Last updated: February 23, 2026
This Privacy Policy explains how WithoutAsking, operated by Michael Cardin, sole proprietor (“we,” “us,” or “our”), collects, uses, and protects your information when you use our Service at withoutasking.app. We are committed to protecting your privacy and handling your data responsibly.
Account Information: When you create an account, we collect your email address and password (stored securely as a hashed value — we never store plaintext passwords).
Uploaded Documents: Documents you upload (PDFs, Word files, plain text) are stored in our cloud infrastructure. We process these documents to extract text, generate embeddings, and enable AI-powered question answering. Documents are private to your organization.
Questions and Answers: We log questions asked by your team members and the AI-generated answers for usage tracking and to provide conversation history. These logs are private to your organization.
Payment Information: Payment is processed by Paddle (Paddle.com Market Limited), who acts as our Merchant of Record. We do not collect, store, or have access to your credit card number or payment details. Please refer to Paddle's Privacy Policy for details.
We use the information we collect to:
Your documents are processed using third-party AI services (OpenAI for text embeddings, Anthropic for answer generation). Document text is sent to these services only as needed to generate embeddings and answer questions. We do not send your full documents — only relevant text chunks retrieved during a query. These AI providers process data according to their respective privacy and data handling policies and do not use your data to train their models when accessed via API.
Account data, documents, and query logs are stored using Supabase, a cloud database platform with industry-standard security practices including encryption at rest and in transit. Uploaded files are stored in Supabase Storage with organization-scoped access policies. Authentication is handled by Supabase Auth with secure password hashing.
We enforce Row-Level Security at the database level to ensure organizations can never access another organization's data. We take reasonable measures to protect your data, but no method of transmission or storage is 100% secure.
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with:
We may also disclose information if required by law, regulation, or legal process.
When you invite team members to your organization, they can ask questions and receive AI-generated answers from your uploaded documents. Team members can only access documents belonging to their organization. Admins can manage team members and revoke access at any time.
We retain your account data, documents, and query logs for as long as your account is active. If you delete a document, it and its indexed data are removed from our servers. If you request account deletion, we will delete all your data from our servers within 30 days.
You have the right to:
WithoutAsking uses cookies for authentication and session management. Our payment processor, Paddle, may set cookies related to checkout and fraud prevention. We do not use cookies for advertising or ad personalization.
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, please contact us at support@withoutasking.app.