privacy policy

last updated: june 8, 2026

who we are

mrrsucks.com is operated by Victor Grandchamp. this policy explains how we collect, use, and protect your data.

what we collect

• email address — provided during checkout via Polar.sh, used for account creation and transactional emails.
• revenue API keys — your Stripe restricted key or Polar Org Access Token. encrypted at rest (AES-256-GCM), never stored in plaintext, used exclusively server-side.
• push subscription — browser push notification endpoint for daily roasts.
• revenue data — daily snapshots synced from your provider to generate roasts.
• project metadata — name, slug, logo, mood, timezone, delivery hour.

what we do NOT collect

• no tracking cookies or advertising
• no analytics tools (no GA, no Mixpanel)
• no IP address collection beyond infrastructure logs

how we use your data

• sync revenue to generate daily roasts
• display your public project page
• send push notifications at your chosen time
• send transactional emails (expiration reminders)

payment processing

payments are processed by Polar.sh (Merchant of Record). Polar handles all payment info, sales tax, and billing. we never see your credit card. see Polar's privacy policy.

data storage

• data stored in Supabase (PostgreSQL) with Row Level Security
• API keys encrypted with AES-256-GCM
• keys never leave the server

third-party services

• Polar.sh — payment processing
• Supabase — database and storage
• Vercel — hosting
• Anthropic (Claude API) — roast generation (no training on user data)

your rights (GDPR)

EU users can access, correct, delete, or export their data. email contact@mrrsucks.com. we respond within 30 days.

contact

contact@mrrsucks.com