Privacy Policy

Last updated: March 2026

1. Data Controller

AskHundred ("we", "us") operates the website askhundred.com. This policy explains how we collect, use, and protect your personal data in compliance with GDPR and applicable privacy laws.

2. Data We Collect

• Account data: Email address and password (encrypted), or Google OAuth
• Test data: Questions you submit, panel configurations, uploaded images
• Usage data: Pages visited, features used, test history
• Payment data: Processed by Stripe — we never store card numbers

3. How We Use Your Data

• To provide the AskHundred service (AI panel testing)
• To manage your account and subscription
• To improve our AI models and service quality
• To send service-related communications

4. AI-Generated Content

AskHundred uses AI models to generate simulated persona responses. These are not real people. Results are statistical simulations and should not be treated as certified market research.

5. Data Storage & Security

Your data is stored on Supabase (PostgreSQL) with encryption at rest. Authentication is handled by Supabase Auth. We use row-level security policies to ensure data isolation.

6. Third-Party Services

• Supabase: Database and authentication
• OpenRouter / Anthropic: AI model inference
• Stripe: Payment processing
• Vercel: Hosting
• DiceBear: Avatar generation (no personal data sent)

7. Your Rights (GDPR)

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Deletion: Request complete deletion of your account and data
• Portability: Export your data
• Objection: Object to data processing

To exercise these rights, contact us at privacy@askhundred.com.

8. Data Retention

We retain your data for as long as your account is active. Upon deletion request, all data is permanently removed within 30 days using our delete_user_data() procedure.

9. Contact

For privacy inquiries: privacy@askhundred.com