PRIVACY POLICY

THE LATHE — SIGNIFICANT MACHINE, LLC

EFFECTIVE: APRIL 12, 2026 · LAST UPDATED: APRIL 12, 2026

The Lathe is a customer experience (CX) evaluation tool operated by Significant Machine, LLC (“we,” “us,” “our”). This policy describes what data we collect through the Lathe web application at lathe.significantmachine.com and the Lathe Chrome Extension, how we use it, and who we share it with.

WHAT WE COLLECT

ACCOUNT INFORMATION

When you create an account, we collect your email address and a password. Your password is hashed before storage and is never accessible to us in plaintext. We do not collect your name, phone number, or any other personal information at signup.

EVALUATION DATA

When you run an evaluation, we receive the URL you submitted. For Page Score evaluations (via the Chrome Extension), we also receive the page title, meta description, and visible text content of the current page (up to 15,000 characters). For Journey Score evaluations, we crawl the URL and up to four linked pages to extract their content.

Evaluation results — scores, stage breakdowns, and recommendations — are stored in your account so you can review them later.

PAYMENT INFORMATION

If you subscribe, your payment is processed entirely by Stripe. Your credit card number, expiration date, and CVC are entered on Stripe's hosted checkout page and are never sent to or stored on our servers. We store only your Stripe customer ID, subscription status, and billing period dates.

USAGE DATA

We use Plausible Analytics (a privacy-focused, cookieless analytics service) and Vercel Analytics to understand how the web application is used. These services collect page URLs, referrers, browser type, and performance metrics. They do not use cookies, do not track users across sites, and do not collect personally identifiable information. The Chrome Extension does not include any analytics.

FEEDBACK

If you submit a Customer Effort Score (CES) survey after an evaluation, we store the score (1–7) linked to that evaluation.

CHROME EXTENSION

The Lathe Chrome Extension extracts text content from web pages you choose to evaluate. It does this only when you click the Evaluate button — it does not passively monitor your browsing or collect data in the background.

The extension stores the following data locally on your device (in Chrome's extension-scoped storage, not accessible by websites):

  • Your authentication session tokens
  • Your preferred evaluation mode (Page Score or Journey Score)
  • Your last 20 evaluation results (URL, score, date)

This locally stored data is never sent to our servers or any third party. It is cleared when you uninstall the extension.

THIRD-PARTY SERVICES

We share data with the following services to operate The Lathe:

SERVICEDATA SHAREDPURPOSE
SupabaseEmail, password hash, evaluation metadataAuthentication and database
Anthropic (Claude)Page content and URLs being evaluatedAI-powered CX scoring
FirecrawlURLs being evaluatedWeb page content extraction
StripeEmail, payment details (on Stripe's page)Payment processing
PlausiblePage URLs, browser type (no PII)Privacy-focused web analytics
VercelPerformance metricsHosting and performance monitoring

Page content sent to Anthropic's Claude API for evaluation is processed according to Anthropic's API data retention policy. We do not use your evaluation data to train AI models. Your account information (email, name) is never sent to Claude or Firecrawl.

DATA RETENTION

Your evaluation history is retained in your account for as long as your account exists. If you delete your account, all associated data — evaluations, scores, recommendations, and survey responses — is permanently deleted from our database.

Stripe retains payment records according to their own data retention policies and legal obligations.

SECURITY

We protect your data with row-level security policies on all database tables (you can only access your own data), encrypted connections (HTTPS everywhere), and server-side authentication on every API request. Payment card data is handled entirely by Stripe and never touches our servers. We do not sell, rent, or share your personal information with third parties for marketing purposes.

COOKIES

The Lathe web application uses essential cookies for authentication (maintaining your login session). We do not use advertising cookies, tracking cookies, or third-party cookies. Plausible Analytics is cookieless by design.

YOUR RIGHTS

You can:

  • Access your data — View your evaluation history and account details in the app.
  • Export your data — Download evaluation results as PDF reports from the Chrome Extension.
  • Delete your data — Contact us to delete your account and all associated data.
  • Cancel your subscription — Manage or cancel your subscription at any time through the Stripe billing portal in Settings.

CHILDREN

The Lathe is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.

CHANGES TO THIS POLICY

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Lathe website. The “Last Updated” date at the top of this page indicates when the policy was last revised.

CONTACT

If you have questions about this privacy policy or your data, contact us at:

Significant Machine, LLC
Washington, DC metro area
info@significantmachine.com

THE LATHE · SIGNIFICANT MACHINE, LLC · WASHINGTON, DC