annoyedcom
Browse
Sign in

Effective date: July 10, 2026

Privacy Policy

This policy explains what annoyed.com collects, why, who it’s shared with, how long we keep it, and the rights you have over it. It applies to everything on annoyed.com.

The short version: we collect what’s needed to run a review site and nothing else. No ad networks, no trackers, no selling or sharing your data for advertising — ever. Your grievances are public; your email and proof-of-purchase files are not.

1. What we collect

You give us

  • Account details — display name, email address, and password. Passwords are stored only as scrypt hashes; we cannot read them.
  • Grievance content — the company you name, your Fume Scale rating, warn-a-friend answer, headline, story, and any photos or videos you attach. If you file without an account, we also collect the email address you provide, which links the grievance to you.
  • Proof of purchase — receipts, invoices, or order confirmations you upload for verification.
  • Votes — your “same happened to me” votes, keyed to your account or to an anonymous visitor token.
  • Correspondence — emails you send to our support or legal addresses.

Collected automatically

  • Cookies — two, both first-party and httpOnly. See the table in section 6. We use no analytics or advertising cookies.
  • Server logs — our hosting provider logs IP addresses, user-agent strings, and request timestamps as part of serving and securing the site.

2. How we use it

  • Publishing your grievances and computing aggregate figures (the Annoyance Index, warn rates, and rating distributions are derived from reviews and never stored separately).
  • Linking grievances filed with your email to your account when you sign up or sign in with that email.
  • Verifying grievances: proof files are reviewed to award the Receipts badge.
  • Keeping votes to one per person per grievance.
  • Preventing fraud and abuse — fake reviews, vote manipulation, and ban evasion.
  • Responding to your messages and to legally valid requests.

Where the GDPR or similar laws apply, our legal bases are: performance of a contract (running the Service you signed up for), legitimate interests (security, abuse prevention, defending legal claims), consent where required, and legal obligations.

3. What’s public and what isn’t

  • Public: your grievance (headline, story, rating, warn answer, company), the display name you chose (or “Anonymous” if you published anonymously), the relative filing time, photo/video evidence you attached, and the verified badge. Public content may be indexed by search engines.
  • Never public: your email address, your password hash, and your proof-of-purchase files. Proof files are stored in private storage; their locations are never sent to browsers — only the verified flag is.

4. Who we share it with

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Companies reviewed on annoyed.com get no access to reviewer emails or proof files. We share data only with the processors that run the Service, and with authorities when legally compelled:

RecipientWhatWhy
Vercel (USA)All request data; uploaded media and proof files (Blob storage)Hosting the site and storing uploads
Neon (USA)Database contents (accounts, grievances, votes)Postgres database hosting
Google FontsYour IP address and browser details when fonts loadServing the Inter typeface
Authorities / litigantsThe minimum requiredValid legal process only; we notify affected users where lawful

5. How long we keep it

  • Accounts: until you delete yours, then removed within 30 days.
  • Grievances: while published. When you delete a grievance (or your account), it and its media are removed; residual copies leave backups within 90 days.
  • Proof files: for as long as the grievance they verify is published, then deleted.
  • Server logs: retained by our hosting provider for a short rolling window for security and debugging.
  • We may retain limited records longer where required by law or to defend legal claims (for example, a takedown dispute).

6. Cookies

CookiePurposeLifetime
annoyed_sessionKeeps you signed in (signed, httpOnly session token)30 days
annoyed_voterAnonymous visitor token so your votes persist and stay one-per-grievance without an account1 year

Both are strictly necessary for the features they power, so no consent banner is required for them. Clearing your cookies signs you out and resets the anonymous voter token.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA/CPRA, and similar state laws), you may have the right to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to not be discriminated against for exercising these rights. Because we don’t sell or share personal information for advertising, there is nothing to opt out of under “Do Not Sell or Share” — and we treat Global Privacy Control signals accordingly.

To exercise any right, email privacy@annoyed.com from the address associated with your content. We verify requests by confirming control of that email, respond within the legally required time (30–45 days), and you may use an authorized agent where the law provides for one. If you’re in the EEA or UK you may also lodge a complaint with your supervisory authority.

Note: deleting your account deletes your grievances. If you want a grievance to stay published, you can instead ask us to unlink it from your account.

8. International transfers

We operate from the United States and our processors store data in the USA. If you use the Service from outside the USA, your data is transferred there; where the GDPR applies, transfers rely on our processors’ safeguards such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

9. Security

Passwords are scrypt-hashed, session and voter cookies are signed and httpOnly, proof files live in private storage with no client-accessible URLs, and access to production data is restricted. No internet service can promise perfect security — if we learn of a breach affecting you, we’ll notify you as the law requires.

10. Children

The Service is not directed to children and users must be 16 or older. We do not knowingly collect data from anyone under 16; if you believe we have, email privacy@annoyed.com and we’ll delete it.

11. Changes to this policy

We’ll post updates here and revise the effective date; material changes will be flagged on the site (and emailed to account holders) before they take effect. This policy is reviewed at least annually.

12. Contact

Privacy questions and requests: privacy@annoyed.com. See also our Terms & Conditions and Review Guidelines.

annoyedcomReviews from people with receipts.
Review GuidelinesTermsPrivacy