What we collect,
and what we don't.
The formal version. Short summary: we process your text in-memory and discard it, we don't train on it, we don't sell it, we log anonymised metadata for 30 days, we don't set tracking cookies.
This is the full privacy policy for humanise.ai. If you want the short version: we process the text you paste in-memory to generate a rewrite, we don't train on it, we don't sell it, and we log minimal anonymised request metadata for 30 days.
humanise.ai (also styled "HumaniseAI", collectively "we", "us", "our") operates the service at humaniseai.ai (the "Service"). This policy explains what personal data we collect when you use the Service, why we collect it, how we use and share it, and the rights you have over your data.
By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.
1. What we collect
1.1 Text you submit to the humaniser
When you paste text into the humaniser, that text is transmitted to our edge Worker and to our upstream AI provider (Anthropic, PBC) for the sole purpose of producing a rewritten version and returning it to you. We do not use submitted text to train models. We do not sell submissions. We do not share them with advertisers.
- Free tier (current default): submitted text is not logged to persistent storage. It exists in memory only during the request and is discarded at response end.
- Paid tiers (if offered in future): submitted text may be retained for up to 30 days in short-term logs for abuse prevention, billing, and debugging purposes, then hard-deleted. You can request earlier deletion at any time.
1.2 Account data
If you register an account, we store your email address, a hashed password (never the plaintext), the plan tier you hold, and your payment processor customer ID. We do not store card numbers. If you log in with a third-party provider, we store your provider user ID and the email address it returns.
1.3 Usage and diagnostic data
We collect minimal diagnostic data automatically: request timestamp, IP address (truncated to /24 after 14 days), HTTP status, user-agent string, country (derived from the edge at request time, then the full IP is truncated), and endpoint path. We do not use cookies or browser fingerprinting for tracking.
1.4 Payment data
If and when we introduce paid plans, payments will be processed by a regulated payment service provider (Stripe or Paddle). We will receive only the billing email, the last four digits of the card, the country, and the subscription status. Full card details are handled by the payment processor and never reach our servers.
2. Why we collect it — lawful basis
| Purpose | Legal basis (GDPR / UK-GDPR) | Data used |
|---|---|---|
| Providing the humaniser service | Contract / legitimate interests (free tier) | Submitted text, request metadata |
| Billing and account management | Contract | Account info, payment metadata |
| Abuse prevention and security | Legitimate interests | Truncated IP, usage logs, request metadata |
| Customer support | Contract / legitimate interests | Email, issue description, logs |
| Transactional emails (e.g., receipts) | Contract | Email address |
| Marketing emails (opt-in only) | Consent | Email, marketing preferences |
| Legal compliance | Legal obligation | As required by applicable law |
3. Who we share it with
We share personal data only with the following categories of third-party processors, each under a written Data Processing Agreement:
- Anthropic, PBC — processes submitted text solely to return a rewritten response. Anthropic's data policy: anthropic.com/legal/privacy.
- Cloudflare, Inc. — hosts and delivers the Service. Cloudflare may process IP addresses and request metadata for security and routing.
- Payment processor (Stripe or Paddle, when paid plans launch) — processes payments. Receives only the data needed to charge you.
- Email provider — delivers transactional email.
- Privacy-preserving analytics, if enabled — receives anonymised, aggregated usage data only.
We do not sell personal data. We do not share personal data with advertisers.
4. International transfers
Our servers sit on Cloudflare's global edge network; requests are processed in the region closest to you. Where personal data is transferred out of the UK or EEA — for example, when Anthropic processes text on U.S. infrastructure — we rely on the UK International Data Transfer Agreement (IDTA) and/or the EU Standard Contractual Clauses with each recipient.
5. Your rights
Depending on where you live, you have some or all of the following rights. We will respond to any verified request within 30 days.
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate data.
- Deletion — ask us to delete your account and associated data (we may retain limited records for legal or billing reasons).
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Restriction — ask us to suspend processing while a dispute is resolved.
- Withdrawal of consent — where processing relies on consent, withdraw it at any time.
- Complaint — lodge a complaint with your local data protection authority. In the UK, that's the Information Commissioner's Office (ico.org.uk). In the EU, your national DPA. In California, the California Privacy Protection Agency.
To exercise any of these rights, email privacy@humaniseai.ai. We may ask you to verify your identity before we act on a request about an account.
6. California-specific rights (CCPA / CPRA)
California residents have the additional right to know the categories and specific pieces of personal information collected, the purposes of collection, and the categories of third parties with whom we share. You also have the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined in the CCPA.
7. Retention schedule
| Data category | Retention period |
|---|---|
| Free-tier submitted text | Not persisted beyond the request |
| Paid-tier submitted text (short-term logs, future) | 30 days, then hard deletion |
| Account data | For the life of the account; deleted within 30 days of account closure |
| Billing records | 7 years after the last transaction (statutory) |
| Security logs (truncated IP, metadata) | 12 months |
| Support tickets | 3 years after last interaction |
8. Children
The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, email privacy@humaniseai.ai and we will delete it.
9. Security
We protect personal data with industry-standard controls: TLS for all traffic, encrypted storage at rest, role-based access, hashed passwords, and independent audits of our payment processor when paid plans are introduced. No system is perfectly secure; we will notify you and the relevant authority of any qualifying breach without undue delay. See Security for our vulnerability disclosure programme and infrastructure detail.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified by email (if you hold an account) at least 30 days before taking effect. A dated changelog appears at the bottom of this page. The current version is always the one published at humaniseai.ai/privacy.
11. Contact
Privacy questions or rights requests: privacy@humaniseai.ai
General support: hello@humaniseai.ai
Effective 21 April 2026 · Last reviewed 2026-04-21 · Governed by the laws of England and Wales.