Grudge Court

Privacy Policy

Grudge Court — Privacy Policy

Version: 1.0 · Effective date: July 7, 2026 Data controller: Udight LLC, 7 Whittier Pl, Ste 108 PMB 266, Boston, MA 02114, USA — contact: privacy@grudgecourt.com

Grudge Court settles trivial disputes for entertainment. Your disputes, however, are real text about your real relationships — so we treat everything you submit as sensitive personal data, even when it's about who ate whose leftovers.

Translations of this policy may be provided as a courtesy. The English version controls.


1. What We Collect

Data Source Why
Account email, display name You, at signup Account, verdict notifications, receipts
Case content (title, both parties' stories, optional evidence images) You and your opposing party Generating the verdict — that's it (see §3)
Locale / language Browser, ad link, your settings Showing the UI and verdict in your language
IP address Automatic Fraud and abuse prevention, rate limiting, ToS-acceptance logging
ToS acceptance record (user/anon ID, timestamp, version, IP) Automatic at click-wrap Legal record of agreement
Analytics events (case filed, verdict viewed, etc.) Automatic Product funnels, ad attribution (consent-gated where required)
Payment data Stripe Subscriptions. We never see or store your card number — Stripe, our PCI-compliant processor, handles it
Guest respondent email (optional) Respondent, if they choose Notifying them of the verdict; nothing else

We do not collect data from anyone under 18 (the service is 18+ only) and we do not knowingly process children's data — if we learn we have, we delete it.

2. Case Content Is Sensitive — How We Protect It

Relationship-dispute text can be intimate. We treat all case content as sensitive:

  • Encrypted in transit (TLS everywhere) and encrypted at rest (Azure Cosmos DB default encryption).
  • Access is restricted to what the service needs to function plus an admin abuse-review queue.
  • Cases are private by default; they are visible only to the plaintiff, the holder of the unguessable respondent link, and — only if you opt in — the public gallery.

3. AI Processing — No Training On Your Data

Verdicts are generated using Azure OpenAI Service (Microsoft). Your case content is used only to generate your verdict and pass required safety moderation. It is never used to train AI models — neither by us nor by Microsoft: per Microsoft's Azure OpenAI data-privacy commitments, prompts and outputs are not used to train, retrain, or improve foundation models and are not shared with OpenAI or other customers. Submissions are also screened by Azure AI Content Safety to block harmful content.

4. Retention and Deletion

  • Free-tier cases: automatically deleted 90 days after creation.
  • Premium cases: retained while your subscription is active, unless you delete them.
  • User-triggered deletion (a case or your whole account): hard delete within 30 days, including rendered verdict-card images and evidence uploads.
  • Unanswered cases: expire after 14 days.
  • Analytics events: deleted after 90 days.
  • ToS-acceptance and billing records are kept as long as legally required.

5. Where Your Data Lives

Data is stored in Microsoft Azure, East US region (United States) at launch. If you use Grudge Court from outside the US, your data is transferred to and processed in the US. For EU/EEA/UK users, transfers are covered by Microsoft's Data Protection Addendum incorporating the EU Standard Contractual Clauses.

6. Who We Share With (and Who We Don't)

We share personal data only with processors needed to run the service: Microsoft Azure (hosting, database, AI, email), Stripe (payments), and — subject to your consent choices — advertising/analytics partners (Meta, Google) for ad attribution. We do not sell your case content. We may disclose data if required by law or to protect users from serious harm.

Advertising note: we use Meta Pixel / Conversions API and Google Ads conversion tags to measure whether our ads work. Under some laws (CCPA/CPRA) this counts as "sharing" data — you can opt out (§8).

7. Your Rights — GDPR (EU/EEA/UK)

Our lawful bases are performance of a contract (running the service you signed up for) and consent (marketing cookies, marketing emails, public gallery). You have the right to access, rectify, erase, restrict, port, and object, and to withdraw consent at any time.

Self-serve, built in:

  • Export my data: account settings → Export (or POST /me/export) — we email you a download link.
  • Delete my account: account settings → Delete (or DELETE /me) — full purge within 30 days.

Data controller contact: privacy@grudgecourt.com. You may also lodge a complaint with your local supervisory authority. Cookie consent for EU users is opt-in before any marketing cookies fire (see the Cookie Policy).

8. Your Rights — California (CCPA/CPRA)

California residents have the right to know, delete, correct, and opt out of the sale/sharing of personal information, without discrimination. We do not sell personal information for money; our ad-measurement pixels may constitute "sharing." Use the "Do Not Sell or Share My Personal Information" link in the footer (or account settings) to opt out. We honor the Global Privacy Control (GPC) browser signal as an opt-out. Requests: privacy@grudgecourt.com.

9. Cookies

See the Cookie Policy for the full list. Short version: essential cookies always on; analytics/marketing cookies are opt-in in the EU and opt-out (incl. GPC) for California.

10. Security

TLS everywhere, encryption at rest, secrets in Azure Key Vault, least-privilege access via managed identities, and abuse/rate-limit protections. No system is perfectly secure; if a breach affects your data we will notify you and regulators as required by law.

11. Changes and Contact

We will announce material changes in-product before they take effect. Questions, requests, complaints: privacy@grudgecourt.com or Udight LLC, 7 Whittier Pl, Ste 108 PMB 266, Boston, MA 02114.