Privacy

GB Software operates The Same Page and is the data controller for the information described here. You can reach us about privacy at contact@getonthesamepage.app.

We only collect what a session needs to work:

• Your conversation with the AI mediator — the most recent messages of your private chat (older messages roll off).
• The summaries you approve for sharing, and the final Same Page document.
• A first name, if you give one — used only to address you during the session and on the document.
• A reminder email, if you ask for one — stored only to send the two-week check-in you confirm.
• A small session cookie that keeps you signed in to your own session — see the Cookie Policy.
• Limited technical data for security and reliability (for example, rate-limiting counts and error diagnostics). Our error reports are configured to exclude your conversation content, summaries, document, and identifying details such as your IP address.

We don't ask for sensitive categories of data, but a free-text conversation may contain whatever you choose to write. Please share only what you're comfortable processing for this purpose, and avoid including other people's sensitive details.

Under the UK and EU GDPR, we rely on these bases:

• To provide the session you and the other person take part in — performance of our agreement with you (our Terms).
• To keep the service secure and working — our legitimate interest in preventing abuse and fixing errors.
• To send reminder emails or push notifications — your consent, which you can withdraw at any time.

The mediator is powered by Anthropic's Claude. Your messages are sent to Anthropic's API to generate responses. We don't use your conversations to train models, and they aren't sold or used for advertising.

We don't sell your personal information or share it for advertising. We use a small number of service providers who process data on our behalf, under contract and only to run the service:

• Anthropic — generates the AI mediator's responses.
• Our hosting and database providers — run the application and store session data (including a managed Redis database). The site is hosted on Vercel.
• Resend — sends reminder and confirmation emails, if you ask for one.
• Sentry — collects technical error reports, configured to exclude your content and identifying details.
• Vercel Analytics — privacy- friendly, cookieless usage measurement.

We may also disclose information if the law requires it, or to protect the rights, safety, or property of users or others.

Some of our providers are based in the United States, so your information may be processed outside the UK and EEA. Where it is, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses and the UK's International Data Transfer Addendum, or a provider's recognised adequacy certification — to protect it.

Never your raw words. The only things shared across the session are the neutral summaries you explicitly approve — you can edit them, or decline to share any of them, and declining is never announced — and the final document you both confirm. The other person's pending items and original wording are never sent to you, and yours are never sent to them.

Sessions expire automatically seven days after their last activity, and the conversation data is deleted from our store at that point. Confirmed reminder emails are kept for up to fifteen days, then deleted; an email-confirmation link expires within 24 hours. Download your Same Page document as a PDF if you want to keep it — we don't keep a copy after the session expires.

Because a session is shared, either person can permanently erase the entire session — the document, both private conversations, and any reminder details — for both of you, immediately, from the closing page. This means the other person can delete shared session data that relates to you, and you can do the same. We can't restore a session once it's erased or expired.

Depending on where you live, you have some or all of the following rights over your personal information:

• In the UK and EU (GDPR): to access, correct, delete, restrict, or object to our use of your data, to data portability, and to withdraw consent at any time. You can also complain to your data-protection authority — in the UK, the Information Commissioner's Office (ico.org.uk).
• In the US (including California): to know what we collect, to delete it, to correct it, and to non-discrimination for exercising these rights. We do not sell or share your personal information as those terms are used under California law.

The fastest way to delete a session is the erase option on the closing page. For anything else, contact us at contact@getonthesamepage.app and we'll respond as the law requires. Note that because we don't use accounts, much of what we hold is short-lived and not tied to your identity, which can limit what we're able to locate.

We protect your data with encryption in transit, access controls, and automatic expiry of session data. No online service can be guaranteed completely secure, but we work to keep what we hold safe and to hold as little as possible, for as short a time as possible.

The service is for adults. It is not intended for anyone under 18, and we don't knowingly collect information from under-18s. If you believe a minor has used the service, contact us and we'll delete the data.

We may update this policy from time to time. When we do, we'll change the “last updated” date above.