Privacy Policy

NameYourThing™ is a trade name of 10th Street Ventures, LLC (“Company,” “we,” “us,” “our”). This Privacy Policy describes how we collect, use, and handle information when you visit our website at nameyourthing.ai or purchase a Report through our Service.

We designed this Service to minimize the personal data we collect. We do not create user accounts. We do not use analytics or behavioral tracking tools (no Google Analytics, no pixels, no cookies). We retain anonymized pipeline analytics for product improvement as described in Section 2 of this policy. This policy explains exactly what data exists, where it goes, and who can access it.

1. Information We Collect

1.1 Information You Provide

When you purchase a Report, you provide the following through our form:

• Category — what you are naming (e.g., “App,” “Restaurant,” “Podcast”)
• Keywords — 3 to 5 descriptive words
• Target audience — a free-text description of your intended audience
• Tone — a selection from three options (professional, approachable, bold)

Important: Do not include personally identifying information in your form inputs. The target audience field accepts free-text input. If you include personal names, addresses, phone numbers, email addresses, or other identifying information in this field, that information will be transmitted to third-party AI providers and stored in your payment session metadata as described in this policy. We cannot prevent this if you choose to include it, and we are not responsible for personally identifying information you voluntarily enter into form fields.

1.2 Information Collected Automatically

• Browser timezone — detected via the browser's Intl API and used solely to format the date on your Report
• IP address and browser information — captured by our hosting provider (Vercel) in standard HTTP request logs, retained for a maximum of 1 hour

1.3 Payment Information

Payments are processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor. When you check out, Stripe collects your email address, billing name, payment card details, and billing address directly. We do not see or store your full card number. Through our Stripe dashboard, we can access your email address, billing name, card last four digits, card brand, and billing address.

Your form inputs (category, keywords, audience, tone) are also stored as metadata on your Stripe checkout session so our pipeline can retrieve them after payment confirmation. For details on Stripe's data handling, see stripe.com/privacy.

2. How We Use Your Information

Your form inputs (category, keywords, audience, tone) are used for one purpose: generating your Report. Specifically:

• Passed to OpenAI's API as part of the AI prompt that generates name candidates
• Passed to Anthropic's API as part of the AI prompts that score, rank, and write analysis for each name candidate
• Stored as metadata on your Stripe checkout session so the pipeline can retrieve your inputs after payment confirmation
• Provided to Resend for email delivery of your completed Report (PDF attachment) to the email address you provided during checkout

Generated name strings (not your form inputs) are sent to:

• Fastly for domain availability checks
• RapidAPI (pentium10) for USPTO trademark searches
• DataForSEO for search landscape analysis
• DataForSEO (SERP API) for web presence collision detection — each Front 25 name is searched on Google via DataForSEO to identify whether a real business is already operating under that name
• Resend for email delivery — your completed Report (PDF) is emailed to the email address you provided to Stripe during checkout

Your browser timezone is used to format the report date in your local time zone.

We do not use your personal information for marketing, advertising, or profiling. Your form inputs are used solely for generating and delivering your Report. We separately retain anonymized pipeline analytics (described below) for product improvement purposes — this data does not include your email address, billing details, IP address, or any personally identifiable information.

Provision of Data

Providing your form inputs (category, keywords, audience, tone) is a contractual requirement — the data is necessary for us to perform the service you purchased. If you do not provide these inputs, we cannot generate your Report.

Automated Processing

Your Report is generated entirely through automated processing. AI models score, rank, and write analysis for each name candidate without human review or intervention. No human reviews, edits, or approves the content of your Report before delivery. This automated processing does not produce legal effects concerning you or similarly significantly affect you — the Report is informational, and all decisions about whether and how to use the names remain entirely yours.

Anonymized Usage Analytics

After your Report is generated and delivered, we retain anonymized analytics from the completed pipeline run for product improvement purposes. This data is stored in a database we operate (hosted by Neon, a serverless Postgres provider) and includes:

• Category, tone, and keyword inputs (not audience text)
• Collision check outcomes — trademark, domain, SEO, and web presence results in aggregate and per generated name
• AI-generated name candidates with their associated curation scores
• Pipeline performance data (runtime, API costs, token counts)
• Price paid and pricing tier

This data does not include your email address, billing details, IP address, payment card information, audience description text, or any other personally identifiable information. It is not linked to your Stripe payment record or any data held by Stripe. The AI-generated name candidates stored in this database are output of the AI pipeline, not information you provided.

If you optionally provide demographic information (such as age range or gender) after purchase, this data is stored separately from all other analytics records and is linked only by an internal report identifier — not by email, payment data, or any personal identifier.

Pipeline Failure Logging

If the pipeline fails during Report generation, we log the failure to a separate table in the same database for the sole purpose of resolving your order (e.g., issuing a refund or re-running the Report). This failure record includes: category, tone, keywords, price paid, an internal job identifier, the error message, and a Stripe checkout session identifier.

The Stripe checkout session identifier is an opaque reference string assigned by Stripe. We do not operate any system that cross-references this identifier to personal data. The mapping from a session identifier to your email address, billing name, or payment details exists solely within Stripe's systems and is accessible only through Stripe's dashboard. We retain this identifier only so we can locate the corresponding Stripe record if manual resolution is required. Failure records are marked resolved once the issue is addressed and are retained for the same duration as other pipeline analytics.

We do not sell, share, or provide this data to any third party. It is used solely for aggregate product analytics, quality improvement, order resolution, and internal business intelligence.

3. Data Retention

3.1 On Our Infrastructure

Our Service runs on Vercel's serverless platform. Each request executes in an isolated function that does not persist personal data between invocations. The PDF is generated in memory, streamed to your browser, and the buffer is discarded when the function completes.

We operate a database (hosted by Neon) that stores pipeline analytics as described in Section 2. This database contains category, tone, and keyword inputs you provided, AI-generated name candidates, collision check outcomes, curation scores, and pipeline performance data. It does not contain your email address, billing details, IP address, payment information, or audience description text. For failed pipeline runs, a Stripe checkout session identifier is also stored as described in Section 2 (“Pipeline Failure Logging”). This data is retained as long as the Service is active.

Your form inputs (category, keywords, audience, tone) are stored as metadata on your Stripe checkout session by our code, at our direction, for the purpose of enabling Report generation after payment confirmation. We are the data controller for this data under applicable data protection law. This metadata is retained by Stripe as part of your payment record.

Vercel runtime logs (which include server-side console output such as job IDs, timing data, and cost tracking) are retained by Vercel for a maximum of 1 hour and then deleted. We have not configured any log drain or long-term log storage service.

3.2 Third-Party Service Providers

We use the following third-party services to operate the Service. Each provider retains data in accordance with its own policies and applicable legal requirements:

• Stripe (payment processing) — retains your email address, billing name, card details, billing address, and form input metadata indefinitely as part of your payment record. We have access to your email address, billing name, card last four digits, card brand, and billing address through our Stripe dashboard. Stripe processes payments in accordance with PCI DSS Level 1 standards. See stripe.com/privacy.
• OpenAI (AI name generation) — may retain API inputs (which include your form inputs) for up to 30 days for abuse monitoring. API inputs are not used to train OpenAI models. OpenAI's internal retention practices, including any legal holds or policy changes, are outside our control.
• Anthropic (AI curation and analysis) — retains API inputs for up to 30 days (the contractual maximum; the current operational default is 7 days as of September 2025). API inputs are not used to train Anthropic models. Anthropic's internal retention practices are outside our control.
• Fastly, RapidAPI, DataForSEO (domain, trademark, and search data) — may retain API call logs (which include generated name strings, not your form inputs) in accordance with their own data retention policies.
• Resend (email delivery) — delivers your completed Report to the email address you provided during checkout. Resend receives your email address and the PDF attachment for delivery purposes only. Resend retains email delivery logs for 1 day on the free tier and does not use your email address for any other purpose. See resend.com/legal/privacy-policy.

4. What We Do Not Collect

We designed this Service to avoid collecting data we do not need. The following is an explicit statement of data we do not collect:

• No user accounts. There is no login, no profile, and no persistent user record in our system.
• No cookies. The Service does not set any cookies — not for tracking, not for session management, not for any purpose.
• No analytics or tracking. We do not use Google Analytics, Mixpanel, PostHog, Amplitude, Facebook Pixel, or any other analytics, behavioral tracking, or advertising tool.
• No personal data in our database. We operate a database for pipeline analytics (see Section 2). It contains category, tone, and keyword inputs but does not contain email addresses, billing details, IP addresses, payment information, or audience descriptions. For failed pipeline runs, a Stripe checkout session identifier is stored for order resolution purposes — we do not operate any system that cross-references this identifier to personal data (see Section 2, “Pipeline Failure Logging”).
• No payment card storage. We do not see or store your full card number. All payment processing is handled directly by Stripe.
• No report storage. Your PDF is generated in server memory, delivered to your browser, and discarded. We do not retain a copy. If you lose your Report, we cannot retrieve it.
• No session persistence. Our server-side functions are stateless. No user data persists between requests on our infrastructure.
• No email collection by us. We do not ask for or collect your email address. Your email is collected by Stripe as part of the checkout process. We have access to it through our Stripe dashboard, but we did not collect it and we do not use it for marketing.

5. Data Security

Your form inputs are transmitted over HTTPS (TLS encryption in transit) to our server and to all third-party APIs. Payment information is handled entirely by Stripe, which is PCI DSS Level 1 certified.

We operate a database containing pipeline analytics (see Section 2). This database contains keyword inputs and, for failed pipeline runs, Stripe checkout session identifiers. In the unlikely event of unauthorized access to this database, the exposed data would consist of keyword inputs, AI-generated name candidates, collision check scores, pipeline performance metrics, and — for failure records only — an opaque Stripe session identifier that does not itself contain personal data but could be used to look up the associated payment record in Stripe. The primary data security considerations for this Service relate to the third-party providers described in this policy, each of which maintains its own security practices.

6. Your Rights

6.1 Access and Deletion

Our analytics database contains keyword inputs and, for failed pipeline runs, Stripe checkout session identifiers (see Section 2). If you wish to request access to or deletion of data associated with your order, contact us at info@nameyourthing.ai. We will acknowledge your request within 7 days.

For data held by Stripe (email, billing details, payment records, and form input metadata), you may contact us at info@nameyourthing.ai or contact Stripe directly at stripe.com/privacy. If you contact us, we will acknowledge your request within 7 days, forward a deletion request to Stripe within 30 days of receipt, and notify you of the outcome once Stripe has processed the request. Some payment data may be retained by Stripe for a minimum period required by applicable financial recordkeeping laws regardless of your deletion request.

For data held by OpenAI or Anthropic (API input logs), those providers' retention windows are limited (up to 30 days) and data is automatically deleted after that period. We cannot submit deletion requests to these providers for individual API calls.

6.2 European Economic Area, United Kingdom, and Other International Users

If you are located in the European Economic Area (EEA), the United Kingdom, or any jurisdiction with specific data protection requirements (including but not limited to rights under GDPR, the UK Data Protection Act, or similar legislation):

Legal basis for processing. We process your form inputs on the basis of contractual necessity (GDPR Article 6(1)(b)) — the data is required to perform the service you purchased. Stripe processes your payment data on the same basis.

International data transfers. Your form inputs and payment data are processed through servers and third-party services located in the United States. Stripe participates in the EU-U.S. Data Privacy Framework. Data transfers to OpenAI and Anthropic occur under their respective data processing agreements, which incorporate Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms for data originating in the EEA or UK. By purchasing a Report, you also consent to this transfer as a supplementary basis.

EU Representative. We have not appointed an EU representative under GDPR Article 27 because our processing of EEA personal data is occasional, does not involve large-scale processing of special categories of data, and is unlikely to result in a risk to the rights and freedoms of data subjects. If our processing activities change such that this exemption no longer applies, we will appoint a representative and update this policy accordingly.

Your rights. Under applicable data protection law, you may have the right to access, rectify, erase, restrict processing, data portability, and to object to processing. You also have the right to withdraw consent at any time where consent is relied upon as a legal basis (note: our primary legal basis is contractual necessity, not consent, except for international data transfers). Because we operate a database containing keyword inputs and pipeline analytics (see Section 2), you may request access to or deletion of this data by contacting us at info@nameyourthing.ai or contact Stripe directly.

Supervisory authority. If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.

6.3 Canadian Users

If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. PIPEDA requires that we identify the purposes for collecting personal information, obtain consent, and provide access to personal information upon request.

We collect your form inputs for the sole purpose of generating your Report (see Section 2). Your personal information is transferred to servers and third-party services located in the United States (see Sections 2 and 3). You have the right to access the personal information we hold about you and to challenge its accuracy. Because we do not maintain a database of personal information, access requests are limited to data held by Stripe on our behalf — contact us at info@nameyourthing.ai to exercise this right.

The individual accountable for our organization's compliance with privacy obligations is the owner of 10th Street Ventures, LLC, who can be reached at info@nameyourthing.ai.

6.4 Minnesota Residents

Minnesota residents may have additional rights under the Minnesota Consumer Data Privacy Act (Minn. Stat. § 325M), effective July 31, 2025, including the right to access, delete, and opt out of certain data processing. Our database contains keyword inputs and pipeline analytics (see Section 2). For access, deletion, or other requests regarding this data or data held by Stripe on our behalf, contact us at info@nameyourthing.ai to exercise any applicable rights.

7. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has used this Service, contact us at info@nameyourthing.ai.

8. Third-Party Links and Services

Your Report may reference third-party websites (such as domain registrars or the USPTO). We are not responsible for the privacy practices or content of those third-party websites. This Privacy Policy applies only to nameyourthing.ai.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Changes take effect upon posting. Your continued use of the Service after any modification constitutes your acceptance of the revised policy.

10. Contact

Questions about this Privacy Policy? Contact us at:

Email: info@nameyourthing.ai

Company: 10th Street Ventures, LLC