Privacy Policy
Last updated: May 22, 2026 · Effective immediately
This policy explains what House Tiger™ ("we", "the site") collects, why, and what choices you have. It is written in plain English. If anything is unclear, please email us. The address is in the Contact section below.
The short version
- We do not sell or share your data with brokers or advertising networks. Ever.
- Most of the site works without an account. Your cat's profile lives on your device until you choose to sign in and save it to an account.
- When you click a "buy" link, we record that you clicked it. We do not record what you bought. The aggregate lets us understand which products are useful enough to surface.
- The AI wellness note is generated by an external language model. You can opt out of AI in the My Cat form by switching to rule-based mode, which produces an instant, deterministic summary with no AI call.
What we collect
Information you provide
- Cat profile (name, age, weight, lifestyle, conditions, eating habits, current food, optional sex and "other conditions" notes). Used to generate personalized product picks and the wellness note. Stored on your device in your browser's localStorage by default. Stored server-side only if you sign in and save it to your account.
- Email address, if you sign in or join the DNA waitlist. Used to send you a one-time sign-in code (no password) or future product notifications.
- Optional free-text (cat name, "other conditions" notes, current food, etc.). These are scanned for known prompt-injection patterns before any AI call; flagged content is dropped and logged for security review.
- Cat photos (only if you use the Breed Identifier). Photos are uploaded over HTTPS, processed in memory, sent once to our AI provider for breed analysis, and then immediately discarded. We never write image bytes to disk, the database, or any log. If you choose to unlock the full top-3 result by entering your email, we store the email + the top breed name we returned to you — but we do not store the photo. See the Photo handling section below for full detail.
Information we collect automatically
- Click data: when you click an outbound retailer link, we record the product, retailer, referrer surface (e.g., "modal" or "mycat-hero"), and timestamp. We do not record what you actually purchase — that happens on the retailer's site under their own privacy terms.
- Approximate IP: used only for short-term rate limiting (preventing abuse of the AI endpoint) and security incident logging. Not stored long-term against your profile.
- Server logs: standard HTTP access logs (URL, timestamp, response code). Retained briefly for debugging and security monitoring.
What we don't collect
- No third-party advertising trackers, pixels, or analytics fingerprinters.
- No precise location data.
- No payment information (we never handle payments — purchases happen on retailer sites).
- No data about your other browsing.
How we use it
- To run the service: generate personalized picks, store your account if you have one, deliver sign-in codes, redirect affiliate clicks.
- To improve the service: aggregate (non-identifying) click stats tell us which products are most useful to surface. We never review individual user behavior.
- To prevent abuse: rate limiting and prompt-injection detection use ephemeral IP and request data to stop attacks.
- To honor your choices: the AI-toggle preference is stored locally on your device.
Third-party services
House Tiger uses a small number of vetted external services. Each has its own privacy policy; clicking links below opens them in a new tab.
- Hosting: Render — runs the application server and database.
- AI language models: Anthropic, Cerebras, and Groq. When you request a wellness note with AI enabled, your sanitized cat profile and the rule-based findings are sent to one of these providers to generate the prose. None of these providers train their public models on House Tiger requests.
- Affiliate networks: Impact, CJ Affiliate, and Amazon Associates. When you click a buy link, you leave House Tiger and arrive at the retailer's site, where the network logs the click for commission tracking.
- Domain & DNS: Wix (registrar). The Wix-hosted website builder is not in use.
AI handling specifics. The data sent to AI providers is limited to: your cat's profile (age, weight, conditions, etc., with free-text scrubbed of any injection patterns), the list of matched products from our database, and the matched article titles. No account email, IP, or session token is ever sent to an AI provider.
Photo handling (Breed Identifier)
The Breed Identifier is a free tool that estimates your cat's likely breed from one or more uploaded photos. We designed the data flow to be the simplest possible — and to never keep your photos.
- Upload: your photos travel over HTTPS to our server. The server resizes each one in memory to at most 1280 pixels on the longest side so the AI processor receives the smallest workable image.
- Inference: the resized images are sent once, in-memory, to Anthropic's Claude Vision API. Anthropic returns a JSON breed estimate. Per Anthropic's API terms, images submitted via their API are not used to train their public models; they may be retained for up to 30 days for abuse review.
- Discard: once we've received the breed estimate, the image bytes are immediately garbage-collected. We do not write the photos to disk, to the database, or to any log. We do not send them to any other third party.
- If you unlock the full top-3 result by entering your email, we record only: your email, the optional cat name you supplied, the top breed name we showed you, the confidence we showed you, and the timestamp. The photo itself is still not stored — by then, it's already gone.
- If you do not unlock, your visit leaves no persistent trace of the photo or the result anywhere.
Cookies and local storage
House Tiger uses your browser's localStorage (not cookies for tracking) to remember:
- Your cat's profile when signed out
- Your session token when signed in
- Your AI/rule-based preference
- Your light/dark theme
You can clear localStorage any time from your browser settings — the next page load will be a fresh start.
Affiliate disclosure
House Tiger participates in affiliate programs with Chewy, Amazon, PetSmart, Petco, and a handful of others. When you click a product link and complete a purchase, House Tiger may earn a small commission at no extra cost to you. This never influences product rankings. The Cat Score is computed from real owner reports and retail ratings, and we do not accept payment to promote products. If a brand offered us money for placement, we would say no. That promise is structural, not aspirational: there is no field in the database that connects commission rate to ranking position.
Children's privacy
House Tiger is not directed at children under 13. We don't knowingly collect information from anyone under 13. If you believe a child has provided us with personal information, email privacy@housetiger.org and we'll delete it.
Your rights
You have the right to:
- Access the personal data we hold about you (if you have an account, email us and we'll send a copy).
- Delete your account and associated data. Sign in and use the "Clear Profile" or "Delete Cat" controls, or email us.
- Correct inaccurate information — sign in and edit your cat profile, or email us.
- Opt out of AI — toggle the "Use AI" checkbox in the My Cat form.
- Opt out of the DNA waitlist — email us and we'll remove you.
If you're in the EU/UK, you have rights under GDPR; if you're in California, you have rights under CCPA/CPRA. To exercise any of these, email privacy@housetiger.org.
Data retention
- Account data kept while your account is active; deleted on request or after extended inactivity (24+ months) with notice.
- Click data kept indefinitely in aggregate form for understanding product trends.
- Sign-in codes expire after 10 minutes and are auto-deleted.
- Session tokens expire after 30 days.
- Security incident logs kept up to 12 months for pattern analysis, then purged.
Security
We protect data with: HTTPS everywhere, secure session tokens (no passwords stored), per-IP rate limiting, prompt-injection detection, output secret redaction, and admin endpoint authentication. No system is perfectly secure — if you spot a vulnerability, please email security@housetiger.org.
Changes to this policy
We may update this policy as the service evolves. Material changes will be flagged at the top of this page with a revised "Last updated" date. Continued use of the site after a change constitutes acceptance.
Questions, requests, complaints: privacy@housetiger.org