← Tearsheet

Privacy

Last updated: June 4, 2026

What we collect

When you sign up, we store your email address and a Stripe customer ID if you upgrade. That's the entirety of the identity data we keep on you.

When you run an agent, we store the input you submitted, the output the model produced, the token counts, and the cost — so you can read the memo again later and so we can show you your monthly usage. These are in your private account; they are not visible to other users unless you explicitly publish a memo to the public gallery. Tearsheet operators may access them only as described below.

What we do with your inputs

Your inputs (CIMs, listings, broker packages, buyer criteria) are sent to Anthropic's Claude API to generate the memo. They are not used to train Anthropic's models— Anthropic's API terms explicitly prohibit that. We do not use your inputs to train any model either. We do not sell them. We do not share them with third parties except as described below.

If you paste a URL in an input field, we send that URL to Firecrawl to scrape its contents — same content the URL would return to your browser. The scraped text is sent to Anthropic alongside your input.

Who can see your data

  • You, in your own dashboard.
  • Tearsheet operators, when needed to run or fulfill a Deal Desk Sprint, investigate support issues, or keep the service reliable. We do not publish your submitted deal materials without your explicit action or permission.
  • Anthropic, when we make API calls to Claude on your behalf. Their data-handling terms are at anthropic.com/legal/privacy.
  • Stripe, for billing and Checkout. Stripe sees your email, payment information, and any optional context you type into Checkout, such as a public listing URL, deadline, or decision context. Do not paste confidential CIM content into Stripe custom fields; forward confidential materials to hello@usetearsheet.com after payment.
  • Supabase and Vercel, which host our database and infrastructure. They are subprocessors with standard SaaS data-handling terms.
  • Firecrawl, when we scrape a URL you supplied.
  • Sentry and PostHog, for crash reporting and product analytics. We do not intentionally send these your memo content. Operational logs and analytics may include page views, button clicks, order or session IDs, account email domains or redacted email addresses, URL hostnames, and stack traces needed to keep the service reliable.

Public memos

If you click Publish on a memo, it becomes accessible at a public URL like /m/[slug]. Only the memo content, agent type, redacted public title, optional redacted public summary, and publish date are shown publicly. Your raw input, email, user ID, cost of the run, errors, and any rating you gave the memo are never displayed publicly. You can unpublish at any time.

Your API key (free tier)

If you use your own Anthropic API key on the free tier, it is encrypted with AES-256-GCM at rest using a key we manage. We decrypt it at request time to make the API call. We do not log it, we do not display it, and you can delete it at any time from Settings.

Cookies + session

We use cookies only for authentication (keeping you signed in). We do not run ad-network trackers. We do not embed third-party social pixels.

Export and deletion

Email hello@usetearsheet.com from your account address and we'll export everything we have on you, or delete it. We aim to fulfill these requests within 7 days.

Changes

If we materially change how we handle data, we'll update this page and email users on file before the change takes effect.

Contact

Privacy questions: hello@usetearsheet.com. Privacy requests are reviewed for support, safety, legal, or account administration purposes.