Privacy Policy
Last updated: February 22, 2026
1. Who We Are
Rate My Slop ("we", "us", "our") is operated by Dubious Labs. We provide an AI-powered image and video analysis service at ratemyslop.io. We are the data controller for the personal data processed through this service.
For privacy-related inquiries, contact us at: info@ratemyslop.io
2. What Data We Collect
| Data | Purpose |
|---|---|
| Email address | Account creation, login, and service communications |
| Password (hashed) | Authentication via AWS Cognito |
| Uploaded images/videos | AI analysis (scoring how AI-generated content appears) |
| Analysis results | Displaying your history and scores |
| Google account info (if using Google Sign-In) | Email for account linking; we do not access your Google data beyond basic profile |
We do not collect analytics, tracking pixels, or advertising identifiers. We do not sell your data.
3. Legal Basis for Processing (GDPR Art. 6)
- Contract performance — Processing your uploads and delivering analysis results is necessary to provide the service you signed up for.
- Legitimate interest — Maintaining security, preventing abuse, and improving the service.
- Consent — Where required (e.g., optional communications). You can withdraw consent at any time.
4. How We Store and Process Data
- Hosting: AWS (eu-central-1, Frankfurt). Uploaded files are stored in Amazon S3. Database hosted on Neon (PostgreSQL).
- Authentication: AWS Cognito. Passwords are never stored by us in plaintext.
- AI Analysis: Amazon Bedrock (Claude). Uploaded content is sent to the AI model for analysis. Amazon Bedrock does not use your data for model training.
- Encryption: Data in transit is encrypted via TLS. Data at rest is encrypted using AWS-managed keys.
5. Data Retention
- Account data: Retained while your account is active.
- Uploaded files & analyses: Retained until you delete them or your account is deleted.
- Account deletion: When your account is deleted (by you or an admin), all associated data — including uploads, analyses, and S3 objects — is permanently removed.
6. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access — Request a copy of your personal data.
- Rectification — Correct inaccurate data.
- Erasure — Request deletion of your data ("right to be forgotten").
- Restriction — Limit how we process your data.
- Portability — Receive your data in a structured, machine-readable format.
- Object — Object to processing based on legitimate interest.
To exercise any of these rights, email info@ratemyslop.io. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
7. Third-Party Services
- Amazon Web Services (AWS) — Infrastructure, storage, authentication, AI processing. AWS Privacy
- Google Sign-In — Optional authentication. Subject to Google's Privacy Policy
- Neon — Database hosting (PostgreSQL). Neon Privacy Policy
8. Cookies
We use strictly necessary HTTP-only session cookies for authentication:
rms_id,rms_at,rms_rt— JWT session tokens (30-day expiry)
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
9. International Transfers
Your data is primarily processed in the EU (AWS eu-central-1, Frankfurt). Some AWS services may involve limited data processing in other regions. AWS participates in the EU-US Data Privacy Framework and provides Standard Contractual Clauses for international transfers.
10. Children
Rate My Slop is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via the service. Continued use after changes constitutes acceptance.