Privacy Illusion

Everything Clerk collects when you sign up: your email, name, profile image, and authentication tokens. Everything our analytics collects when you visit: page views, device type, approximate location, referral source, and how long you stared at the Pigeon tab. Everything your browser volunteers without being asked, which is more than you think. We also store data you explicitly give us: tile purchases, confessions, achievement progress, and the 42 answers you gave Esmeralda (she keeps those).

Analytics, authentication, and payment processing. Also because that's what the npm packages do by default and we didn't change the settings. We'd like to say we have a sophisticated data strategy. We have npm install.

SaaSn't uses cookies. We're not entirely sure what they do. For a more thorough and significantly less useful explanation, see our Cookie Monster page. It has recipes.

Your data passes through the following third-party services: • Clerk (authentication): knows who you are • Stripe (payments): knows your card • Render (hosting): knows you visited • NowPayments (crypto): knows your wallet • Supabase (database): knows everything else Each of them has their own privacy policy. We have read none of them. In our defense, they are each 40+ pages long and written in a dialect of English designed to be technically readable and practically incomprehensible.

Your data is stored in a Supabase PostgreSQL database hosted in Switzerland. We chose the region because it sounds trustworthy. Switzerland is where banks keep secrets and cheese has holes. Both felt relevant.

Depending on where you live, you may have the right to: • Access your data (we'll send it to you) • Correct your data (we'll update it) • Delete your data (we'll delete it) • Port your data (we'll export it) • Object to processing (we'll listen) Greg handles these requests. Greg is on a Performance Improvement Plan. Please allow 6-8 business weeks. To exercise your rights, email saasmaster@saasnt.com. This goes to someone who actually exists. Whether they respond is a separate question.

We use HTTPS, encrypted database connections, and environment variables for secrets. Sarah found and fixed a SQL injection vulnerability in her first week. The previous developer's last commit message was a skull emoji. Draw your own conclusions about our security posture.

SaaSn't is not intended for users under 13. It is also, frankly, not intended for users over 13. It is intended for a narrow demographic of people who find satirical SaaS products entertaining, and we're not sure what age that maps to. If you are under 13 and reading this, please close this tab and go do something useful. If you are over 13 and reading this, the same advice applies but we know you won't take it.

We retain your data for as long as your account exists. If you delete your account, we delete your data within 30 days, except where required by law or where Greg forgot to run the cleanup script. Purchased tiles and their content persist on the grid indefinitely. The pixels stay. See Terms of Surrender, Article IX.

We will update this policy whenever we remember it exists. Material changes will be communicated via a method we haven't decided on yet. Probably not email. Greg handles email.