wrong. privacy

last updated 2026-05-09

Privacy Policy

This policy explains what wrong.jrand.net collects, how it is used, and the choices you have. wrong. is a WebLab LLC product. WebLab LLC, a Tennessee limited liability company, is the data controller.

1. What we collect

Account data

Email address. Used for magic-link login and account-related messages only. We do not send marketing email without a separate opt-in.

Submission content

The argument text you paste, and the extracted text content of files you upload (.pdf, .docx, .txt). Uploaded files themselves are not retained after extraction.

Technical data

IP address, used for rate limiting and security; stored hashed against your session. User-Agent string, also hashed against your session. We do not log or retain raw IPs against accounts.

Payment data

Stripe customer ID and payment event metadata. Stripe handles all card data directly. We never see, store, or have access to card numbers, CVVs, or full payment instruments.

2. How submissions are processed

Submitted text is sent to Anthropic for critique generation, on the API path that does not train on customer data. Anthropic processes the text under its own data terms. We do not send your email or other identifying account data with the request.

Generated output is stored in our database alongside your submission so you can re-open the verdict.

3. Retention

Account data and submissions are retained for the lifetime of the account.

When you request account deletion, we run a 30-day soft delete. During soft delete: your email and any other personally identifiable fields are zeroed; submissions you marked public are kept on the Wall of Wrong with user_id set to NULL; private submissions are queued for purge. After 30 days, all remaining personal data tied to your account is hard-purged via cron. Stripe-side records are retained per Stripe's policy for tax and dispute purposes.

4. Sharing

We do not sell, rent, or trade your data. We do not use third-party analytics that tie identity to behavior. We do not embed third-party advertising or tracking pixels.

Stripe is the only third-party processor in the system. Stripe receives your email and Stripe customer ID for the purpose of processing payments.

We may disclose information if required by valid legal process or to protect the rights, property, or safety of WebLab LLC, our users, or the public.

5. Public Wall of Wrong

By default, submissions appear publicly at /wall. Free-tier submissions are always public. Paid users can mark individual submissions private and set a global default of private for future submissions. Public cards never display your email or any account identifier; only the verdict, score, and submission text are shown.

Do not submit content you would not want associated with a public verdict. Private toggles apply going forward; submissions already marked public can be flipped to private by paid users at any time, but cached copies and OG images may take time to clear.

6. Cookies

We use two cookies, both first-party, both required for the service to function:

  • wrong_sid: session authentication. HttpOnly, Secure, SameSite=Lax. 60-day sliding expiry.
  • wrong_csrf: cross-site request forgery protection. Read by the browser to attach to credit-deducting requests.

We do not use analytics cookies, advertising cookies, or any third-party cookies.

7. Your rights

You can request a copy of the data tied to your account, ask us to correct an inaccuracy, or delete your account. Email jace@jrand.com from the address on file. Export and deletion are handled manually, typically within seven days.

Depending on your jurisdiction, you may have additional rights under local law. Email us if you want to exercise them.

8. Children

The service is not intended for use by anyone under 13 years of age. We do not knowingly collect data from children under 13. If you believe a child has registered, email jace@jrand.com and we will delete the account.

9. International users

The service is operated from the United States. By using it, you consent to the transfer and processing of your data in the United States, including by Anthropic and Stripe. We do not currently offer a regional data residency option.

10. Security

We use HTTPS for all traffic, server-side sessions with HttpOnly cookies, hashed authentication tokens, and a least-privilege architecture for our database. No system is perfect; you accept the residual risk of using an internet service.

11. Changes

WebLab LLC may update this policy. Material changes are announced 30 days in advance via email to the address on file for registered users. Continued use after the effective date constitutes acceptance.

12. Contact

Privacy questions, data access requests, deletion requests: jace@jrand.com.