How we protect your data.

Authentication

User accounts are managed by Supabase Auth — an open-source, battle-tested authentication layer. Sessions use short-lived JWT tokens. Passwords are hashed using bcrypt and never stored in plain text. We also support Google OAuth as an alternative to passwords.

Payments

All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We never see, store, or handle your card number — it goes directly to Stripe. We only store a Stripe customer ID in our database to link your subscription status.

Data storage

Your session history is stored in a Supabase (PostgreSQL) database with row-level security — meaning your data is only accessible to your own account. Data is encrypted at rest and in transit (TLS). Our database is hosted in a SOC 2 compliant environment.

AI processing

The text you submit is sent to Anthropic's Claude API to generate responses. According to Anthropic's policy, API data is not used to train their models. Text is transmitted securely over HTTPS and is not stored by Anthropic after processing. We don't log your session content beyond what's needed for your history.

Local storage

If you use Resistaa without an account, your usage count is tracked in your browser's localStorage only — it never leaves your device. No cookies are used for tracking or advertising. The only cookies set are Supabase auth session cookies (required for login to work).

No advertising

We use no advertising networks, tracking pixels, or third-party analytics. We don't sell your data. We don't share your data with anyone except the processors listed above (Supabase, Anthropic, Stripe) and only to the extent necessary to run the service.

Your data controls

You can delete your account at any time from Settings → Danger zone. Your data is permanently removed within 24 hours of deletion. You can also clear your session history at any time from Settings → Data controls without deleting your account.