are only set with your explicit consent.

Saved scenarios and analysis history are stored in your browser's localStorage — a local storage mechanism that stays on your device. We cannot access this data. It is not transmitted to our servers.

Clearing your browser's site data will permanently delete your saved scenarios. There is currently no server-side backup.

Anthropic (Claude API). Your decision descriptions are processed by Anthropic's API to generate analyses. Anthropic is a third-party service with its own privacy practices. Review their policy at anthropic.com/privacy.

Stripe (payments). If you subscribe to a paid plan, your payment is processed by Stripe. We do not handle or store your card details. Stripe's privacy policy applies to payment processing — see stripe.com/privacy.

We do not embed any social media widgets, advertising scripts, or other third-party tracking tools.

Server-side: IP rate-limit records are in-memory only and not persisted. Waitlist email submissions (if you use that form) are stored only as long as necessary to operate the waitlist.

Client-side: localStorage data persists indefinitely in your browser until you clear it.

If you are based in the United Kingdom, you have the following rights under UK GDPR: (a) the right to access personal data we hold about you; (b) the right to rectification of inaccurate data; (c) the right to erasure ('right to be forgotten'); (d) the right to restriction of processing; (e) the right to data portability; (f) the right to object to processing based on legitimate interests.

Since we hold minimal personal data and none is associated with an account, the most effective action is to clear your browser's localStorage for this site. If you submitted an email address for our waitlist and wish it removed, contact hello@twoheads.app and we will delete it promptly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your personal data in accordance with UK GDPR.

API requests are made over HTTPS. We do not store payment details, passwords, or sensitive personal data. Since we hold very little data, our attack surface is minimal.

The Service is not directed at children under 13. We do not knowingly collect personal information from children.

We may update this policy from time to time. The "Last updated" date at the top indicates when it was last revised. Continued use of the Service after changes constitutes acceptance of the revised policy.

For privacy-related questions or requests, contact hello@twoheads.app.