What we collect. What we do with it. How to delete it.

1. INFORMATION WE COLLECT

Account information. If you sign in, we store the email address you used and, for Google or Microsoft sign-in, the display name and provider account ID those services return. We do not request and do not store profile photos, contact lists, calendars, or any other scope beyond basic identity.

Questions and forecasts. When you submit a question for forecasting, we store the question text, the probability we returned, the supporting reasoning, the time- stamp, and a reference to your account or anonymous session identifier so you can see it in your history and so we can compute calibration.

Usage information. Standard server logs: IP address, browser user-agent, timestamps, URLs accessed, referrer, and response codes. Used for security, abuse prevention, quota enforcement, and operational monitoring.

Cookies. A session cookie (hd_session) if you sign in. A NextAuth cookie if you use Google or Microsoft sign-in. An anonymous identifier cookie (hd_anon) so we can enforce the anonymous daily quota without requiring sign-in. No third-party advertising cookies. No cross-site tracking.

Email subscriptions. If you opt in to receive updates, we store your email and your subscription state. You can unsubscribe from any email we send.

Payment information. When paid plans launch, payment is processed by Stripe. We do not store credit card numbers; Stripe holds those under their own privacy policy and PCI compliance. We store only the metadata Stripe returns (subscription tier, status, customer ID).

2. WHAT WE DO NOT DO

• We do not sell your personal information.
• We do not share your personal information with advertisers or data brokers.
• We do not use your questions or forecast history to build personality profiles, behavioral ad targeting, or any third- party profiling.
• We do not train a public general-purpose model on your specific questions or outputs.
• We do not access your email or calendar even when you sign in with Google or Microsoft. We only use the OAuth identity scope (your email address and display name).

3. HOW WE USE INFORMATION

We use the information we collect to:

• Operate the service, return forecasts, and show you your history
• Enforce quotas, prevent abuse, and secure the service
• Compute and publish calibration metrics on the audit page. Where individual questions are referenced on the audit page, we de-identify them — we publish the question text and outcome, not the asker.
• Improve the engine through internal research and methodology refinement. Aggregate, de-identified outputs may be used for this purpose.
• Communicate with you about your account, service updates, and (if you opted in) product news
• Comply with legal obligations

4. THIRD PARTIES WE WORK WITH

To operate Holodeck, certain information may be processed by service providers acting on our behalf under contract:

• LLM providers — primarily Anthropic, with fallback to OpenAI, Google, OpenRouter, and Cloudflare Workers AI in some configurations. When you submit a question, the question text is sent to one or more of these providers to generate the agent reasoning that goes into your forecast. Providers process inputs under their own privacy and data-use terms; we do not knowingly send sensitive personal information to LLM providers, and you agree under our Terms not to submit another person’s sensitive personal information.
• Authentication providers — Google (for “Sign in with Google”) and Microsoft (for “Sign in with Microsoft”). Identity info only.
• Stripe — payment processing, when paid plans launch.
• Hosting infrastructure — our servers are operated on Hetzner with TLS via Caddy and Let’s Encrypt.
• Public data sources — FRED, BLS, Kalshi, Polymarket, MLB Stats API, and similar — for grounding forecasts and resolving outcomes. Outbound queries do not contain user identifiers.

5. DATA RETENTION

We retain personal information only as long as it is needed for the purposes described here. Default retention:

• Account information — for as long as your account is active. Inactive accounts (no sign-in for 24 months) are archived and may be deleted after 90 days’ notice.
• Questions and forecasts — up to 24 months after submission for active accounts. After 24 months we may anonymize the record (remove the link to your account) and retain the question + forecast + outcome for calibration audit purposes indefinitely. You can delete your full history before that 24-month point from the account page.
• Server logs — up to 90 days, then deleted or aggregated.
• Cookies — session cookies expire at sign out or after 30 days of inactivity; the anonymous quota cookie rotates daily.

6. YOUR RIGHTS AND CHOICES

Access and export. You can see your full prediction history at any time from the account page. To request a machine-readable export of all data tied to your account, email nix@graycapitalllc.com with the subject “Data export”.

Deletion. You can delete your account and all identifying information tied to it from the account page using the “Delete account” button, or by emailing nix@graycapitalllc.com. We process deletion requests within 30 days. After deletion, the questions you submitted may remain in our anonymous calibration record (without your account link) for audit-integrity purposes.

Correction. You can update your display name and email from the account page (display-name editing is rolling out; for now, email nix@graycapitalllc.com).

Unsubscribe. Every marketing email we send has an unsubscribe link. Account-related email (sign-in links, security notices) is operational and cannot be unsubscribed without closing your account.

California (CCPA/CPRA), EU/UK (GDPR). If you are a resident of California, the EU, the UK, or another jurisdiction with similar privacy laws, you have additional rights including the right to access, correct, delete, and port your personal information, and to opt out of sales (which we do not do). To exercise any of these rights, email nix@graycapitalllc.com with the subject “Privacy request”. We do not discriminate against users who exercise their privacy rights.

7. CHILDREN

Holodeck is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, email nix@graycapitalllc.com and we will delete it.

8. SECURITY

We use TLS in transit, hashed session tokens, OAuth where possible, and least-privilege access on the production database. No system is perfectly secure; if we discover a breach affecting your personal information, we will notify you in accordance with applicable law.

9. INTERNATIONAL TRANSFERS

Our infrastructure is currently hosted in the United States and the European Union (Hetzner). If you access Holodeck from outside those regions, your information may be transferred to and processed in them. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

10. CHANGES TO THIS POLICY

We may update this policy as the product or applicable law changes. When we make material changes, we will update the “Last updated” date at the top of this page and, if you have an account, notify you by email or in-product notice. Continued use of Holodeck after the effective date of a change constitutes your acceptance of the updated policy.

11. CONTACT

Questions about this policy, or any privacy request, should be sent to nix@graycapitalllc.com with the subject line beginning “Privacy:”.