Tea Leaves
by Incremento
 ← Back

Privacy Policy

What we collect, why we collect it, and why we built the whole thing so we'd have as little of it as possible.

Last updated: April 26, 2026

Applies to: Tea Leaves by Incremento, a product of Wispera AI Inc., accessible at wispera.ai and id.wispera.ai

Section 1 — The Short Version

This is not a GDPR-compliance exercise. Privacy is the architecture, not a footnote.

What we collect:

Your email address, your company's anonymous profile, and the signals you log — all pseudonymised before they ever touch our database.

What we never collect:

Real names of your colleagues. Real names of your company. Anything that could identify you to your employer.

What we never do:

Sell your data. Train AI models on your personal data. Share your data with third parties for advertising or profiling purposes.

Your rights:

Export everything. Delete everything. Both are available in the app with no waiting period.

Section 2 — Who We Are

Tea Leaves is a product of Wispera AI Inc. It is published under the Incremento brand. The data controller for the purposes of this policy is Wispera AI Inc., operated by its founder, who can be reached at the contact address at the bottom of this page.

We are not a data broker. We are not an HR platform. We are not affiliated with your employer. We are an independent tool that helps individual workers understand the situation they are in.

Section 3 — What We Collect and Why

3.1 Account Data

To create an account, we collect your email address. We use this to authenticate you (via magic link or Google OAuth — no password is ever stored), to send you product updates you have opted into, and to associate your data with your account across devices.

We do not collect your name, phone number, job title, employer name, or any demographic information during sign-up. We deliberately do not ask for it.

3.2 Company Profile

You provide information about your company through a structured diagnosis questionnaire: company type, size range, funding stage, and observable characteristics. You do not enter your company's name anywhere in this flow. The company profile is stored as an anonymous diagnostic object — there is no field for a real company name, and we do not attempt to infer one.

3.3 Cast Members (Your Colleagues)

The Cast is the heart of the anonymisation architecture. When you add a colleague to your cast, you assign them an animal archetype and a randomly generated pseudonym (e.g. "Gremalati", "Vitan", "Kayak"). Real names are never entered, requested, or stored. The system is designed so that if our database were exposed, no one — including us — could identify who your colleagues are.

You may optionally add a role description (e.g. "CFO", "direct manager"). Role descriptions are stored only as free-text labels, not matched to any external identity system.

3.4 Signals

Signals are the observations you log about things happening at work. Before a signal reaches our database, it passes through an AI-powered anonymisation layer that:

  • Detects any role title, name-shaped string, or personally identifying reference
  • Replaces it with the relevant cast member's pseudonym
  • Flags cases where no pseudonym match is found so you can assign one

The stored signal description contains only pseudonyms and observable facts. The original text you typed is not retained after the anonymisation pass completes.

3.5 Reading and Analysis Data

AI-generated readings, probability scores, and signal analyses are stored against your account so they persist across sessions. These outputs reference only pseudonyms and company archetypes — never real identities.

3.6 Usage and Technical Data

We collect standard server logs (IP address, request timestamps, browser type) for security and abuse prevention. These logs are retained for 30 days and are not associated with your account profile. We do not use third-party analytics platforms that build user profiles (e.g. Google Analytics with cross-site tracking enabled).

We use Supabase as our database and authentication provider. Supabase processes data in accordance with their published data processing agreement, which is available at supabase.com/privacy.

Section 4 — The Anonymisation Commitment

This section describes the core privacy architecture of the product — not policy aspirations.

The following invariants are enforced in code, not just in policy:

  1. No real names reach persistent storage. The signals.description field, the companies.answer_notes field, and all AI-generated narratives store only pseudonyms. The anonymisation pipeline runs before any write to the database.
  2. Your company is never identified. There is no company name field. The diagnostic questionnaire captures observable characteristics, not identifiers.
  3. Cast members cannot be reverse-identified from our database. Pseudonyms are randomly generated. Animal archetypes are assigned by you. We have no mechanism to map a pseudonym back to a real person, and we do not attempt to build one.
  4. AI models are not trained on your data. We call the Anthropic API to generate readings and analysis. Anthropic's API usage policies prohibit training on API inputs and outputs by default. We have not opted into any training data programme. Your signals and readings are not used to train any model.
  5. Readings carry a disclaimer. Every AI-generated reading includes the statement: "This is entertainment and pattern recognition, not professional advice. The tea leaves are not liable for your career decisions." We mean it.

Section 5 — What We Do Not Do

We do not:

  • Sell, rent, or license your data to any third party
  • Share your data with your employer, current or former
  • Use your data to build advertising profiles
  • Infer or store your real identity from observable signals
  • Use cookies for cross-site tracking
  • Run retargeting campaigns using your email or usage data
  • Store data in jurisdictions with weak privacy protections without appropriate safeguards

Section 6 — Your Rights

Regardless of where you are located, you have the following rights and can exercise them directly in the app:

Export.

You can export all your data — signals, cast members, readings, company profile — as a JSON or CSV file at any time from the Settings page. No request required, no waiting period.

Delete.

You can permanently delete your account and all associated data from the Settings page. Deletion is immediate and irreversible. We do not retain backups of deleted accounts beyond our standard 7-day backup rotation window.

Correct.

You can edit or delete any individual signal, cast member, or company answer at any time within the app.

Opt out of emails.

Every email we send includes an unsubscribe link. You can also manage email preferences in Settings.

Data portability.

The export format is documented and human-readable. You own your data.

If you are located in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively, including the right to object to processing and the right to lodge a complaint with your relevant supervisory authority. To exercise any rights that are not available directly in the app, contact us at the address below.

Section 7 — Data Retention

Data type Retention
Account (email, auth) Until you delete your account
Company profile Until you delete your account
Cast members Until you delete them or your account
Signals Until you delete them or your account
Readings Until you delete your account
Server logs 30 days, rolling
Backup snapshots 7 days, rolling
Deleted account data Purged within 7 days of deletion

We do not retain data "just in case." If it's gone, it's gone.

Section 8 — Security

We take reasonable and industry-standard technical measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via Supabase)
  • Row-level security (RLS) policies on the database ensure users can only access their own data
  • Authentication tokens are short-lived and rotated
  • The anonymisation pipeline is enforced server-side in edge functions — client-side bypasses are not possible
  • Security training and access reviews are conducted regularly

No system is perfectly secure. If you discover a vulnerability, please contact us responsibly at the address below before public disclosure.

Section 9 — Third-Party Services

We use a small number of third-party services to operate the product:

Service Purpose Their privacy policy
Supabase Database, authentication, storage supabase.com/privacy
Anthropic AI inference (readings, analysis) anthropic.com/privacy
Vercel / hosting provider Hosting and CDN (link to hosting provider's policy)
Resend or similar Transactional email (link to email provider's policy)

We do not use: Google Analytics, Meta Pixel, Mixpanel, Amplitude, Segment, Intercom, Salesforce, or any other tool that builds cross-site user profiles. We will update this table if we add new services.

Section 10 — Children

Tea Leaves is not directed at anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

Section 11 — Changes to This Policy

If we make material changes to this policy, we will notify you by email (if you have one on file) and update the "Last updated" date above. We will not retroactively change how we handle data already collected without your consent.

The full version history of this policy is available on request.

Section 12 — Contact

For privacy questions, data requests, or security disclosures:

Email: privacy@wispera.ai
Response time: We aim to respond within 5 business days.

For general questions about the product: hello@wispera.ai