Privacy Policy

Last reviewed: 2026-05-15 · Operator: Joel Panchevre, San Antonio, TX · Contact: audit@thirstyai.live

TL;DR: If you submit the contact form, we collect your name, email, project type, and message and use them to respond. We use Microsoft Clarity for anonymized usage analytics. We do not sell, share, or rent your data. You can request deletion any time by emailing audit@thirstyai.live.

1. What We Collect

1.1 Contact Form (`/api/inquiry`)

When you submit the inquiry form on the homepage, we collect: name, email address, project type, and message. This data is stored privately on our server (inquiries.json), forwarded to internal channels (Discord and Telegram) so we can respond, and retained until your inquiry is resolved or 24 months - whichever comes first.

1.2 Microsoft Clarity Analytics

We use Microsoft Clarity, a privacy-conscious analytics product, to understand site usage. Clarity captures clicks, scroll depth, page paths, browser/device type, country/region, and anonymized session recordings. Clarity automatically masks sensitive fields (passwords, credit cards) and does not capture keystrokes outside form fields. Clarity data is owned by Microsoft and governed by the Microsoft Privacy Statement.

1.3 Server Access Logs

Our server logs anonymous aggregated pageview data (path, screen width, referrer domain) to pageviews.log. This data is not linked to identity. We rotate these logs every 90 days. Cloudflare upstream additionally logs request IPs and user agents for security and abuse prevention - their retention is governed by the Cloudflare Privacy Policy.

1.4 Email Correspondence

When you email audit@thirstyai.live (or any @thirstyai.live address), Cloudflare Email Routing forwards your email to our inbox. Forwarded email is retained for as long as needed to respond and follow up.

2. How We Use Your Data

To respond to your inquiry and provide quotes/scoping
To deliver and maintain contracted work
To detect and prevent abuse (via Cloudflare's upstream protection)
To improve site UX (via aggregated Clarity insights)

We do not use your data for advertising. We do not sell it. We do not share it with third parties except the named processors below.

3. Third-Party Processors

Processor	Purpose	Data shared	Location
Cloudflare	CDN, DNS, email routing, DDoS protection	Request metadata (IP, UA, headers)	Global edge
Microsoft Clarity	Aggregated usage analytics + session replay	Anonymized behavior data	US (Microsoft Azure)
Google Fonts	Typography (Bebas Neue, DM Sans, DM Mono)	IP address when loading fonts	Global edge
Discord / Telegram	Internal inquiry notifications	Inquiry content (name, email, message)	US

4. International Transfers

If you are located in the EU/EEA, UK, or Switzerland, your data may be transferred to the United States. Transfers to Microsoft (Clarity) are governed by Microsoft's Standard Contractual Clauses. Cloudflare is certified under the EU-U.S. Data Privacy Framework. Data minimization and pseudonymization are applied wherever practical.

5. Your Rights

Under GDPR (EU/UK), CCPA/CPRA (California), and similar laws, you may have the right to:

Access the personal data we hold about you
Correct inaccurate data
Delete your data ("right to be forgotten")
Port your data in machine-readable form
Object to processing or restrict it
Withdraw consent at any time (where consent is the legal basis)
Lodge a complaint with a supervisory authority

To exercise any of these rights, email audit@thirstyai.live with the subject line DSAR Request. We respond within 30 days.

6. California Residents (CCPA/CPRA)

If you are a California resident, the following additional rights apply:

Right to Know: what categories of personal info we collect (see §1) and the purposes of use (see §2)
Right to Delete: request deletion of your personal info (email audit@thirstyai.live)
Right to Correct: request correction of inaccurate info
Right to Opt Out of Sale/Sharing: we do not sell or share personal information. There is nothing to opt out of, but the right is stated for transparency.
Right to Limit Use of Sensitive Info: we do not collect "sensitive personal information" as defined under CPRA.
Right to Non-Discrimination: we will not deny services, charge different prices, or provide different quality of service for exercising your rights.

Global Privacy Control: We honor the GPC signal. When your browser sends Sec-GPC: 1 or navigator.globalPrivacyControl = true, we treat it as an opt-out signal and suppress non-essential analytics (Microsoft Clarity) on this device.

7. Cookies & Local Storage

The site sets a small number of cookies and localStorage entries:

Cookie/Key	Set by	Purpose	Lifespan
_clck, _clsk	Microsoft Clarity	Link a visitor's pageviews into one session, bot detection	1 year / session
MUID	Microsoft (c.bing.com)	Cross-site user identifier for Clarity	1 year
showTab, theme	thirstyai.live (localStorage)	Remember your tab choice and light/dark mode	Until you clear it
analytics_consent	thirstyai.live (localStorage)	Record your consent or opt-out choice	Until you clear it

8. Opt-Out Options

Enable Global Privacy Control in your browser (Firefox: about:preferences#privacy → "Tell websites not to sell or share my data"; Brave: native; DuckDuckGo Browser: native)
Enable "Do Not Track" in your browser
Use a content blocker that blocks *.clarity.ms and c.bing.com
Clear localStorage on this site to reset the consent flag and theme preferences

9. Data Retention Summary

Data type	Where	Retention
Inquiry form submissions	inquiries.json + Discord/Telegram	24 months or until resolved
Server pageview logs	pageviews.log	90 days, rotated
Cloudflare access logs	Cloudflare	Per Cloudflare retention policy
Microsoft Clarity	Microsoft Azure	Per Microsoft Clarity policy
Email correspondence	audit@thirstyai.live inbox	Until case closed

10. Children's Privacy

This site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact audit@thirstyai.live and we will delete it.

11. Security

We protect data with TLS 1.2+ (HSTS preload pending), CSP headers, CAA DNS records, restricted admin access, and least-privilege server permissions. inquiries.json is stored with restrictive file permissions on a private VPS. No data store on this site is publicly indexed.

12. Changes to This Policy

We may update this policy as the site evolves. The "last reviewed" date at the top reflects the most recent change. Material changes will be announced on the homepage and/or via direct email if you have an active inquiry with us.

13. Contact / DSARs

For any privacy question, data-subject access request, or to invoke any right under this policy:

Email: audit@thirstyai.live
Subject line: Privacy Request (or DSAR Request)
Operator: Joel Panchevre, San Antonio, TX, USA
Responsible disclosure: /.well-known/security.txt

← Back to MasterLog · Home · Pricing

Privacy Policy

1. What We Collect

1.1 Contact Form (/api/inquiry)

1.2 Microsoft Clarity Analytics

1.3 Server Access Logs

1.4 Email Correspondence

2. How We Use Your Data

3. Third-Party Processors

4. International Transfers

5. Your Rights

6. California Residents (CCPA/CPRA)

7. Cookies & Local Storage

8. Opt-Out Options

9. Data Retention Summary

10. Children's Privacy

11. Security

12. Changes to This Policy

13. Contact / DSARs

1.1 Contact Form (`/api/inquiry`)