Privacy Policy

Account data

When you create a SharpenedEye account, we collect your email address, a hashed password (never stored in plaintext), and an optional display name. This information is stored in our PostgreSQL database on Railway.

Billing data

If you subscribe to a paid plan, your payment details are processed by Stripe. SharpenedEye never stores your full card number, CVV, or bank account details. We receive a Stripe customer identifier, subscription status, and billing history.

Recording session metadata

When you create a recording session, we store metadata: session title, creation date, duration, stream configuration, sync accuracy measurements (Δt₀, drift metrics), upload status, and sharing configuration. We do not process the audio or video content of your recordings.

Usage analytics

We collect anonymised usage events — feature interactions, session counts, export format usage — through our self-hosted analytics pipeline (ClickHouse on Railway). These events are not linked to individual identifiable users in our analytics store. We do not use third-party analytics platforms such as Google Analytics or Mixpanel.

Error and performance telemetry

The desktop application reports error events and performance metrics (recording duration, encoder type, sync accuracy) to our internal observability system, NurseAndrea. These reports include a session identifier but no personally identifiable information beyond what is necessary to diagnose the issue.

We use collected data for the following purposes:

• Service delivery — to authenticate you, store your sessions, process uploads, generate shareable links, and send notifications about session processing.
• Billing and subscriptions — to manage your subscription tier, process payments via Stripe, and send invoices via email.
• Product improvement — anonymised analytics inform decisions about which features to build, fix, or remove.
• Security and abuse prevention — to detect unusual account activity and prevent abuse of the platform.
• Legal compliance — to meet our obligations under applicable data protection law.

We do not sell your data to third parties. We do not use your recording content to train machine learning models. We do not share your personal data with advertisers.

SharpenedEye uses the following sub-processors to deliver the service. Each is bound by a data processing agreement.

• Railway — cloud infrastructure provider hosting our web application, databases, and worker services. Data is processed in the United States. Railway Privacy Policy
• Cloudflare — CDN, object storage (R2), and edge security. Video files uploaded to SharpenedEye are stored in Cloudflare R2. Cloudflare Privacy Policy
• Stripe — payment processing. Your payment data is governed by Stripe's privacy policy. Stripe Privacy Policy
• Knock — notification delivery infrastructure. Used to send in-app and email notifications about session processing events. Knock Privacy Policy
• Postmark — transactional email delivery (via Knock). Used to deliver processing-complete and billing notifications. Postmark Privacy Policy

Depending on your location, you may have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate personal data.
• Erasure — request deletion of your personal data. See our Data Deletion Policy for details.
• Restriction — request that we restrict processing of your data in certain circumstances.
• Portability — request your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@sharpenedeye.io. We will respond within 30 days.

We retain your data for the following periods:

• Account data — retained until you delete your account, then anonymised within 30 days.
• Session metadata — retained for the duration of your subscription, then deleted within 30 days of account closure.
• Video files (Cloudflare R2) — retained according to your plan limits. Signal tier sessions expire after 30 days. Focus, Clarity, and Studio sessions are retained indefinitely while your subscription is active.
• Billing records — retained for 7 years to comply with financial regulations, even after account closure.
• Error telemetry — retained for 90 days in our observability system, then deleted.
• Analytics — anonymised usage data may be retained indefinitely as it cannot be linked to an individual.

We take security seriously and apply the following measures:

• All data in transit is encrypted using TLS 1.3.
• Passwords are hashed with bcrypt before storage.
• Video files in Cloudflare R2 are accessible only via time-limited signed URLs.
• We run automated dependency vulnerability scans (Brakeman, bundler-audit, npm audit) on every code change.
• TruffleHog secret scanning is part of our CI pipeline.
• Access to production systems is restricted to the development team via hardware-key authentication.

SharpenedEye is not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@sharpenedeye.io and we will delete the data promptly.

For all privacy-related enquiries:

• Email: privacy@sharpenedeye.io
• Response time: We aim to respond within 5 business days and no later than 30 days.
• Data deletion requests: See our Data Deletion Policy.

This Privacy Policy may be updated periodically. Material changes will be notified via email to registered users. The effective date at the top of this page reflects the date of the most recent update.