Legal

Privacy Policy

Last updated: April 19, 2026

Summary

We collect only what we need to deliver your purchase and let you come back to it. We never sell your data. Payment details are handled by Stripe — they never touch our servers. You can delete your account and data at any time by emailing us.

1. What we collect

  • Account data: email address, plan/subscription status, the skills you've viewed (for your dashboard and recommendations).
  • Purchase data: the tier you bought, the answers you provide during intake (e.g., company name, industry, workflows), and Stripe-generated identifiers for your payment. We do not see or store card numbers.
  • Skill content you upload: if you use Eval, the skill text you paste is processed by Claude to generate your SkillIndex report and is retained for 30 days to let you revisit the report.
  • Operational telemetry: IP address, user-agent, and basic page analytics (which pages were visited, referring source). No third-party ad tracking.
  • Email engagement: whether our transactional emails were delivered and opened.

2. How we use it

  • To fulfill and deliver your order (skills, agent packages, research reports, custom builds).
  • To authenticate you via passwordless magic-link login.
  • To send you transactional email — confirmations, delivery links, billing receipts, and renewal notices.
  • To debug errors and improve the product. Aggregated analytics only; no individual profiling for ads.

3. Who we share it with

Only the service providers needed to run the site:

  • Stripe — payments and subscription billing.
  • Supabase — encrypted database hosting for account and order records.
  • Vercel — web hosting and edge infrastructure.
  • Resend — transactional email delivery.
  • Anthropic (Claude) — the AI model that evaluates skills, generates research, and powers the Custom Build chat. Your intake content is processed in-transit; Anthropic's data-retention policy applies to prompts submitted to their API.

We do not sell personal data and do not share it with advertising networks or data brokers.

4. How long we keep it

  • Account records: as long as your subscription is active; 12 months after cancellation, then purged unless required for tax/legal records.
  • Eval uploads: 30 days after evaluation completes.
  • Payment records: 7 years (US tax law minimum).
  • Server logs: 90 days.

5. Your rights

You can request a copy of your data, correction of any inaccuracy, or complete deletion of your account by emailing team@easycarl.com. We respond within 7 business days. If you're in the EU/UK, the rights described under GDPR/UK-GDPR (access, rectification, erasure, portability, objection) apply. California residents have equivalent rights under CCPA/CPRA.

6. Cookies

We use essential cookies to keep you signed in (the magic-link session cookie) and a minimal analytics cookie to understand aggregate traffic. We do not use third-party advertising cookies. You can clear cookies from your browser at any time; the magic-link flow will simply ask you to re-authenticate.

7. Security

Data in transit is TLS-encrypted. Database access is restricted to server-side service roles. We never expose payment data — Stripe handles card handling under their PCI-DSS compliance scope. If we ever suffer a breach that affects you, we will notify you within 72 hours.

8. Children

Easy Carl is a B2B product not directed at children. We do not knowingly collect data from anyone under 13. If we learn we have, we delete it.

9. Changes

Material changes to this policy will be posted here with an updated "Last updated" date and emailed to active subscribers.

10. Contact

Privacy questions or data requests: team@easycarl.com.

Eval · SkillIndex

Your prompt's
probably fine.

Let me double-check for ten bucks. Drop in a prompt, skill, or agent. Get a 0–100 score in three minutes. Seven dimensions. Specific fixes.

Grade a prompt — $10What's SkillIndex? →