Privacy Policy

What we don't collect

WhatCanHelp.com does not require an account to use. We do not use third-party advertising trackers, social media pixels, or cookies for tracking. If you create an account, a session cookie is used solely to keep you logged in.

When you use our guided intake, your query is processed in real time and is not stored. We do not log, save, or analyze the text of your searches.

What we do collect

Anonymous interaction events. We record a small set of events to understand how the site is used: page visits, intake submissions (event only — no query text), products viewed, comparisons made, reports downloaded, clicks out to state lending programs (recorded as an anonymous per-state tally with no visitor identifier at all), and clicks on outbound Amazon links (an anonymous tally, also with no visitor identifier). To distinguish one visitor's actions from another's within a single day, we generate a one-way hash from your IP address and browser fingerprint combined with a secret salt that rotates every 24 hours. After the salt rotates, the previous day's hashes cannot be linked back — not even by us. Event records are automatically deleted after 90 days. Beyond that window we keep only aggregate daily counts — totals like views per product or lending clicks per state — with no visitor data attached.

Your state selection. If you choose a state to see its lending program, that choice is saved in your browser's local storage, not on our servers. It is sent to the server only if you generate a PDF report (so the report can include your state's program) and is used for that render only — never stored.

Cloudflare Web Analytics. We use Cloudflare's privacy-preserving analytics to count page views and measure site performance. Cloudflare's analytics do not use cookies and do not store visitor IP addresses or fingerprints.

Newsletter emails. If you voluntarily subscribe to our newsletter, we store your email address. You can unsubscribe at any time.

Operational logs. We may retain technical logs for security and reliability. We do not use them for advertising, analytics, profiling, or visitor tracking, and we do not sell or share them.

How AI processing works

WhatCanHelp uses Anthropic's Claude API to do three things: match your guided-search description against our catalog, classify products into our taxonomy, and generate plain-language product descriptions. We want to be specific about what that means for your data.

What gets sent. When you submit the guided intake, the text you typed and the optional filter selections (age band, budget, platform) are sent to Anthropic's API as the body of an HTTPS request. We do not include your IP address, your email, any session identifier, or any account information in that request.

What Anthropic commits to. Under their commercial API terms and published privacy policies, Anthropic does not use API inputs or outputs to train their models. Customer API data is retained for up to 30 days for trust-and-safety review (abuse detection) and then deleted. Anthropic does not sell customer data or share it with third parties for advertising.

What we do on our end. We do not write the intake text to our database, log files, or any persistent store. The text exists in memory only long enough to send the request and render the response back to you. The privacy invariant in our codebase explicitly forbids any logging path that would persist intake free-text.

Why we still ask you not to share PHI. Even with the protections above, the most defensible posture is to minimize identifying information at the source. A clinician describing "7-year-old nonspeaking, school-issued iPad, ruling out PODD vs. core-word grids" gets the same quality of match as one who includes the client's name and DOB — with zero PHI exposure. We treat this as defense-in-depth, not paranoia.

Other AI processing. Product classifications and descriptions are generated offline (not at request time) using the same API; only public vendor-published product content is sent in those requests, never user input.

Other third-party services

We use Cloudflare Web Analytics for aggregate, cookieless traffic measurement. Cloudflare's privacy policy applies to this processing.

Some product links include Amazon affiliate tags. Clicking these links takes you to Amazon.com, which is governed by Amazon's own privacy policy.

Contact

Questions about privacy? Email hello@whatcanhelp.com.