Rateven
PHOTOG · NYC$4,200$8,800·FLORIST · SF$3,100$6,400·DJ · LA$1,800$3,200·VIDEO · CHI$3,400$7,200·PLANNER · BOS$5,200$11,400·OFFICIANT · ATL$400$900·API INTEG · REMOTE$800$4,800·CATERING · SEA$7,800$18,200·PHOTOG · NYC$4,200$8,800·FLORIST · SF$3,100$6,400·DJ · LA$1,800$3,200·VIDEO · CHI$3,400$7,200·PLANNER · BOS$5,200$11,400·OFFICIANT · ATL$400$900·API INTEG · REMOTE$800$4,800·CATERING · SEA$7,800$18,200·

Privacy Policy

Last updated: 2026-05-19 (removed references to unbuilt aggregate-rate-network feature)

Plain-language summary

  • Rateven does not require an account.
  • No tracking cookies, no analytics, no cross-site profiling.
  • If you use an AI feature, your inputs go to Anthropic (our AI sub-processor) in real time and are not stored by us.
  • Portfolio images are held in memory for 60 seconds only, never saved.
  • Share pages you create contain no personal data.
  • If you give us your email, we use it only for what you asked and you can unsubscribe anytime.

0. Controller

Rateven is operated by Povilas Konopackas, a sole trader registered in Lithuania, EU (individualios veikla pagal pažymą). The controller is contactable at privacy@rateven.com.

1. Data we do not collect

Rateven does not require an account, does not use advertising or analytics cookies, and does not track you across sites. The dev-vertical calculator runs in your browser; its inputs are not transmitted to us. The wedding-vertical AI features (proposal drafter, portfolio grader, check-my-quote) do send your inputs to our sub-processor at the moment you invoke the feature; see Section 5a.

1a. Trial-abuse signals

To prevent trial abuse (same card or email opening repeated trials), we process short- lived server-side signals: IP address, user-agent string, and a hash of the email you submit. We do not fingerprint across sites, do not share these signals with any third party, and retain them for up to 24 hours on a rolling basis. Legal basis: legitimate interest in fraud prevention (GDPR Article 6(1)(f)).

2. Data we may collect

  • Server logs. When your browser requests a page, Cloudflare records standard request details (IP address, your browser type, page URL, and timestamp) for security, abuse prevention, and service stability. Retained for up to 24 hours on a rolling basis.
  • Email (only if you give it). If you start a Rateven trial, subscribe, or buy the Lifetime Founder tier, Polar collects your email and payment card. Polar shares your email and subscription or order status with us so we can issue and maintain your license. We store only the SHA-256 hash of your lowercased email for recovery purposes. We do not store the email in plain text on our side. We never see your payment card details.
  • License key (hashed). We store a SHA-256 hash of your Rateven license key so we can validate paid requests without keeping the key itself. The full key is shown to you only at signup or after checkout success.
  • Saved quotes (only if you save them). If you click Save on a quote while signed in to a paid tier, we store the quote inputs and output text under your license-key hash for up to 365 days from last write. Quotes do not include personal data unless you put it there.
  • Share records (only if you create them). If the system generates a share link for a calibration receipt or portfolio grade, we store the derived output (tier, per-dimension scores, price band, vendor category, metro) under an opaque share id. Receipts expire after 90 days; portfolio grades expire after 30 days. No image URLs, no identifying vendor details, no couple data are stored in share records.
  • Portfolio grader submissions. Images you submit to the portfolio grader are held in transient server memory for up to 60 seconds while the analysis runs, then discarded. No images are saved. See Terms 3f.
  • LTD acknowledgment log. If you purchase the Lifetime Founder tier, we retain a server-side log of your 5 required acknowledgments, hashed email, hashed IP, and timestamp, linked to the Polar order id, for 6 years. Legal basis: contract performance (GDPR Article 6(1)(b)) and legitimate interest in compliance audit trail (GDPR Article 6(1)(f)).

2a. Payment processing

If you upgrade to a paid Rateven tier, payment is processed by Polar Software Inc. (Polar) acting as our merchant of record. We never see your payment details. Polar's privacy policy applies to the payment transaction. Polar shares with us your subscription or order status and the email associated with your account, which we use to issue you a license key and to recognize your license on this site.

2b. Couple data on share links

When you generate a client-facing share link (for a proposal, calibration receipt, or portfolio grade), you may include couple details in the content you share with your client. On that link page Rateven acts as a processor under GDPR Article 28, processing the couple's data only on your instructions as the controller.

The scope of processor-role data we hold on a share link is strictly the content you put into it (vendor-facing proposal text, couple first names if you included them, event date if you included it). We do not collect tracking data from couples who visit a share link. Share links are noindex and are removed from our cache 30 days after creation (portfolio grades) or 90 days after creation (calibration receipts). See Annex A of this Privacy Policy for the full Data Processing Addendum that governs this processor role.

2c. Win/loss outcome data

If you use the win/loss feature to record whether a quote converted into a booked project, we store only the boolean outcome (won/lost/pending) tagged to your hashed license key and the quote timestamp. We do not record the client's identity, fee, or any contractual detail from the outcome submission. Outcome records retained for 2 years to power your personal dashboard; we can delete sooner on request. Legal basis: contract performance and your consent (GDPR Article 6(1)(b), Article 6(1)(a)).

3. Legal basis (GDPR)

We rely on legitimate interest to process server logs for security, fraud and abuse prevention, and service stability (GDPR Article 6(1)(f)). We rely on consent to process your email if you opt in (GDPR Article 6(1)(a)), which you can withdraw at any time. We rely on contract performance to hold your license record, saved quotes, shares, and LTD acknowledgment while the agreement is in force (GDPR Article 6(1)(b)).

4. Your rights

You may request access, correction, deletion, restriction, portability, or object to processing, and lodge a complaint with a supervisory authority. You may also request human review of any AI-generated classification under GDPR Article 22 (see Terms 3f). In Lithuania, the supervisory authority is the Valstybinė duomenų apsaugos inspekcija (VDAI), vdai.lrv.lt. Contact us at privacy@rateven.com. We respond within 30 days.

5. Other services that help run Rateven

  • Cloudflare, Inc.: hosting, CDN, security, KV storage (DPA signed; SCCs for any non-EEA transfer; EU-US Data Privacy Framework participant).
  • Anthropic PBC (Claude API): our AI sub-processor for every AI-generated feature (proposal drafter, portfolio grader, red-flag scanner, check-my-quote extraction). Inputs are sent to Anthropic in real time. See Section 5a.
  • Polar Software Inc.: processes all paid-tier payments as merchant of record. Polar is a separate controller for payment data; for Rateven purposes it is our processor for subscription/order status and email.

5a. AI sub-processor (Anthropic)

Rateven sends the following categories of data to Anthropic PBC when you invoke an AI feature: the text of your proposal inputs, the text of a quote you are calibrating, the text of an inquiry you are scanning for red flags, or the URLs of images you submit to the portfolio grader. Anthropic processes this data on our instructions to return the AI-generated output.

Anthropic does not train its foundation models on inputs sent through its commercial API, as of the last-updated date above, under its commercial terms. Anthropic may retain inputs for up to 30 days for trust-and-safety review. Anthropic is established in the United States; transfers occur under Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. For full details see Anthropic's privacy policy at anthropic.com/legal/privacy.

Legal basis for the transfer: contract performance (you asked for the AI feature), and SCCs + DPF for the US transfer leg (GDPR Chapter V).

6. International transfers

Rateven and its sub-processors may transfer data outside the European Economic Area:

  • Cloudflare (US). Transfer basis: EU-US Data Privacy Framework participant; Standard Contractual Clauses as fallback; DPA signed. Cloudflare provides edge-cached routing; EU traffic may be served from EU data centers by default.
  • Anthropic PBC (US). Transfer basis: Standard Contractual Clauses module 2 (controller to processor); EU-US DPF where applicable. See Section 5a.
  • Polar Software Inc. (US). Transfer basis: Standard Contractual Clauses; Polar is the payment controller under its own legal basis. See Polar's privacy policy.

Where a sub-processor operates outside the EEA, transfers occur under Standard Contractual Clauses or equivalent safeguards, and we document those safeguards in our processor register. You may request a copy by emailing privacy@rateven.com.

7. Cookies

Rateven uses no tracking cookies. Strictly-necessary session state stays in memory during your visit and is discarded when the tab closes.

8. Retention

  • Server logs: up to 24 hours.
  • License record: duration of the subscription or LTD lifetime, plus 90 days grace after lapse.
  • Saved quotes: 365 days from last write.
  • Calibration receipt share: 90 days.
  • Portfolio grade share: 30 days.
  • Aggregate rate contributions: trailing 12-month rolling window, anonymized.
  • LTD acknowledgment log: 6 years (compliance audit trail).
  • Win/loss outcome records: 2 years.
  • Trial-abuse signals: 24 hours.

9. Children

Rateven is a business tool for freelance professionals and wedding vendors. It is not directed to individuals under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you believe a minor has submitted personal data, contact privacy@rateven.com and we will delete the data promptly.

Annex A. Data Processing Addendum (couple data on share links)

This Annex A applies where Rateven acts as a processor on your behalf under GDPR Article 28 for couple data that you include in a Rateven-generated share link, proposal PDF, or calibration receipt. You are the controller; Rateven is the processor.

  • Subject matter. Processing of couple data you submit through Rateven features that produce a client-facing artifact.
  • Duration. For the lifetime of the share link or PDF (30 to 90 days), or until you delete the artifact, whichever is sooner.
  • Nature and purpose. Hosting, display, and caching of the artifact on instruction of the controller.
  • Categories of data. Names, event date, vendor-facing proposal content, price band, contact email if you included it.
  • Categories of data subject. Your couple clients and any other person you reference in the artifact.
  • Obligations and rights of the controller. You are responsible for your own legal basis (contract with the couple, consent, legitimate interest) and for informing the couple that Rateven hosts the artifact as your processor.
  • Processor obligations. Rateven (a) processes couple data only on your documented instructions, (b) ensures that persons authorized to process have committed to confidentiality, (c) implements appropriate technical and organizational measures (TLS in transit, KV at rest, 30-90 day TTL, no public listing), (d) assists with data subject rights on request, (e) assists with breach notification, (f) deletes or returns all couple data at the end of the service, (g) makes available information necessary to demonstrate compliance.
  • Sub-processors. Rateven engages Cloudflare (hosting) and, only where you explicitly generate an AI-assisted proposal or portfolio grade for a couple, Anthropic PBC as AI sub-processor. The current sub-processor list appears in Sections 5 and 5a. You are deemed to have authorized these sub-processors. We give you 30 days' notice of material changes to the sub-processor list.
  • International transfers. See Section 6. Transfers rely on SCCs and where applicable DPF.
  • Audits. On reasonable notice and no more than once per year, we make available written evidence of our technical and organizational measures. We charge no fee for this.
  • Breach notification. We notify you without undue delay and in any event within 72 hours of becoming aware of a personal data breach affecting couple data you control.
  • Data subject rights. We assist you in responding to requests from couples within the timelines you set, consistent with Article 15 to 22 GDPR.
  • Return and deletion. At the end of the service, or on your request, we delete couple data in share artifacts within 30 days. Backup copies are expired on the standard Cloudflare rolling cycle.
  • Instructions. Your use of Rateven product features constitutes your documented instructions. Additional written instructions may be sent to privacy@rateven.com.
  • Liability. Each party's liability under this DPA is subject to the liability cap in Terms Section 3.