Pain Spotter

Privacy Policy

Last updated: 2026-05-08

This is a draft policy in plain language. It reflects our current data practices but should not be treated as legal advice.

1. Who we are

Painspotter ("we", "us") is operated by an individual developer based outside the EU. Painspotter surfaces business opportunities by analyzing publicly available discussions on Reddit, Product Hunt, and similar community platforms.

For any privacy question or to exercise your rights described below, please write to paininsight40@outlook.com. You can also reach us on Reddit at /u/No-Mixture-6486.

2. What we collect

Account data — your email address, a salted password hash, and (if you subscribe) a Stripe customer ID. We never see or store your raw password or full card number.

Public posts and comments — content from Reddit, Product Hunt, Hacker News, YouTube, etc., fetched through their public APIs or RSS-style endpoints. Original usernames are immediately replaced with an irreversible hash (an opaque fingerprint) before they reach the database. We do not crawl private subreddits, gated communities, or DMs.

Access logs — your IP address, browser User-Agent, and request paths, kept for at most 30 days for abuse prevention and debugging.

3. Why we collect (legal basis)

To provide the service — running your account, charging your subscription, and rendering the dashboard rely on a contract with you (GDPR Art. 6(1)(b)).

To extract pain points and opportunities — we run an LLM over public posts. Because the analysis is meant for paying users and is performed on already-public content, we rely on legitimate interest (GDPR Art. 6(1)(f)). Username pseudonymization (PII hashing) is the safeguard that makes this proportionate.

To prevent abuse — short-lived access logs are kept under legitimate interest; we do not profile or sell them.

4. How long we keep things

Account data — for the lifetime of your account; deleted within 30 days of account termination.

Original post and comment text — kept while it remains valuable for analysis. Author identifiers are removed at write time. If a Reddit user deletes their content, or if you ask, we remove our copy within 30 days.

LLM outputs (opportunity descriptions, pain-point summaries) — kept until manually retired or until the underlying source disappears.

Access logs — at most 30 days.

5. Who we share with

We do not sell your personal data. We share it only with third parties strictly necessary to operate Painspotter:

  • Stripe, Inc. — payment processing.
  • LLM providers (Google Gemini, OpenAI, Anthropic) — for processing publicly sourced post text. Personal usernames are never sent.
  • Cloud infrastructure (server hosting, CDN) — to operate the site.

Each of these parties has their own privacy policy. We send the minimum necessary fields.

6. Your rights (GDPR / CCPA / similar laws)

You have the right to:

  • Access — request a copy of any data we hold about you.
  • Correction — fix anything inaccurate.
  • Erasure / be-forgotten — ask us to delete your account or specific Reddit/PH content originating from you.
  • Restriction & objection — pause our processing or object to legitimate-interest processing.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent — where processing is based on consent (e.g. cookies).

Email paininsight40@outlook.com from the address linked to your account, or with proof of identity. We respond within 30 days.

If you believe our handling of your data infringes your rights, you may also lodge a complaint with your local data-protection authority.

7. Cookies and similar technologies

We use a minimal set of cookies:

  • A session cookie to keep you logged in.
  • A locally stored preference for your language and starred opportunities.

We do not use third-party advertising or cross-site tracking cookies.

8. International transfers

Painspotter is hosted on cloud infrastructure that may store data in countries different from yours. We rely on the providers' standard contractual clauses (or equivalent safeguards) for any cross-border transfer.

9. Changes to this policy

We may update this policy from time to time. The Last updated date at the top reflects the current version. Material changes will be announced on the site at least 14 days before they take effect.

10. Contact

Questions, requests, or concerns: paininsight40@outlook.com (PGP available on request).