Privacy Policy

WooSee Limited ("we", "us", "our") operates Consensable.com. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. What We Collect

Account data: When you register, we collect your email address and a hashed copy of your password (or, if you use social login, your name and email from the OAuth provider).

Query data: For each synthesis query submitted by a logged-in user, we store your question text, the AI-generated response, the models used, tokens consumed, and estimated cost. This data is retained until you delete your account. Guest queries are stored for session display only and are not linked to any account. For all queries, we also log a one-way hash of the question alongside usage metrics for internal analytics.

Technical data: Standard server logs including IP addresses and browser user-agent strings, retained for up to 30 days for security and debugging.

2. How We Use Your Data

• Account management — to authenticate you and maintain your account (legal basis: contract performance).
• Usage accounting — to track token consumption and associated costs (legal basis: legitimate interests).
• Security — to detect abuse and protect the service (legal basis: legitimate interests).
• Legal compliance — to comply with applicable laws (legal basis: legal obligation).

3. Third-Party Processors

Your query content is transmitted to the following third parties to generate AI responses. By using Consensable, you acknowledge this processing:

• AI model providers — your query is sent to one or more AI model providers depending on the models selected. Providers are accessed via OpenRouter (openrouter.ai) and via direct APIs; they currently include Anthropic, OpenAI, Google, Amazon, and Perplexity. Each provider's own privacy policy governs their processing.
• Stripe — payment processing for subscriptions and top-up purchases. Stripe receives your payment details and billing information. Stripe's privacy policy governs their processing.
• Amazon Web Services (eu-west-2 region) — provides our hosting infrastructure, parameter storage, email delivery (SES), and machine translation (Translate).
• Google / Apple / Facebook — if you use social sign-in, these providers authenticate you and share your name and email with us. Their respective privacy policies apply.

4. Data Retention

• Account data: retained until you delete your account.
• Query data (questions, responses): retained until you delete your account. Guest queries are not persisted beyond the session.
• Usage logs (anonymised metrics): retained for 12 months, then automatically deleted.
• Server logs: retained for 30 days.
• After account deletion, all personal data is erased within 30 days except where we are required to retain it by law.

5. Cookies & Browser Storage

Consensable does not use tracking or advertising cookies. We use browser localStorage — a similar technology to cookies — to store items that are strictly necessary for the service to function.

Name	Type	Purpose	Duration
cns_token	Essential	Your signed authentication token (JWT). Keeps you signed in between visits; expires server-side after 30 days.	Until sign-out
cns_ui_lang	Essential	Your preferred display language.	Until storage is cleared
Preference storage	Essential	cns_plan, cns_pref_mode, cns_pref_visibility, cns_model_config — your plan tier, default synthesis mode, visibility preference, and model configuration.	Until sign-out or storage is cleared
Session state	Essential	cns_ref temporarily holds a referral code until registration is complete. cns_guest_count tracks guest query count locally and is never sent to our servers.	Until registration or storage is cleared

All stored items are strictly necessary and do not require consent under the UK Privacy and Electronic Communications Regulations (PECR).

Third-party scripts: If you use social sign-in (Google, Facebook, or Apple), the respective provider's authentication script is loaded and may set its own cookies governed by that provider's privacy policy. These scripts are only loaded if you attempt social sign-in; email/password sign-in loads no third-party scripts.

You can clear localStorage at any time by signing out, or via your browser's privacy or site data settings.

6. International Transfers

Some of our third-party processors (including OpenRouter and AI model providers such as Anthropic, OpenAI, Google, and Meta) may process data outside the UK/EEA. Where this occurs, we rely on standard contractual clauses or adequacy decisions as the legal transfer mechanism.

7. Your Rights

Under UK GDPR, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — delete your account and associated data (available directly in Account settings).
• Restriction — restrict processing in certain circumstances (e.g. while contesting accuracy or pending an objection). Contact us to request this; we will apply it manually within 30 days.
• Data portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests. Email us to submit a formal objection; we will record it and respond within 30 days.

To exercise any right, email solo@woosee.pro. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.

8. Security

Passwords are hashed using bcrypt with a cost factor of 12. All connections are encrypted via TLS. We review our security practices regularly.

9. Children

Consensable is not intended for use by persons under the age of 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via the service or by email. Continued use after changes constitutes acceptance.