overview
this privacy policy applies to every product built by vøiddo — scrb (web app, browser extensions, wordpress plugin), rankd (web app, browser extensions), tells (web app, browser extensions, wordpress plugin), the free utilities at tools.voiddo.com, the in-development browser games at games.voiddo.com, and the public site you are currently reading. we operate on the principle of data minimisation, which is a long phrase for "if we do not need a piece of information to run the service for you, we do not ask for it, and we do not store it, and we do not give it to anybody else."
what we collect
we collect the basic account information you give us when you sign up: your email address, your chosen display name if you set one, and the password hash (we do not store the password in plain text and we have never asked anybody for it over the phone or email). when you use one of the paid products, we process the inputs you submit — product descriptions for scrb, the thing you want judged for rankd, the message or profile text for tells — for as long as it takes to generate a response, plus a short history we keep so you can find your earlier results. we log standard server metrics such as your ip address, your browser’s user-agent string, the route you requested, and the response code we returned; these logs are kept for security, debugging, and abuse handling.
how we use it
your data is used to provide the service you signed up for, to send transactional emails such as billing receipts and password reset links, and to debug the system when something goes wrong. it is not used to train any of our foundation models because we do not have any of our own. the third-party llm providers we route to (mainly google’s gemini api at the time of writing) operate under their own enterprise data-handling terms, which forbid them from training on customer-submitted data. we have written confirmation of this from the providers we use, and the dpa page lists the current set.
cookies
we use functional cookies to keep you logged in across page loads and to store your local preferences (theme, language, last-used tools). we do not use third-party tracking cookies for invasive retargeting campaigns, because we do not run retargeting campaigns. we do not use a cookie banner with seventy "trusted partners" because we do not have seventy partners. you can disable cookies in your browser; some features of the web apps (login, persistent preferences) will stop working if you do.
third parties
we rely on external infrastructure to run vøiddo. paddle (dublin, ireland) is the merchant of record for almost every paid transaction, which means it handles your card details, your tax calculations, and your refund processing; we never see your full card number. cloudflare provides dns and ddos protection. hetzner provides the primary application server in frankfurt. ai generation is routed through enterprise apis with major inference providers (gemini, currently). transactional email is routed through our own postfix and mailcow stack on the same hetzner box, with backup routing through a third-party smtp relay. each of these partners only ever receives the minimum data required to perform its specific function for you; we have signed dpas with all of them where the gdpr requires one.
retention
we keep your account data for as long as your account is active and for ninety days after you delete it (so that an accidental deletion can be reversed). generated outputs are stored in your account history for your convenience and you can delete them at any time from the dashboard. server logs containing personal data (ip addresses, request bodies) are rotated and permanently purged after thirty days. database backups containing personal data are retained for thirty days and then irreversibly destroyed.
your rights
you have the gdpr rights of access, rectification, erasure, restriction, portability, and objection over your personal data. you can exercise the first five directly from your account dashboard at any time without writing to us. if you want to exercise the right of objection, or if you want a full export of every piece of personal data we hold about you that does not appear on the dashboard (for example, the contents of the support inbox), write to support@voiddo.com and we will respond within the statutory thirty-day window; in practice it lands the same week. if you want to nuke your account entirely — all data, all backups, no recovery — email the support inbox and ask for a hard delete; we confirm hard deletes in writing once they are complete.
international transfers
the primary application servers live in frankfurt, germany, inside the european union. the company itself is legally registered in tallinn, estonia, which is also inside the european union. sub-processors such as paddle (ireland) and the llm inference providers (united states, with regional endpoints where available) may process data in their own jurisdictions. where data leaves the european economic area, we rely on the european commission’s standard contractual clauses and the uk international data transfer addendum, and we limit what is sent to the minimum the service requires.
children
the products are designed for adults — small business owners, marketers, ecommerce sellers, writers, developers. they are not intended for children under sixteen and we do not knowingly collect personal data from minors. if you believe a child has created an account, contact support@voiddo.com with whatever details you have; we will remove the account and any stored data within twenty-four hours and confirm in writing.
changes to this policy
we revise this policy when our data practices materially change — adding a new sub-processor, storing a new data category, changing a retention window. the last-updated date at the top of this page always reflects the current version. if a change is material in the gdpr sense, we will email everybody with an active account before the change takes effect. prior versions of the policy are retained internally and available on request to anybody who wants to compare the new and the old text.
contact
if you have a question about this privacy policy or how we handle your data — including the data subject rights above, an objection to a specific processing activity, or a dispute about a sub-processor — write to support@voiddo.com. the inbox is read by a human on the team during european or israeli working hours and we usually reply the same day. there is no separate "privacy team" because we are a six-person studio; the engineer who wrote the code that processes your data is also the person who will reply to your question about it.