Ragebot - Privacy Policy

Effective and last updated: March 23, 2026

Privacy information

Short version: Ragebot requires sign-in with a supported social provider account. When you ask it to generate something, your prompt and optional image are sent through the app backend to AI providers to return a result. Ragebot does not keep a normal server-side generation history of every successful output in its own database. Ragebot does store generated-output reports, including the reported output and small technical report context such as whether an image was used, for a limited time to review reported AI output. Ragebot does not store the original uploaded image file in its own report table. Providers that help deliver the request may also temporarily process or retain request data under their own systems and policies. Paid features are handled through Apple App Store or Google Play together with RevenueCat.

1. Controller and Contact

Ragebot is operated by JonschDev ("I", "me", "my"). For privacy questions, rights requests, or deletion requests, email ragebot@googlegroups.com.

This page describes Ragebot's current privacy practices.

2. What This Policy Covers

This policy explains what personal data I process when you use the Ragebot app, request AI generations, buy or restore a subscription, report a generated output, open the hosted legal pages, or contact me.

Ragebot is an entertainment app. It generates short AI-produced satire or "ragebait" style text from text input and, for paid users, optional image input.

3. Data I Process, Why, and the Legal Basis

Category	Examples from the app	Purpose	Legal basis
Account and session data	Better Auth user ID, linked social-account records, auth/session records in Better Auth, secure session tokens on your device.	Sign you in, keep the app usable, sync purchases to the right account, and let you delete your account.	Art. 6(1)(b) GDPR. For storage/access on your device that is strictly necessary, Section 25(2) no. 2 TDDDG.
Generation request data	Prompt text, optional image, generated output, image metadata, request IDs.	Carry out the generation you requested, deliver the result, enforce limits, prevent abuse, and handle provider or moderation failures.	Art. 6(1)(b) GDPR. Art. 6(1)(f) GDPR for abuse prevention, security, and service integrity.
Subscription and billing state	RevenueCat app user ID, entitlement status, subscription status, subscription expiry, webhook event IDs, purchase/restore state.	Verify purchases, restore access, prevent fraud, and keep entitlement state in sync.	Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR, and where applicable Art. 6(1)(c) GDPR.
Support and reporting data	Generated-output report records, generated text, limited request metadata attached to a report (for example whether an image was used, but not the original uploaded image file or the original input text), platform, app version, timestamps, and email contents if you contact me directly.	Review reported AI output, handle abuse prevention, and respond if you contact me directly by email.	Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR, and where applicable Art. 6(1)(c) GDPR.
Technical, connection, and security data	IP address and request metadata seen by hosting/backend providers, platform, app version, network status, structured error or event logs using user IDs and event IDs.	Deliver the service, diagnose failures, secure the infrastructure, and defend legal claims.	Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Local device data	Locally cached draft text and attached-image metadata, clipboard copy action when you tap Copy on a generated result, selected image files or temporary caches, secure auth tokens.	Make the app function, preserve your draft briefly, and improve the in-app experience.	Art. 6(1)(b) GDPR. For strictly necessary local storage/access, Section 25(2) no. 2 TDDDG.

Ragebot does not currently use a separate in-app behavioral analytics service. That does not prevent infrastructure or platform providers from processing technical telemetry needed to operate their own services.

4. Where the Data Comes From

Directly from you when you enter text, choose an image, tap purchase or restore, report a generated output, or contact me by email.
From your device or operating system, for example platform, app version, network state, permission state, and secure/local storage used to operate the app.
From Apple, Google, and RevenueCat for subscription, entitlement, renewal, refund, or restore events.
From hosting and infrastructure providers that necessarily see request metadata to deliver the service.

5. Important AI-Specific Privacy Notice

If you use the generation feature, your prompt text and optional image are sent through the Ragebot backend to OpenRouter and the model provider behind the configured model so that a result can be generated.

Ragebot does not keep a normal server-side history of every successful generation in its own Convex database. If you report a generated output, Ragebot stores the reported output together with limited report-time context, such as whether an image was used, for up to 90 days so the report can be reviewed. Ragebot does not store the original uploaded image file or the original input text in that report record. The request itself still passes through backend infrastructure and external AI services. Ragebot does not promise that prompts or images will be processed under a zero-retention or no-training arrangement at every layer. Because of that, you should not submit confidential, sensitive, or high-risk personal data to the generation feature.

6. Recipients and Service Providers

I currently rely on the following categories of third parties to run the app:

Convex and Better Auth: backend, database, auth/session handling, and app data storage.
OpenRouter and the configured model provider: AI generation of requested output.
RevenueCat: subscription state, purchase verification, and restore flows.
Apple App Store / Google Play: in-app purchase processing, billing, renewals, refunds, and store account handling.
Expo / EAS: app update delivery and related app infrastructure.
Vercel: hosting of the public legal pages and website endpoints.
Email provider: if you contact me by email, your email provider and mine will process that correspondence.

Some of these parties act on my behalf as service providers, while others act under their own responsibility under their own terms and privacy notices.

7. International Data Transfers

Some providers used by Ragebot may process data outside the EEA, including in the United States. The exact transfer route can depend on the provider, the platform, and your region.

Where required, I rely on the transfer mechanism made available for the relevant provider, such as an adequacy decision or appropriate safeguards like the European Commission's Standard Contractual Clauses. If you want the current provider-specific transfer information, email me.

8. How Long I Keep Data

Data	Retention
Auth/session and app account record	Usually until you delete the account or it is otherwise no longer needed for the service or security purposes.
Generated-output reports	Stored for 90 days.
Generation quota state	Stored until account deletion.
RevenueCat webhook audit rows	Stored for 90 days.
Local draft text and attached-image metadata	Stored on your device for up to 3 days unless cleared sooner.
Local auth tokens and temporary local files	Kept on your device until signed out, the account is deleted, or the app or operating system removes them.

9. Permissions, Consent, and Choices

Photo library permission: optional, used only if you choose an image for generation.
Subscriptions: manage or cancel paid subscriptions in your Apple App Store or Google Play account settings.
Clipboard: Ragebot only writes generated text to your clipboard when you explicitly tap Copy on a generated result.
Delete account: available in the app under Settings. This deletes app-owned account data, but it does not itself cancel a store subscription.

10. Your GDPR Rights

Subject to the conditions in applicable law, you have the right to:

access your personal data;
rectify inaccurate or incomplete data;
erase data;
restrict processing;
object to processing based on legitimate interests;
data portability where applicable;
withdraw consent at any time for future processing based on consent; and
lodge a complaint with a competent data protection supervisory authority, especially in your place of residence, work, or where the alleged infringement occurred.

Because Ragebot uses signed-in accounts, I may need enough information to identify the relevant account before I can act on a request. Helpful details can include your Ragebot user ID if available, platform, approximate date of use, and for paid issues a store order ID or receipt. Where applicable, I will respond within the statutory time limit.

11. Automated Decision-Making

I do not intentionally use Ragebot for solely automated decisions that produce legal or similarly significant effects on you within the meaning of Art. 22 GDPR. The generation feature is user-requested creative output, not a decision system for legal, employment, credit, insurance, or similar outcomes.

12. Children and Sensitive Data

Ragebot is not intended for children under 16. I do not knowingly want personal data from children under 16 through this app.

Please do not submit special-category personal data, confidential information, government IDs, payment card data, or sensitive data about other people through the generation feature, generated-output reporting, or direct email contact unless it is strictly necessary and lawful.

13. Security

I use reasonable technical and organizational measures appropriate for a small app and the data it processes. No system is perfectly secure, and I cannot guarantee absolute security.

14. Changes to This Policy

I may update this policy from time to time if the app, providers, or legal requirements change. The version published at this URL is the current version.

15. Contact and Related Pages

Privacy contact: ragebot@googlegroups.com

Related pages: Terms of Use | Delete Account