The web UI is bring-your-own-key. Your asset and your reactions never touch a Coldread server. This page describes exactly what is stored where, and what we (PeachStateAI) can and cannot see.
All client-side. Nothing about your runs lives on our servers.
The Coldread web UI runs in your browser. Three things are stored, all in your browser's localStorage on this device:
ac.apiKey) — used to authenticate the simulation requests directly against Anthropic.coldread.recentRuns) — so the homepage can show you what you've run lately.coldread.run.{id}) — the asset you submitted, every panelist reaction, the judged verdict — so you can re-open a run without re-running it.You can clear all three at any time: clear browser data for this site, or use the "clear" control in the recent-runs row on the homepage. Once cleared, the data is gone — we have no copy.
Your browser → Anthropic. Coldread's server proxies; it does not retain.
When you click "run," the web UI POSTs your asset and your API key to a serverless endpoint (/api/simulate) hosted on Vercel. That endpoint forwards the request to the Anthropic API using your key, streams the reactions back to your browser as they complete, and then the function instance is discarded. We do not write your asset, your API key, or your reactions to disk on our side. We do not log their contents.
Coldread's server-side code is open at github.com/PeachStateAI/Coldread/app/api — you can read every line that touches your data.
Caveat we will not paper over: Vercel, our hosting provider, may log request metadata (IP, timestamp, route, response status) at the platform level for operational reasons. Vercel does not see API request bodies in normal operation. If this matters to your threat model, run the CLI or MCP server locally instead — they call Anthropic directly with no Coldread infrastructure in the path at all.
The same thing they'd see if you called the API yourself.
Because the simulation runs against your Anthropic account with your key, Anthropic receives the asset and the persona prompts as model inputs and returns model outputs. Anthropic's data-handling policies for API usage apply — see Anthropic's privacy policy.
None today. If that changes, this page changes first.
As of today, the Coldread web UI ships no analytics SDK, no third-party scripts, and sets no cookies. The only client storage is the localStorage entries described above. Web fonts (Fraunces, Inter, JetBrains Mono) are loaded from Google Fonts; that loads in your browser, not via our server.
If we add product analytics for launch (we're considering Plausible or PostHog — tracked in issue #72), we will update this page before shipping it and tell you exactly what events are captured.
In plain language.
Questions or concerns.
Reach us via GitHub issues or through PeachStateAI. See /contact for full details.
This page describes Coldread as of the most recent commit to the open repo. It is not legal advice. We will pin a dated version once a launch date is set.