Privacy Policy

Effective Date: April 9, 2026 Last Updated: April 9, 2026

This Privacy Policy describes how [LEGAL_ENTITY_NAME] ("we," "us," or "our") collects, uses, and shares information when you use the Meeting Cost Calculator at https://thatmeetingcost.com (the "Service").

1. Introduction

We built Meeting Cost Calculator to be a useful, privacy-respecting tool. The core calculator runs entirely in your browser — no data about your meeting participants, their salaries, or the meetings themselves is ever sent to our servers. This policy explains exactly what we do collect, why, and what your rights are.

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

Account and billing information. If you subscribe to a paid plan (Pro or Team), we collect your email address and process payment through Stripe. We receive a Stripe customer ID and subscription details from Stripe but do not receive or store your full payment card number. AI email generation content. When you use the "Generate Email" feature, you may provide a meeting description or context. This text is sent to Anthropic's Claude API to generate a draft email. We do not persistently store the specific content of these requests beyond what is necessary to fulfill the request and enforce daily usage limits. Communications. If you contact us at hello@thatmeetingcost.com, we retain the content of that correspondence.

2.2 Information Collected Automatically

Usage data. We track aggregate daily usage counts per account to enforce free-tier limits (3 AI email drafts per day). This is tied to your account identifier if you are logged in, or to a server-side session if you are not. Server logs. Our backend API server (hosted on a home server in the United States via Cloudflare Tunnel) receives standard HTTP request logs, including IP addresses, request timestamps, and request paths. These logs are used for security monitoring and debugging and are not used for advertising. Browser storage. The Service uses `localStorage` (not cookies) to remember first-visit state and your in-browser preferences (such as whether you have dismissed an informational banner). This data is stored only in your browser and is never transmitted to our servers.

2.3 Information from Third Parties

Stripe. When you complete a purchase, Stripe processes your payment and provides us with a customer ID, subscription ID, subscription period end date, and subscription status. Stripe's own Privacy Policy governs Stripe's handling of your payment data. Anthropic. When you generate an AI email draft, the text you provide is sent to Anthropic's API. Anthropic's Privacy Policy governs their handling of that data. We do not sell or share your content with Anthropic beyond what is needed to provide the feature.

3. How We Use Your Information

We use the information we collect to:

Provide and operate the Service, including processing your subscription, enforcing free-tier usage limits, and delivering AI-generated email drafts.
Manage your account, including sending transactional emails about your subscription (receipts, renewal notices, payment failures). We do not send marketing emails without your explicit consent.
Maintain security and prevent abuse, including detecting and blocking fraudulent activity, prompt injection attacks, or misuse of the AI features.
Improve the Service, using aggregate, non-identifiable usage patterns. We do not currently run behavioral analytics.
Comply with legal obligations, including tax record-keeping, responding to lawful requests from government authorities, and enforcing our Terms of Service.

We do not use your information to serve advertising. We do not build advertising profiles.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Third Party	Purpose	Their Privacy Policy
Stripe	Payment processing, subscription management	stripe.com/privacy
Anthropic	AI email draft generation (Claude Haiku API)	anthropic.com/privacy
Vercel	Frontend hosting and global content delivery	vercel.com/legal/privacy-policy
Cloudflare	Backend API edge networking and tunnel (routes traffic from api.thatmeetingcost.com to our server)	cloudflare.com/privacypolicy

Legal disclosures. We may disclose your information if required by law, regulation, or valid legal process (such as a subpoena or court order), or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others. Business transfers. If [LEGAL_ENTITY_NAME] is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a materially different privacy policy.

We do not share your information with any other third parties.

5. Data Retention

Data Type	Retention Period
Account information (email, Stripe IDs)	Retained while your account is active, plus 90 days after account deletion to allow for billing disputes, then deleted
Daily usage counts	Reset daily; logs purged after 30 days
Server access logs	Purged after 90 days
AI email generation request content	Not persistently stored beyond the duration of the API call
Browser localStorage data	Retained in your browser until you clear it; we have no server-side copy
Support correspondence	Retained for 2 years, then deleted
Stripe payment records	Retained as required by applicable tax and financial regulations (typically 7 years)

You may request deletion of your account and associated data at any time by emailing hello@thatmeetingcost.com. See Section 6 for details.

6. Your Rights

6.1 Rights for All Users

Regardless of where you are located, you have the right to:

Access the personal information we hold about you.
Correct inaccurate personal information.
Delete your account and associated personal information (subject to our legal retention obligations).
Data portability — receive a machine-readable copy of your data.

To exercise any of these rights, email us at hello@thatmeetingcost.com with the subject line "Privacy Request." We will respond within 30 days.

6.2 GDPR Rights (EEA, UK, and Switzerland Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR:

Right to restrict processing — request that we limit how we use your data in certain circumstances.
Right to object — object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent — where we rely on consent as the legal basis for processing, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint — you may file a complaint with your local data protection authority (e.g., the ICO in the UK).

Our legal bases for processing personal data under GDPR are:

Contract performance — processing your email and subscription data to provide the paid Service.
Legitimate interests — server security logging, abuse prevention.
Legal obligation — tax and financial record-keeping.

6.3 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know — request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business or commercial purpose for collection, and the categories of third parties with whom we share information.
Right to Delete — request deletion of personal information we have collected, subject to certain exceptions.
Right to Correct — request correction of inaccurate personal information.
Right to Data Portability — receive a copy of your personal information in a portable format.
Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of, but you have this right.
Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information beyond what is necessary to provide the Service.
Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.

To submit a CCPA/CPRA request, email hello@thatmeetingcost.com. We will verify your identity before processing the request. We do not accept requests through any other channel at this time.

7. Cookies and Similar Technologies

We do not use tracking cookies or third-party advertising cookies.

The Service uses browser `localStorage` (not HTTP cookies) to save first-visit state and your preferences locally on your device. This data is never transmitted to our servers.

During the Stripe Checkout payment flow, Stripe may set cookies necessary to process your payment securely. These cookies are set by Stripe, governed by Stripe's Privacy Policy, and are only active during the checkout session.

If we introduce analytics in the future, we will update this policy and, where required by law, obtain your consent.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at hello@thatmeetingcost.com and we will promptly delete it.

We do not have actual knowledge that we sell or share personal information of minors under 16.

9. International Data Transfers

The Service is hosted in the United States. Specifically:

Our frontend is served via Vercel's global edge network (US-based company).
Our backend API runs on a home server located in the United States, accessed through a Cloudflare Tunnel.
Our database is located on that US-based server.
AI email generation requests are processed by Anthropic, a US-based company.
Payment data is processed by Stripe, a US-based company.

If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may not have data protection laws equivalent to those in your country of residence.

For users in the EEA/UK/Switzerland: we rely on Standard Contractual Clauses (SCCs) where required, through our service providers (Stripe, Anthropic, Vercel, Cloudflare), each of which has established appropriate cross-border transfer mechanisms.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. If the changes are material, we will provide additional notice — such as an in-app notification or an email to subscribers.

Your continued use of the Service after any change constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us at:

[LEGAL_ENTITY_NAME]

Email: hello@thatmeetingcost.com

We aim to respond to all privacy inquiries within 30 days.