MI - am I? logo

Privacy Policy

Effective May 18, 2026

These Conversations Matter (“we,” “us,” “our”) operates the website at www.theseconversationsmatter.com and the MI - am I? Practice Studio (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service, you agree to this Policy.

1. Who we are

The Service is operated by Susanne Thomas. For any privacy question or to exercise a right described below, contact susanne.thomas.mi@gmail.com.

2. Information we collect

We collect only the information needed to operate and improve the Service.

  • Account information. If you sign in, we collect your email address through Supabase Auth (magic link or Google OAuth).
  • Practice session data. Conversations you create in the Practice Studio, including the scenario, your messages, and AI responses, are stored to power the Service.
  • MITI coding submissions. When you submit a transcript for MITI coding, we collect your name, email, transcript content, and any details you provide.
  • Payment information. Payments are currently processed by PayPal or Zelle. We retain transaction metadata you submit to help match payments to service requests (amount, status, reference codes).
  • Analytics. With your consent, we use PostHog to collect aggregate usage data (pages viewed, features used, anonymized session events). Input fields are masked in any session replay.
  • Technical data. Server logs include IP address, user agent, and request timestamps. We use Upstash Redis for rate limiting; only hashed keys are stored.

3. How we use information

  • To provide and operate the Service.
  • To process payments and fulfill MITI coding requests.
  • To send transactional emails (e.g., sign-in links, submission confirmations).
  • To monitor security, prevent abuse, and enforce rate limits.
  • To improve the Service through aggregate analytics (only with consent).
  • To comply with legal obligations.

4. Legal bases (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following legal bases: performance of a contract (Service delivery, payments), legitimate interests (security, abuse prevention, product improvement), consent (analytics cookies, marketing emails where applicable), and legal obligation.

5. Sub-processors and third parties

We share data with the following sub-processors solely to operate the Service:

  • Supabase — authentication and database hosting.
  • Vercel — application hosting and edge network.
  • Anthropic — AI model that powers Practice Studio conversations. Your messages are sent to Anthropic to generate responses.
  • PostHog — product analytics (only with consent).
  • PayPal, Zelle — payment processing.
  • Resend — transactional email delivery.
  • Upstash — Redis for rate limiting.
  • Sanity — content management.

We do not sell your personal information. We do not share it with advertisers or data brokers.

6. International transfers

Our sub-processors are based primarily in the United States. If you are outside the United States, your data will be transferred to and processed in the United States or other countries. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

7. Data retention

  • Account data: kept while your account is active and for up to 12 months after closure.
  • Practice session transcripts: kept while your account is active; you may request deletion at any time.
  • MITI submissions: kept for up to 24 months for service and audit purposes.
  • Payment records: kept for at least 7 years to meet tax and accounting obligations.
  • Server logs: kept for up to 30 days.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, port, restrict, or object to our processing of your personal data, and to withdraw consent at any time. EU/UK residents may lodge a complaint with their local supervisory authority. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising).

To exercise any right, email susanne.thomas.mi@gmail.com. We respond within 30 days.

9. Cookies

We use strictly necessary cookies (sign-in, security) and, with your consent, analytics cookies. See our Cookie Policy for details and consent controls.

10. Security

We use TLS in transit, encryption at rest for sensitive credentials (including the Anthropic API key via pgcrypto), hashed administrative session cookies, and Upstash-backed rate limiting. No system is perfectly secure; you use the Service at your own risk.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated effective date. Continued use of the Service after an update constitutes acceptance of the revised Policy.

13. Contact

Questions about this Policy: susanne.thomas.mi@gmail.com.