WinnerScript

Privacy Notice (Draft)

This is a product-level privacy summary for the MVP phase. Final legal text will be reviewed by a privacy lawyer before production release. The principles below are already enforced in the platform.

Core Principle

Your data is your property. We process it to generate your reports. We do not sell it, trade it, or use it for purposes you haven't consented to.

What We Collect

• Account data: Email address and authentication credentials (managed by Kinde, EU data residency).
• Questionnaire responses: Your answers to the instinct assessment (psychometric data - GDPR Article 9 Special Category).
• Computed scores: Numerical instinct scores, element flows, R.I.F.T. flags - derived deterministically from your responses.
• Generated reports: AI-generated narrative essays (Loser Script, WinnerScript, depth tiles).
• Consent records: Timestamped records of which consent layers you accepted or declined.
• Payment data: Processed by Stripe. We do not store card numbers.
• Analytics (optional): Anonymous page-view events via Google Analytics 4, only if you consent.

How We Use It

• Generate your personalized reports (Loser Script, WinnerScript, depth tiles).
• Detect R.I.F.T. patterns and flow phase analysis.
• Improve the assessment algorithm (aggregated, anonymized data only, with your consent).
• Send transactional emails (report ready, purchase confirmation).
• Marketing emails only if you explicitly opt in (consent layer 5).

AI Processing

AI (Claude Opus) generates your narrative reports. The AI receives only your numerical scores and R.I.F.T. flags - never your name, email, or any directly identifying information. No PII enters the AI pipeline. Every report includes a Maybe Logic reminder as a built-in humility mechanism.

Consent Model

Before the questionnaire starts, you choose what to consent to across 5 layers:

1. Essential processing (required) - scoring and report generation.
2. Data storage (required) - keeping your results for your access.
3. Terms acceptance (required) - agreeing to the terms of use.
4. Analytics (optional) - anonymous usage data to improve the product.
5. Marketing (optional) - occasional emails about new tiles and features.

Required layers are the minimum for the service to function. Optional layers can be declined without affecting your access to reports.

Your Rights (GDPR)

• Access (Article 15): Request a copy of all data we hold about you.
• Erasure (Article 17): Request deletion of your account and all associated data.
• Portability (Article 20): Export your data in a machine-readable format (JSON).
• Restriction (Article 18): Request that we stop processing your data while a concern is resolved.
• Object to automated decisions (Article 22): Request human review of any automated profiling.

To exercise any right, email hello@winnerscript.ai with "Data Request" in the subject. We respond within 30 days.

Data Retention

Your data is retained as long as your account is active. If you delete your account, all personal data is removed within 30 days. Anonymized, aggregated statistics may be retained for research purposes.

Third Parties

• Kinde - authentication (EU data residency).
• Anthropic (Claude) - AI report generation (no PII transmitted).
• Stripe - payment processing.
• Google Cloud - infrastructure hosting (europe-central2 region).
• Cloudflare - CDN and DDoS protection for the marketing site.
• Sentry - error monitoring (anonymized).

Security

Three-layer encryption: in transit (TLS), at rest (GCP managed encryption), and application-level for sensitive psychometric data (GCP KMS). Crypto-shredding is used on account deletion to ensure data is irrecoverable.

Minimum Age

WinnerScript is available to users aged 18 and older. We do not knowingly collect data from minors.

Changes

This notice will be updated as the platform evolves. Material changes will be communicated via email to registered users.

Back to Landing