Privacy
Last updated 12 July 2026
The short version
PickChill is built to hold the things you are not ready to say out loud. So what you are deciding between stays yours: your decision titles and your option labels are never collected, never analysed, and never used to build a profile of you. We measure how the app is used - counts and clicks - not what you put in it. There is no advertising, no tracking across other sites, and nothing is ever sold.
What we store
Your account. Your email address, your display name, and - if you sign in with Google - the avatar picture Google gives us. If you signed up with a password, we store it hashed (bcrypt), never as text. We also keep the date you joined and the date you last signed in.
Your decisions. The title and description you give a decision, the options you put in it, and every pick you make between them. We keep the picks because they are what lets you replay a decision, undo a step, and see how you reached your top pick. This content is stored so that you can come back to it - it is visible to you, and not to anyone else, unless you choose to share it.
When you share. If you turn on a share link or send someone a decision to compare, that decision becomes readable by anyone holding the link - that is what the link is for. The shared copy is stripped down first: it never carries your account id or your other decisions. You can turn a link off at any time.
When someone picks for you. If a friend follows your compare link, we store the name they type in and the single option they picked. They stay anonymous otherwise - no account, no email, no tracking.
The demo stays on your device. Anything you do in the demo at /demo lives in your browser's local storage and is never sent to us - unless you create an account, at which point we offer to bring those decisions with you.
Analytics - what we measure, and what we never measure
We use PostHog to understand how people use PickChill: which features get used, where people get stuck, whether the demo leads anywhere. Our PostHog project runs on PostHog EU Cloud, so the data stays in the European Union.
We record a fixed, short list of events. That list is:
- You opened the demo
- A decision was created, and how many options it had
- A pick was made, which round it was in, and whether the tie-helper was used
- A decision was completed, with the number of options and picks it took
- A feature was used - export, a compare link, a reminder
- An account was created, and whether by email or Google
Every one of those carries only counts, yes/no flags and fixed labels- a number of options, a round number, the word "png" or "pdf". That is enforced in our code: an event that tried to carry your text would not build.
What we deliberately do not do:
- No session recording. We do not replay your screen. Ever.
- No autocapture. Many analytics setups hoover up the text of everything you click. That would scrape your option labels straight off the page, so it is switched off - both in the code and on the PostHog project itself.
- No decision content. Titles, descriptions and option labels never leave your device for our analytics.
- No advertising networks, no data brokers, no cross-site tracking.
There are two modes, depending on whether you are signed in:
- Signed out - analytics runs in cookieless mode. It writes nothing at all to your device: no cookie, no id, nothing to carry you between visits.
- Signed in - we already know who you are from your session cookie, so events are attached to your account id. Even then, analytics stores nothing on your device; the id is handed to it fresh on each page load and forgotten when you close the tab.
We email you only when you ask us to: a password reset link when you request one, and a reminder about a decision when you set one. There is no marketing email and no newsletter. Reset links expire after an hour.
Who else touches your data
We keep this list short on purpose. Each of these is a service PickChill runs on - none of them is given your data for their own purposes:
- Vercel - hosting and serving the app.
- Neon - the database your account and decisions live in.
- Upstash - short-lived cache and rate-limiting.
- Resend - sending the password-reset and reminder emails.
- PostHog (EU Cloud) - the analytics described above.
- Google - only if you choose to sign in with Google. We ask Google for your email address, name and avatar, nothing more.
How long we keep things
Your account and your decisions are kept until you delete them. A deleted decision is recoverable for 30 minutes (that is what the Undo is), and then it is gone. Analytics events are kept by PostHog under their standard retention.
Deleting your data
You can delete any decision from the app at any time. You can delete your whole account from your profile page. That removes your account and everything attached to it - your decisions, your options, your picks, your share links - immediately and for good. There is no soft-delete and no grace period, so please be sure.
If you are in the UK or the EU, you also have the right to ask for a copy of your data, to have it corrected, or to object to how we use it. Email us and we will sort it out.
Security
Passwords are hashed with bcrypt. Password-reset links are stored hashed, so even we cannot read them. Traffic is served over HTTPS only, and every request for a decision is re-checked against its owner before anything is returned.
Changes to this policy
If we change what we collect, we will change this page and update the date at the top. If we ever want to store something on your device that is not strictly necessary, we will ask you first - properly, with a real choice.
Contact
Questions, requests, or something here that does not look right: privacy@pickchill.com.