This page explains what ExcuseWiz collects, why, and what happens to it. Plain language first; the defined terms below follow the same pattern you’ll find in most privacy policies.
For any privacy question, request, or concern, email us at hello@excusewiz.com.
1. Who we are (data controller)
ExcuseWiz is an independent project. The operator of the site acts as the data controller for any personal data processed via this website. For all data-protection matters — access, rectification, deletion, portability, objection, complaint — write to hello@excusewiz.com.
2. What we collect
- What you type into the generator. The situation description and tone you select are stored in our database so we can serve the same generation to the next person instantly (a cache) and so we can improve the prompts that power the tool.
- A hashed form of your IP address. We hash your IP using HMAC-SHA-256 with a server-side salt, then store only the hash to enforce a per-hour rate limit. The raw IP is never written to our database.
- Vercel Analytics & Speed Insights. Anonymous, cookieless visitor analytics: page views, referrers, device/browser type, approximate location, and Core Web Vitals timings. We see aggregated counts only — no profile is built about you.
- Google Analytics 4 (when enabled). If we add it later, it will provide a second layer of aggregated traffic analytics. Currently not wired.
- Advertising data (when enabled). Once Google AdSense is approved on the site, Google may place cookies in your browser to serve contextual ads and measure their performance.
3. What we don’t collect
- We do not ask for an account, email, or any identifier to use the generator.
- We do not sell or share your typed situations with third parties.
- We do not train any model on your inputs beyond using them to tune our own prompts.
4. Third-party services we use
- xAI (Grok API)— generates the text output. Your situation and tone are sent to xAI’s API to produce a response. See xAI’s privacy policy for their handling.
- Supabase — the database that stores cached generations and rate-limit hashes. Hosted in the United States.
- Vercel — hosts the website, runs the API routes, operates the CDN, and provides Vercel Analytics + Speed Insights. Vercel Analytics is cookieless and does not build a profile about you. Vercel may also keep short-lived edge logs that include IP addresses for abuse prevention.
- Google Analytics 4 (when enabled) — would aggregate anonymous usage statistics. Not currently wired.
- Google AdSense (when enabled) — serves display advertising. AdSense uses cookies to show contextual ads.
5. International data transfers
Our infrastructure is hosted in the United States (Vercel, Supabase, xAI). If you access the site from the European Union, the United Kingdom, or another jurisdiction outside the US, your data — to the limited extent we hold it — is transferred to and processed in the United States. We rely on the standard contractual clauses and other approved transfer mechanisms our processors maintain.
6. Cookies
We use cookies and similar technologies. For the full list and your controls, see our Cookie Policy. You can change your cookie preferences any time at Cookie settings.
We do not set our own tracking cookies. Third-party services we embed — Google AdSense (when enabled), Vercel — may set cookies in your browser. Until you grant consent on the cookie banner, GA4 and AdSense scripts do not load.
We do use one optional localStorage entry to remember your light/dark theme preference. That value is read only by your browser and never sent to a server.
7. Data retention
- Cached generations are retained indefinitely so the library and search-engine results stay populated. We may purge individual rows on request.
- Anonymous rate-limit hashes are retained for the duration of the rate-limit window (one hour by default) and then aged out.
- Analytics eventsare retained according to the third-party provider’s defaults (Vercel Analytics: rolling aggregates; Google Analytics 4 if enabled: 14 months unless changed).
8. Security
Traffic to and from ExcuseWiz is encrypted in transit via TLS. Data held in Supabase is encrypted at rest by the provider. Access to the production database is restricted to a single service-role key held in a managed secret store, never in source control. We hash IP addresses with HMAC-SHA-256 + a server-side salt so even our operations team cannot reverse them.
9. Your rights
If you’re in the EU, UK, California, or another jurisdiction with similar laws, you have the right to:
- Request a copy of any data we hold that relates to you.
- Ask us to correct or delete it.
- Object to or restrict our processing of it.
- Receive it in a portable format.
- Lodge a complaint with your local data-protection authority (in the EU: your member-state supervisory authority; in the UK: the ICO; in California: the CPPA).
Email hello@excusewiz.com and we’ll respond within thirty days. Because we don’t collect account identifiers, most requests are to delete specific cached generations.
10. Children’s privacy
ExcuseWiz is not directed at children under 13 (or 16 in the European Union). We do not knowingly collect information from children. If you believe a child has used the tool, email us and we’ll remove the data.
11. Changes to this policy
We’ll update the date at the top whenever we change anything material. Continued use of the site after a change constitutes acceptance of the new version.
12. Contact
Privacy questions, data requests, takedown notices, and complaints all go to hello@excusewiz.com.