Privacy

Plain-language summary of how PitCrew handles your data. If anything’s unclear, contact us.

Last updated May 3, 2026

What we collect

Your agent description — the freeform text you paste on Step 1 of the audit, plus any architecture diagram you upload.
Your wizard inputs — model, tools, system prompt, call volume, conversation length, monthly spend (if entered), workload type, and the inferred archetype. Stored alongside the report so you can re-open it later.
Your account email, when you sign in. Used for the magic-link auth and to attach reports to your account.
A session cookie (`pc_session` for anonymous flows, plus a Supabase auth cookie when signed in). Both expire and rotate on a normal schedule.

What we don’t collect

Live usage data. PitCrew is a pre-deploy forecasting tool. We don’t take provider API keys, don’t ingest your production traffic, don’t analyze deployed agents.
Your end-users’ data. The agent description you paste should be about your agent, not about your users. We don’t want their messages, prompts, or PII.
Analytics fingerprints. No GA, Mixpanel, Posthog, Hotjar, or similar. No third-party tracking pixels.
Marketing cookies. See the cookies section.

Where the data goes

Supabase — stores the report row (your description, wizard inputs, computed analysis) and your account. US region.
Anthropic API — when you click Continue on Step 1, your description gets sent to Claude to parse out the wizard fields. The request includes the description and a system prompt; nothing else from your account. Anthropic’s data-handling terms apply to that request.
Vercel — hosts the app. Standard request logs apply (IP, path, user-agent), retained ~30 days.

That’s the full list. No analytics vendors, no advertising networks, no email-marketing providers.

Cookies

PitCrew sets two cookies, both strictly necessary for the app to work:

`pc_session` — a random UUID used to scope your anonymous reports before sign-in. Without it, returning to a report you ran before signing in would 404.
Supabase auth cookies — set when you sign in via magic link or OAuth. Used to keep you signed in.

Neither is used for tracking, profiling, or advertising. We don’t set any third-party cookies.

Your rights

See your data — every report you’ve run is on the Reports page when you’re signed in.
Delete your data — Settings → Delete my data permanently removes your account and every report attached to it. There’s no soft-delete; the rows are gone.
Export your data — email us and we’ll send your reports back as JSON.
Ask questions or file complaints — same email.

Changes

If we change how data is handled, we’ll update the last-updated date at the top of this page. Material changes (new third-party recipients, new data categories) will be flagged in-app before they take effect.

Contact

See the contact page for the email address and what to expect.