Back to app

Legal · Two documents, one page

Terms & Privacy.

Plain-English terms for using iterate.guru, our research preview, and a complete account of what we collect, why, and your rights — including GDPR rights for EU/EEA users.

Last updated 7 May 2026
Document 01 / 02

Terms of Service

In short

iterate.guru is a research preview built by one person. You can use it for free, but it has no SLA, no warranty, and your data may be removed with notice. Don't upload anything illegal or anything you'd be unhappy losing. By using the service you agree to the terms below.

01

About the service

iterate.guru is a tool for publishing AI-generated drafts, sharing them with named reviewers, collecting structured feedback, and using AI to summarize that feedback into a clear next version. It is operated as a research preview by Maksym Haponenko, an individual based in Ukraine, reachable at gaponenko.mm@gmail.com.

Because this is a research preview, expect the following:

  • The service may be unavailable, slow, or interrupted at any time.
  • We may change, restrict, or remove features without notice.
  • We may delete artifacts, comments, or accounts with reasonable notice if we need to. “Reasonable notice” means at least 14 days by email to the address on your account, except where the law requires us to act faster.
  • We do not offer any service-level agreement, uptime guarantee, or paid support.
02

Who can use it

To use iterate.guru you need to:

  • Have a Google account, since Google sign-in is currently the only way to publish or comment as a logged-in user.
  • Agree to these terms and to our Privacy Notice.

If you're under 18, please use iterate.guru with a parent's or guardian's awareness — the service isn't designed for children, but we don't actively block younger users (school students using it for AI-assisted projects are welcome). If you're a parent or guardian and want a young person's account removed, email us and we'll delete it.

If you're using iterate.guru on behalf of an organization, you confirm that you're allowed to bind that organization to these terms.

03

Your account

We create your account when you first sign in with Google. You're responsible for what happens under your account, including anything reviewers do with share links you generate.

You can delete your account at any time from Settings → Account → Delete account. When you do, we remove your profile, your artifacts, the files behind them, and the share links you created — immediately, not on a delay. Comments other reviewers left on your artifacts are deleted with the artifacts.

Comments you left on other people's artifacts are handled differently: we anonymize them rather than delete them. The comment text stays on the artifact so the owner doesn't lose feedback context, but your name and email are detached from it. After anonymization, the comment is no longer associated with you.

We may keep technical logs (errors, abuse signals) for a short period after deletion — see the Privacy Notice.

04

Your content

You keep ownership of every file, comment, and piece of metadata you upload to iterate.guru. We don't claim any rights to your content.

To run the service, you grant us a limited license to store, transmit, display, and process your content for the sole purpose of operating iterate.guru — including running it through an LLM (currently Anthropic Claude) to summarize feedback or extract metadata. We do not use your content to train AI models, ours or anyone else's.

You are responsible for what you upload. Don't upload content you don't have the right to share. Don't upload content that's illegal, infringes on someone else's rights, or that you'd be in trouble for if it leaked. If we get a credible complaint, we may remove the content and notify you.

05

Acceptable use

Don't use iterate.guru to:

  • Upload illegal, infringing, defamatory, or harmful content (including malware, CSAM, or content that violates someone's privacy).
  • Attempt to reverse-engineer, scrape at scale, or abuse the API or MCP server.
  • Send spam or unsolicited invitations to people who haven't agreed to be reviewers.
  • Circumvent rate limits or otherwise burden the service in a way that affects other users.

We may suspend or terminate your account if you do any of the above.

06

AI-generated outputs

Some features of iterate.guru run your content through an LLM — for example, the feedback summary that turns reviewer comments into a “what to change next” digest. These outputs are generated automatically and may contain mistakes, hallucinations, or misrepresentations of what reviewers actually said.

Treat AI-generated summaries as a starting point, not a verdict. The original comments are always available on the artifact page, and you should read them before making decisions that matter.

07

Changes to the service or these terms

We may update these terms when the service changes. If a change materially affects you, we'll notify you by email and update the “Last updated” date at the top of this page at least 14 days before the change takes effect. Continuing to use iterate.guru after the effective date means you accept the new terms.

You can stop using the service at any time. We can terminate your access if you break these terms or if we decide to shut the service down — in the second case, we'll give you at least 14 days' notice and a way to export anything that's still useful.

08

No warranty

iterate.guru is provided “as is” and “as available,” without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted operation. We do not warrant that the service will be error-free, secure, or available at any specific time.

09

Limitation of liability

To the maximum extent permitted by applicable law, the operator's total liability arising out of or related to your use of iterate.guru is limited to €100. We are not liable for any indirect, incidental, consequential, or punitive damages, including lost profits, lost data, or business interruption.

Nothing in this section limits liability that cannot be limited under applicable law — including, for EU/EEA users, liability for death, personal injury, or intentional misconduct.

10

Governing law and disputes

These terms are governed by the laws of Ukraine, without regard to its conflict-of-laws rules. Any dispute arising under these terms may be brought before the competent courts of Ukraine.

If you are a consumer in the EU/EEA, this clause does not deprive you of the protections of the mandatory laws of your country of residence, and you may bring proceedings before the courts of your country of residence as required by EU consumer law.

11

Contact

Questions, complaints, or legal notices: gaponenko.mm@gmail.com.

Document 02 / 02

Privacy Notice

In short

We collect your Google profile (name, email, picture), the files and feedback you upload, and basic logs for security and debugging. We use this to run iterate.guru — nothing more. We share data only with the platforms we run on (listed below). We don't sell your data, we don't use it to train AI models, and you can delete your account at any time.

EU/EEA users: you have the rights GDPR gives you, and we'll honor them.

01

Who's responsible for your data

The data controller for iterate.guru is Maksym Haponenko, an individual based in Ukraine. You can reach me at gaponenko.mm@gmail.com for any privacy question, complaint, or rights request.

Postal address (for legal notices): [OPERATOR_POSTAL_ADDRESS].

02

What we collect and why

Profile

What · Your Google profile (name, email, picture, Google account ID).

Why · To create your account and email you about activity on your content.

Contract — Art. 6(1)(b)
Content

What · Everything you upload or create on iterate.guru: artifact files, titles, descriptions, tags, comments, reviewer email addresses you enter, share-link metadata.

Why · To store and display the artifacts you publish and route feedback back to you.

Contract Art. 6(1)(b) · Legitimate interest 6(1)(f) for reviewer emails
Logs

What · Technical signals tied to your sessions: IP address, user-agent, timestamps, error reports, anonymous usage analytics.

Why · To keep the service secure, debug failures, and understand which features get used.

Legitimate interest — Art. 6(1)(f)
Session cookie

What · A signed cookie that keeps you signed in.

Why · To recognize you between page loads.

Strictly necessary — ePrivacy 5(3)

We do not collect special-category data (health, biometric, political, religious, etc.), and we ask you not to upload it. We do not use your content to train AI models — ours, or any third party's.

03

Who we share it with

To run iterate.guru we rely on a small number of cloud platforms acting as sub-processors under standard data-processing agreements. The categories of recipients are:

  • A hosting and storage provider that runs the application, the serverless functions, and the file uploads.
  • A database provider that stores your artifacts, comments, and account data.
  • An AI provider that runs the LLM behind the feedback-summary feature. We only send it the reviewer comment text and version metadata of the artifact being summarized.
  • An email provider that delivers the transactional emails (welcome, reviewer invitations, new-comment notifications, new-version notifications).
  • An error-reporting provider that captures crash reports so we can debug failures.
  • A cache provider for rate limiting and MCP session state.
  • An identity provider (Google) that handles the sign-in flow. We never see your password.

Current providers (this list may change as we evolve the service): Vercel (hosting and storage), Neon (database), Anthropic (AI), Resend (email), Sentry (error reporting), Upstash (cache), Google (sign-in). When we change providers, we'll update this page.

We do not sell your data, share it with advertisers, or use it for any purpose outside running iterate.guru.

04

International transfers

Some of the platforms we use are based in the United States (notably Anthropic, Sentry's parent, and Vercel's headquarters), even when they process data in EU regions. Where a transfer outside the EU/EEA happens, we rely on the European Commission's Standard Contractual Clauses (SCCs) included in the provider's data-processing agreement. Where the provider participates in the EU-US Data Privacy Framework (Vercel, Anthropic, and Google currently do), we rely on that framework as the transfer mechanism.

05

How long we keep it

Your account, artifacts, and content are kept for as long as your account is active. Each artifact also has its own time-to-live set by you at publish; when that expires, the artifact and its comments are removed automatically.

When you delete your account, your profile, your artifacts, and the files behind them are removed immediately. Comments you left on other people's artifacts are anonymized rather than deleted — the comment text stays on the artifact so the owner doesn't lose context, but your name and email are detached from it.

Server logs, error reports, and email-send logs are kept for a short period for security and debugging — typically a few weeks to a few months, depending on the provider. We don't keep them longer than we need to.

Anonymous usage analytics are aggregated without identifiers and retained per the analytics provider's defaults.

06

Your rights

If you are in the EU/EEA — and we extend the same rights to everyone else as a matter of policy — you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Correct anything that's inaccurate (Art. 16).
  • Delete your account and the data associated with it (Art. 17). You can do this yourself in Settings → Account → Delete account.
  • Restrict or object to specific processing (Art. 18, Art. 21).
  • Export your data in a portable format (Art. 20). Email us and we'll send a JSON archive of your artifacts and comments.
  • Withdraw consent for any processing based on consent (Art. 7(3)). Most of our processing is based on contract or legitimate interest, but where consent applies, you can withdraw it without affecting prior processing.

To exercise any of these rights, email gaponenko.mm@gmail.com. We aim to respond within 30 days.

You also have the right to lodge a complaint with a data protection authority in your EU/EEA country of residence — for example, the Polish UODO, the German BfDI, the French CNIL, or the Estonian AKI. The full list is on the European Data Protection Board's site.

07

Cookies and similar technologies

We use exactly one cookie: a signed session cookie that keeps you signed in. It's strictly necessary for the service, contains a JWT (no readable personal data), and expires within 30 days. EU/EEA cookie law allows strictly-necessary cookies without consent, so we don't show a cookie banner.

Our analytics (Vercel Analytics + Speed Insights) are cookieless — they aggregate anonymous traffic data without storing any identifier on your device.

08

Security

We rely on the security posture of the platforms we run on (Vercel, Neon, Resend, Anthropic, Sentry, Upstash, Google). Files are stored in Vercel Blob private storage and only accessible via authenticated proxy — there are no public URLs to your uploads. Sessions are signed cookies with rotating secrets. We use HTTPS everywhere. No system is perfect. If a breach affects your data, we'll notify you within 72 hours of becoming aware, as GDPR Art. 33–34 requires.

09

Changes to this notice

If we materially change how we handle your data, we'll update this page and email you at least 14 days before the change takes effect. The “Last updated” date at the top always reflects the current version.

10

Contact

Privacy questions, complaints, or rights requests: gaponenko.mm@gmail.com.