Privacy Policy

Comms is operated by 100k31d LLC. This policy explains how we collect, use, disclose, store, and protect personal data when you use our Service. Contact us at go@100k31d.co with any privacy questions.

We collect:

• Account data — your name, email address, profile photo, sign-in identifiers, active session metadata, and trial or plan status.
• Billing and license data — Gumroad checkout or activation status, billing email, product, sale, subscription, and recurrence identifiers, and license keys, license-key hashes, or last-four fragments used to verify paid access. We do not store payment card numbers for self-serve Gumroad checkout.
• Profile preferences — your selected role, market, user context, language, retention setting, theme, format selection, and template usage preferences.
• Communication content — drafts, inbound text, uploaded images or PDFs, voice recordings for transcription, generated drafts, findings, edits, exports, and related history.
• Local device data — browser storage used for drafts, history, sign-in state, session recovery, privacy mode, preferences, first-party analytics identifiers, and free-run limits.
• Usage and technical data — page views, product events, traffic source, approximate device and browser metadata, request metadata, server logs, errors, hashed IP-derived usage-limit keys, and security or reliability diagnostics.

If you do not provide required account, profile, or communication data, parts of the Service may not work.

We use your data to:

• Operate, secure, maintain, and improve the Service.
• Process communications through AI models for drafting, review, transcription, extraction, contextual research, and claim or legal-risk signals.
• Manage accounts, trials, paid access, support, and service notices.
• Remember your settings and recover drafts or sessions on your device.
• Prevent abuse, enforce limits, debug errors, and comply with legal obligations.
• Understand aggregate product usage, conversion, and feature adoption so we can improve the Service.

We do not sell your personal data to third parties or use your communications to train AI models.

Legal basis for processing.We process personal data on the following grounds under applicable law, including Thailand's Personal Data Protection Act (PDPA): performance of a contract with you (account, billing, and service delivery); legitimate interests (security, abuse prevention, debugging, and service reliability, abuse prevention, and product analytics); and your consent where you actively initiate communication content processing (drafting, review, transcription, extraction, or polishing). You may withdraw consent for communication content processing at any time by not submitting content; this does not affect prior processing.

We share data with trusted processors only as needed to deliver the Service:

• Google Firebase — authentication, account records, active-session state, Firestore data storage, and session/event records used for first-party product analytics.
• Google Analytics — page views, traffic source, device and browser metadata, first-party identifiers, user ID after sign-in, and product usage events used to understand and improve the Service. We do not send communication content, payment card numbers, or license keys to Google Analytics.
• Anthropic — drafting, review, polishing, image/PDF text extraction, and analysis using Claude models.
• Google Gemini — contextual research, legal-risk checks, and claim verification with Google Search grounding.
• OpenAI — audio transcription when you use voice dictation.
• Gumroad — self-serve checkout, license verification, subscription status, billing email, receipts, and purchase records.
• Cloudflare Workers — license activation and subscription-sync infrastructure where configured.
• Netlify — hosting, serverless functions, security, logs, and delivery of the web app.

These providers may process data outside your country. Each processor is bound by its own data processing terms and applicable privacy laws. AI processors process communication content only for the requested feature and do not use your communications to train their models.

Google Analytics is a separate Google service used with Firebase. Google Analytics may use first-party cookies or similar identifiers to report interactions with the Service. We configure analytics for product measurement, not advertising personalization.

In Settings, you can choose whether communication history is automatically cleaned up after 24 hours, 7 days, 30 days, or never. Cloud Mode stores communication content in Firebase so it can sync across devices. Private mode keeps saved communication history content on your device and syncs only minimal communication metadata to Firebase, such as IDs, dates, format labels, storage mode, and deletion state. Local Mode is enabled by default unless you turn it off. Private mode controls saved history storage; it does not stop the Service from sending communication content to the relevant AI processor when you ask the Service to draft, review, transcribe, extract, or polish it, and it does not disable first-party product analytics, security logs, or abuse-prevention records. AI processors do not use your communications to train their models.

When you delete a communication or an auto-delete window expires, the Service removes the communication content from normal use and may keep a minimal technical tombstone, such as the communication ID, dates, storage mode, and deletion time, to keep devices in sync and prevent deleted items from reappearing. Browser storage remains on your device until you clear it, sign out, or the app removes it.

You may request account deletion by contacting us. We will delete or anonymize personal data unless we need to retain limited records for security, dispute resolution, legal compliance, or legitimate business administration.

We apply reasonable security measures including encrypted connections (TLS), Firebase access controls, provider security controls, local privacy options, and periodic review of our systems. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Depending on where you live, you may have the right to access, correct, delete, restrict, object to, withdraw consent for, or request portability of your personal data. You may also have the right to complain to a data protection authority — in Thailand, the Personal Data Protection Committee (PDPC). To exercise these rights, contact go@100k31d.co. We will respond within 30 days unless applicable law permits a longer period.

We use functional cookies, local storage, session storage, IndexedDB, and browser cache to keep you signed in, save drafts and history, remember preferences, support offline or installable app behavior, recover sessions, collect first-party usage analytics, attribute traffic sources, and enforce limited free use. Google Analytics may set first-party analytics cookies or identifiers. We do not use advertising cookies, sell personal data, or use your communications for AI training.

The Service is intended for users 18 years of age and older. We do not knowingly collect data from children.

We may update this policy from time to time. We will notify you of material changes via email or in-app notice. Continued use after notice constitutes acceptance.

Questions about this policy or your personal data? go@100k31d.co