Privacy Policy

This Privacy Policy (the “Policy”) describes how Dynamic Alpha LLC, a Delaware limited liability company (“Dynamic Alpha,” “we,” “us,” or “our”), collects, uses, shares, and otherwise processes personal information in connection with whatareyoushipping.com, the X account @whatareyoushipping, and any related products, APIs, content, or services (collectively, the “Service”).

This Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms.

1. Scope of this Policy

This Policy applies to personal information we collect:

• through whatareyoushipping.com and its sub-domains;
• when you mention @whatareyoushippingon X with the apparent intent to submit a project (a “Submission”);
• when we ingest publicly available content on X (such as your tweet text, display name, handle, avatar, bio, and pinned tweet) to produce a listing;
• when you contact us, request removal of a listing, or otherwise correspond with us; and
• from our infrastructure providers in the form of server logs and diagnostic data.

This Policy does not apply to information you provide to third parties, including X (X Corp.), the operators of the projects we list, or any infrastructure or AI provider used by them. Those third parties have their own privacy policies that govern your relationship with them.

2. Who we are

Dynamic Alpha LLC is the controller of the personal information described in this Policy. Our contact information is in Section 22.

3. Information we collect

3.1 Information you submit to us

You can submit information by mentioning us on X, by emailing us, or by using any feedback or removal-request form we make available. The content you provide may include your X handle, project name, project URL, free-form descriptions, screenshots, and anything else you choose to send.

3.2 Information from X (Submissions)

When you mention @whatareyoushipping, our automated systems retrieve publicly available information from X about the Submission and the submitting account. This typically includes:

• the text and metadata of the tweet that mentions us;
• parent and quoted tweets in the same conversation;
• your X user ID, display name, handle, avatar image URL, bio, location, and verified status as publicly displayed;
• your pinned tweet, where present;
• publicly available URLs you have linked from your profile;
• the timestamp and approximate engagement counts of the Submission tweet at retrieval time.

We do not collect non-public X data such as direct messages, protected-account content, or follower lists beyond what X exposes publicly.

3.3 Automatically collected technical information

When you visit the Service, we and our infrastructure providers automatically collect technical information about your device and session, including:

• IP address (truncated for analytics where feasible);
• user-agent string, including browser and operating system identifiers;
• referring URL and the pages or listings you view;
• approximate geographic region inferred from IP;
• request timestamps, response sizes, status codes, and latency metrics; and
• error and crash diagnostics needed to operate the Service.

3.4 Cookies and storage

We use a small number of cookies and similar technologies described in Section 9.

3.5 Information from third parties

We may receive information about you from third-party services we use to operate the Service, such as:

• the X API and public X website, which is the primary input to listings;
• Anthropic, which provides the AI models we use to extract project metadata (we send X-derived content to Anthropic for processing);
• security and anti-abuse providers that flag traffic patterns or IP addresses; and
• email and DMCA correspondence forwarded to us by users or third parties.

3.6 Sensitive information

We do not intentionally collect “sensitive” personal information (such as government identifiers, precise geolocation, health, financial-account, or biometric data). Please do not send us sensitive information unless explicitly requested.

4. How we use information

We use personal information to:

• operate, maintain, and provide the Service;
• extract project metadata from your X Submissions and publish a public listing about your project;
• respond to listing removal, correction, verification, and DMCA requests;
• communicate with you about the Service, including operational notices;
• measure and improve the Service, including understanding aggregate traffic patterns;
• detect, investigate, and prevent fraud, abuse, spam, security incidents, and Terms violations;
• comply with our legal obligations and enforce our Terms; and
• conduct internal research, analytics, and development of new features, including those involving aggregated or de-identified data.

5. Legal bases (EEA / UK / Switzerland)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on the following legal bases:

• Consent — for processing where you have given consent, such as optional cookies. You can withdraw consent at any time.
• Contract performance — to provide the Service you requested by mentioning us on X.
• Legitimate interests — to operate, secure, and improve the Service, prevent abuse, defend legal claims, and promote our products, where those interests are not overridden by your rights and interests.
• Legal obligation — to comply with applicable law, court orders, and lawful requests.
• Public information — where we process information you have manifestly made public on X.

6. AI and automated processing

We use large language models, including models provided by Anthropic, to extract structured fields (such as project name, URL, category, pricing, and tagline) from the content of your tweet and limited public profile context. Outputs of this process are stored in our database and published as part of your listing. We do not use this processing to make decisions that produce legal or similarly significant effects about you.

We do not authorize our model providers to use your content to train their general-purpose foundation models, to the extent the applicable provider terms permit such an arrangement. Some providers retain inputs and outputs for a limited period for trust and safety purposes; we describe sub-processors in Section 8.

Because the extraction is automated and probabilistic, listings may contain inaccuracies. You can request a correction or removal at any time under Section 14.

7. How we share information

We share personal information only as described below.

7.1 Public listings

Listings are public by design and may include your X handle, display name, the text of your tweet, the URL of your project, and other information derived from your Submission. Listings can be crawled and indexed by search engines and archived by third parties outside our control.

7.2 Service providers

We share information with vendors and service providers who process information on our behalf, under contract, and for the purposes described in this Policy. See Section 8.

7.3 Legal, safety, and security disclosures

We may disclose information when we believe in good faith that it is necessary to: (a) comply with applicable law, regulation, subpoena, court order, or other lawful request; (b) enforce our Terms; (c) detect, prevent, or address fraud, security, or technical issues; (d) protect the rights, property, or safety of Dynamic Alpha, our users, or the public; or (e) defend ourselves against legal claims.

7.4 Business transfers

If we are involved in a merger, acquisition, financing, sale of assets, bankruptcy, or similar transaction, personal information may be transferred to the successor or acquirer. We will notify you of any material change in the controller of your information.

7.5 With your direction or consent

We may share information with third parties when you direct us to do so or otherwise consent to the sharing.

7.6 Aggregated or de-identified information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for any business purpose. We commit to maintaining and using such information in de-identified form and not to attempt to re-identify it, except as permitted by law.

7.7 No sale; no sharing for cross-context behavioral advertising

We do not sell personal information for money. We do not share personal information with third parties for cross-context behavioral advertising. We have not done so in the preceding 12 months and have no current plans to do so.

8. Sub-processors and service providers

We rely on a small set of vendors to operate the Service. The current list includes, at a minimum:

• Vercel Inc. — hosting, edge delivery, and serverless compute for whatareyoushipping.com.
• Fly.io (The Apps Platform Co.) — application hosting and background workers (where used).
• Supabase Inc. — managed Postgres database, storage, and authentication (where used).
• Anthropic, PBC — large language models used to extract project metadata from Submissions.
• X Corp. — source of public Submissions and profile information; we use the X API and public web endpoints.
• Cloudflare, Inc. — content delivery, DDoS mitigation, and bot management (where used).
• An email-sending provider (such as Postmark or Resend) — for transactional email such as removal-request acknowledgements.
• An analytics provider (such as Plausible or Vercel Analytics) configured to avoid tracking cookies and to minimize personal data.

We require these vendors to handle your information consistently with this Policy and applicable law. Vendors may change from time to time; please contact us if you would like an up-to-date list.

9. Cookies and similar technologies

Cookies are small data files that a website stores in your browser. We use cookies and similar technologies only as needed for the categories below:

• Strictly necessary — for security, session integrity, load balancing, and to remember your preferences (such as dismissing a cookie banner). These cookies cannot be turned off through our preference controls because the Service would not function without them.
• Analytics — to understand aggregate usage patterns and improve the Service. Where we use a cookie-dependent analytics tool, we will obtain consent in jurisdictions that require it before setting the cookie.

We do not use cookies for cross-context behavioral advertising or for selling personal information.

Most browsers let you delete or block cookies. Blocking strictly necessary cookies may impair parts of the Service.

10. Analytics

We use privacy-respecting product analytics to measure aggregate traffic to the Service. Where possible, we configure these tools to truncate IP addresses, avoid persistent cross-site identifiers, and avoid sending personal information.

11. Data retention

We keep personal information for as long as needed to operate the Service and fulfill the purposes described in this Policy, including to:

• keep your listing publicly available until you ask us to remove it or we determine removal is appropriate;
• maintain audit, security, anti-abuse, and backup records for a reasonable period (typically up to 24 months) after a listing is removed;
• comply with our legal obligations, including tax, accounting, and litigation-hold requirements; and
• defend ourselves against legal claims.

Server-log data is typically retained for a short period (commonly 30–90 days) and aggregated thereafter. Removed-listing metadata is retained only as long as necessary to prevent re-creation of removed listings and to honor your removal request.

12. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), access controls, principle-of-least-privilege for staff access, and infrastructure providers that themselves maintain industry-standard security certifications.

No system is perfectly secure. We cannot guarantee that unauthorized access, disclosure, alteration, or destruction of information will never occur. If we become aware of a security incident that affects your personal information, we will notify you and applicable regulators as required by law.

13. International data transfers

We are based in the United States, and the Service is hosted with providers that operate globally. Your information may be transferred to, stored, and processed in the United States and in other countries where our service providers operate.

Where we transfer personal information from the EEA, the UK, or Switzerland to a country that has not been deemed adequate, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), or other mechanisms permitted by applicable law. You can request a copy of the safeguards by contacting us.

14. Your privacy rights

Subject to applicable law, you may have the right to:

• Access — request a copy of the personal information we hold about you;
• Correction — ask us to correct inaccurate or incomplete information, including listing fields;
• Deletion — ask us to delete your personal information, including by removing a listing about you;
• Portability — receive your information in a portable format;
• Restriction or objection — restrict or object to certain processing, including processing based on legitimate interests;
• Withdraw consent — withdraw any consent you previously gave;
• Opt out of sales / sharing / targeted advertising — although, as noted, we do not engage in these activities;
• Non-discrimination — exercise these rights without being charged a different price or receiving a different quality of service, except as permitted by law; and
• Lodge a complaint — file a complaint with the data-protection authority of your country or state.

To exercise these rights, email privacy@dynamicalpha.com from a verifiable address or send a verification tweet from the X account associated with the listing. We will respond within the time required by applicable law. We may need additional information to verify your identity before fulfilling a request.

You may use an authorized agent to submit a request on your behalf, subject to verification.

15. California disclosures (CCPA / CPRA)

This section provides additional information for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”).

Categories of personal information collected (last 12 months). We have collected the following CCPA categories from California residents:

• Identifiers — X handle, X user ID, display name, email address (if you contact us), IP address;
• Internet or other network activity information — browsing and interaction with the Service, referring URLs;
• Geolocation data — coarse, IP-derived;
• Professional or employment information— only to the extent included in your X bio or Submission (e.g., “founder at X”);
• Inferences — categorization of your project derived by AI from your Submission.

Sources: you, your public X account, our infrastructure providers, and AI processing of the above.

Business purposes: the purposes described in Section 4.

Categories disclosed: to the sub-processors described in Section 8, and as described in Section 7.

No sale; no sharing. We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

Sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you. If we do collect any information that would be sensitive personal information, we use it only for purposes permitted without a right to limit under the CCPA.

How to exercise your rights. California residents may exercise the rights described in Section 14, including the rights to know, delete, correct, opt out of sales/sharing, and limit the use of sensitive personal information. We will not discriminate against you for exercising these rights.

Shine the Light. California residents may additionally request information about our disclosures, if any, of personal information to third parties for the third parties' own direct-marketing purposes during the prior calendar year. We do not make such disclosures.

16. Other U.S. state privacy laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Jersey, Florida, Minnesota, New Hampshire, Rhode Island, Maryland, and other states with comprehensive privacy laws have additional rights under those laws, including the rights to access, correct, delete, port their information, and opt out of certain processing.

You may exercise these rights by emailing privacy@dynamicalpha.com. If we deny a request, you may appeal our decision by replying to our response with the word “Appeal” in the subject and a brief explanation. We will respond to your appeal within the time required by applicable law and, if it is denied, will explain how you may contact the attorney general of your state.

We do not engage in profiling that produces legal or similarly significant effects about you.

17. EEA, UK and Swiss residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 14 and the right to lodge a complaint with your local supervisory authority. The legal bases for our processing are described in Section 5.

Our EU/UK representative and Data Protection Officer (where required) can be reached at privacy@dynamicalpha.com. We will publish formal representative contact details if and when we appoint one.

18. Children's privacy

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@dynamicalpha.com and we will take appropriate steps, including deletion.

19. Do Not Track and Global Privacy Control

Some browsers send a “Do Not Track” signal or a Global Privacy Control (“GPC”) signal. We treat a GPC signal received from your browser as a valid request to opt out of sale or sharing of personal information for cross-context behavioral advertising, to the extent we engage in either (we currently do not). We do not respond differently to generic “Do Not Track” signals because there is no common industry standard for them.

20. Third-party sites and services

The Service includes links to third-party websites, including the projects we list and the source tweets on X. Those websites have their own privacy policies. We are not responsible for the information practices of third parties. We recommend you review the privacy policy of any third-party service before providing personal information to it.

21. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will post the updated Policy with a new “Last updated” date and, where reasonable, take additional steps to notify you. Material changes take effect when posted unless we state otherwise. Your continued use of the Service after a change takes effect constitutes acceptance.

22. Contact us

Questions, complaints, or rights requests should be sent to privacy@dynamicalpha.com.

Dynamic Alpha LLC
Operator of whatareyoushipping.com
Delaware, United States
privacy@dynamicalpha.com