Privacy Policy
Last updated: April 23, 2026
NPP Generator ("we", "us") operates nppgenerator.com (the "Service"). This policy explains what information we collect, how we use it, and what choices you have.
What we collect
Wizard intake data
When you use our wizard or chat intake to generate a Notice of Privacy Practices, we collect the entity information you provide: organization name, address, Privacy Officer name and title, phone, website URL, effective date, and related fields needed to produce your NPP. This data is processed in your browser and is not persisted on our servers, except as described under "Word export" below.
Payment information
If you purchase a paid download ($49 Single NPP), payment is processed by Stripe. We do not see or store your card number, CVV, or billing address. Stripe returns a session ID and we store a short-lived entitlement record (session ID + email + purchase amount + timestamp) in Upstash Redis with a 30-day TTL so you can re-download your file.
If you provide your email (at Stripe checkout or via the "email me a preview" flow), we store it with Loops.so. We use it to send your receipt, the re-download link, and occasional product updates you can unsubscribe from.
Analytics
We use PostHog for product analytics in a cookieless, memory-only configuration — no persistent tracking cookies, no session recording. We record page views and a small number of product events (wizard opened, download clicked, payment succeeded) to improve the product.
Word export (server processing)
When you click "Download as Word", the rendered NPP HTML is sent to our serverless function so it can be converted to .docx format and returned to you. The HTML includes the entity information you entered. We do not retain this HTML after the conversion completes. The request is processed in a stateless serverless function and leaves no disk residue.
Upload + auto-extract of your existing NPP
When you upload your existing Notice of Privacy Practices (PDF or Word) — or paste a URL pointing to one — to pre-fill the wizard, the following happens:
- For uploaded files: the file is base64-encoded in your browser and sent to our
/api/extract-nppserverless function as JSON. - For URL extraction: our server fetches the URL you provide (identifying itself as
NPPGenerator-URLFetch/1.0) and processes the returned document. Only publicly-accessible URLs work — authenticated content is not retrieved. - The document contents are forwarded to Anthropic's Claude API for structured field extraction. Claude returns JSON with your entity name, Privacy Officer, address, website, and prior effective date.
- We do not save the uploaded file to disk, to logs, to our database, or to any retained storage. The serverless function holds the document only long enough to forward it to Anthropic and return the extracted fields.
- Anthropic's default API data-handling policy applies to the forwarded content. Per Anthropic's published retention terms, API inputs may be retained by Anthropic for up to 30 days for trust-and-safety review; API inputs are not used to train Claude models. See Anthropic's privacy policy.
- We do not send the document to any other third party. PostHog analytics receives only anonymous event names (e.g.,
npp_extract_success) — never document contents.
If you do not want your NPP sent to Anthropic for extraction, skip the upload step. You can continue manually in the wizard and all intake data stays in your browser (with only the final Word export going through our server as described above).
Protected Health Information (PHI)
The NPP Generator Service does not collect, process, or store Protected Health Information as defined under HIPAA. The entity information you provide (organization name, Privacy Officer, website) is not PHI. If you believe you have transmitted PHI to us, contact us immediately at hello@nppgenerator.com.
Sub-processors
- Vercel — static file hosting + serverless functions
- Stripe — payment processing (for $49 purchases)
- Upstash Redis — 30-day entitlement storage
- Loops.so — email delivery (receipts, re-download links)
- Anthropic — Claude API for chat intake assistant + optional NPP upload extraction (see above)
- PostHog — cookieless product analytics
Your choices
- You can use the free preview without providing any email or account.
- You can email us at hello@nppgenerator.com to request deletion of your contact record and entitlement.
- You can unsubscribe from product emails using the link in any email.
Contact
Questions about this policy: hello@nppgenerator.com.