Privacy Policy

1. Introduction

Golden Black LLC (“we,” “us,” or “our”) operates Earnest Page. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform. We are committed to transparency and to protecting your privacy.

2. Information We Collect

2.1 Authentication Data

We use phone-based authentication via Twilio Verify. Your phone number is used solely to send a one-time verification code during login. We do not store your phone number in our database. A one-way cryptographic hash (SHA-256) of your phone number is stored for the Contact Firewall feature, which allows you to exclude people you know from your anonymous feed.

2.2 Profile & Identity Data

Information you voluntarily provide during onboarding and profile editing: gender, age, ethnicity (optional), life vision, important people in your life, and personal interests. This data is used exclusively to build your Character Bible and personalize your AI interactions.

2.3 Conversation Data

Your conversations with Mirror Chat are temporarily stored in Firebase Firestore during the active session. After a session closes, the conversation is processed to update your dossier and (if you have chosen public routing) generate an anonymous post. The raw conversation transcript is stored as content_raw and is never visible to any user other than you. “Burn on Close” sessions are deleted immediately with zero data retention.

2.4 Location Data

If you grant browser geolocation permission, your approximate coordinates (latitude and longitude) are used for the Proximity Blind Spot feature, which filters posts from within a 200-mile radius to protect your anonymity. You may also manually set a location anchor via zip code. Your precise coordinates are never displayed to other users or included in API responses.

2.5 Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We store only your subscription status, plan type, and Stripe payment intent identifiers.

3. How We Use Your Information

• To authenticate your identity and manage your account
• To power the AI-driven Mirror Chat, dossier updates, and character compilation
• To generate anonymous, AI-ghostwritten posts for the public feed (with your consent via routing settings)
• To generate AI-powered hero images for posts
• To provide proximity-based anonymity filtering
• To process payments and manage subscriptions
• To improve the Service and fix technical issues

4. Third-Party Services

We use the following third-party services to operate the platform:

5. Anonymity & Public Content

When a conversation is published to the Dear Earnest feed, it is processed by AI to create a fully anonymized, ghostwritten version. All personally identifiable information — including names, locations, employers, and specific details — is scrubbed and replaced with pseudonyms before publication.

The raw conversation transcript is never accessible to any user other than the author. We do not display like counts, follower counts, or engagement metrics to other users.

6. Data Retention

• Active chat sessions are deleted within 15 minutes of closing.
• “Burn on Close” sessions are purged immediately with no data retained.
• Published posts are retained until you delete them or delete your account.
• Your dossier and character profile are retained for the duration of your account.
• Payment records are retained for 7 years as required for tax and accounting compliance.
• Upon account deletion, all personal data is permanently erased within 30 days, except where retention is required by law.

7. Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):

You may withdraw consent at any time by adjusting your routing settings to Private, denying browser geolocation, or contacting us. Withdrawing consent does not affect the lawfulness of processing performed before the withdrawal.

8. International Data Transfers

Golden Black LLC is based in the United States. If you access Earnest Page from outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the EEA, UK, and Switzerland, we rely on the following safeguards for international data transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with sub-processors where applicable.
• Our third-party service providers (Firebase/Google, Stripe, Anthropic, Twilio, Vercel) maintain their own data processing agreements and transfer mechanisms compliant with applicable regulations.
• We implement supplementary technical measures including encryption in transit (TLS 1.2+), encryption at rest, and access controls to protect transferred data.

By using the Service, you acknowledge and consent to the transfer and processing of your data in the United States. You may request a copy of the safeguards we use by contacting us.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

For All Users

• Access the personal data we hold about you
• Delete your account and all associated data (via Security & Routing in-app or by contacting us)
• Export your data in a portable, machine-readable format (via the data export feature in-app)
• Opt out of public publishing by setting your default routing to Private
• Restrict location data collection by denying browser geolocation

Additional Rights for EEA, UK, and Swiss Users (GDPR)

• Rectification — request correction of inaccurate or incomplete personal data
• Restriction — request that we limit the processing of your data in certain circumstances
• Object — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time
• Lodge a complaint — with your local Data Protection Authority if you believe your rights have been violated

Additional Rights for California Residents (CCPA)

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt out of the sale of personal information — we do not sell personal information
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@earnestpage.com.

We will respond to all rights requests within 30 days (GDPR) or 45 days (CCPA).

10. Children's Privacy

The Service is available to users aged 13 and older (or 16 in jurisdictions where GDPR requires it). We do not knowingly collect personal information from children under the applicable minimum age. If we learn that we have collected data from a child below the applicable age, we will promptly delete that information.

11. Security

We employ industry-standard security measures including encrypted data transmission (TLS), cryptographic hashing (SHA-256) for sensitive identifiers, Firebase security rules, and Stripe's PCI-compliant payment infrastructure. However, no method of electronic storage or transmission is 100% secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Data Protection Contact

For privacy-related questions, data protection inquiries, or to exercise your rights under GDPR, CCPA, or other applicable privacy laws, contact:

14. Contact

For general privacy questions, contact us at privacy@earnestpage.com.