Privacy Policy
We built Suggest to be simple and respectful of your privacy. This policy explains what we collect, what we share, and why.
Effective date: 2026-05-17
Product: Suggest (Web app at suggest.app)
Contact: [email protected]
What we collect
What you provide
- Account: first name + email (required). If you sign in with Google, we also receive the basic profile Google shares (name, email).
- Your inputs: goals, personality quiz answers, settings, and any text you enter
- Generated content: scripts and audio we create for you
What we collect automatically
Basic technical data needed to run the web app (e.g., IP address, device/browser type, timestamps, error logs)
Cookies and similar technologies
We use first-party cookies for authentication so you can sign in and access the web app.
We also load third-party pixels and cookies from PostHog (product analytics), Meta (advertising), and TikTok (advertising). The sections below explain what each one does.
Sign-in providers
You can sign in to Suggest two ways:
- Email magic links, sent via our email provider (Resend).
- Google sign-in. When you choose this option, Google sends us your name, email, and Google account id. We never receive your Google password.
Analytics
We use PostHog to understand how people use Suggest: which steps of onboarding work, which features get used, where errors happen. PostHog records pageviews, clicks, and form submissions, plus session replays of the dashboard and player. Inputs (including passwords and email fields) are masked, so a replay shows interaction but not what you typed.
PostHog uses an anonymous identifier kept across visits. Once you sign in, it is linked to your account id (not your email) so we can analyze funnels across sign-ups.
PostHog requests are proxied through our own domain (suggest.app/echo/*) so the traffic appears first-party.
Advertising and conversion measurement
When you visit suggest.app, we load advertising pixels from Meta (Facebook/Instagram) and TikTok. These pixels record pageviews and conversion events (such as completing onboarding or upgrading to a paid plan), so we can measure whether ads on those platforms lead to signups and optimize future ad spend.
For paid-plan conversions, we also send a server-side event from our backend to Meta's Conversions API and TikTok's Events API. These server events include a hashed (one-way) copy of your email address and a hashed user identifier, the plan amount and currency, and a unique event id. The plaintext email and account id never leave our servers.
You can limit this tracking via your browser's privacy settings, or via Meta's and TikTok's own ad preference pages.
AI services
We use AI providers to generate scripts and audio.
We do not send your email (or other account identifiers) to AI providers.
We may send your first name (because it can be spoken in the audio), your goals, your personality quiz answers, and your listening settings, as needed to generate your output.
Payments
Paid plans are processed by Stripe. Stripe handles your payment details directly; we don't store full card numbers on our servers.
How we use your data
We use your data to:
- Provide the service (sign-in, generation, storage, playback)
- Keep the service reliable and secure (abuse prevention, debugging)
- Send essential service emails (sign-in links, billing notices, important updates)
Service providers
We share data only with the companies below, and only as needed to run Suggest:
| Provider | Purpose |
|---|---|
| Cloudflare | Hosting, CDN, edge compute, database, object storage |
| Stripe | Payment processing for paid plans |
| Resend | Transactional email (sign-in links, billing notices) |
| Sign-in (only when you choose Google sign-in) | |
| OpenAI | Script generation (receives your first name, goals, and quiz answers) |
| Azure (Microsoft) | Text-to-speech (Neural TTS) |
| PostHog | Product analytics, session replay |
| Meta | Advertising measurement (pixel + Conversions API) |
| TikTok | Advertising measurement (pixel + Events API) |
We do not sell your personal data.
Retention
We keep data for as long as needed to provide the service and meet legal, security, or accounting requirements. You can request deletion.
Your choices
You can:
- Request access, correction, export, or deletion by emailing [email protected]
- Control cookies in your browser
- Use ad settings/opt-outs offered by advertising platforms (where available)
Security
We use reasonable safeguards to protect your data, but no system is 100% secure.
Updates
If we change this policy, we'll update the date above and post the new version.