2050planet

Privacy Policy

What we collect, why we collect it, and the rights you have over it. Written in plain English.

Last updated: 29 April 2026

1. Who we are

2050planet.com (“2050planet”, “we”, “our”) is a cradle-to-grave platform for the world being built toward 2050. We operate from the United Arab Emirates and serve users globally. For the purposes of this policy we are the data controller for any personal data described below.

If you have questions about this policy or want to exercise your rights, contact us at privacy@2050planet.com.

2. The short version

  • You can read 2050planet without signing in. We don't track you.
  • If you sign in with Google, we store your email, display name, and avatar URL.
  • If you chat with TERRA (our AI), we count the messages but do not store the conversations themselves.
  • For free-tier rate limiting we keep a hashed version of your IP for up to 48 hours, then delete it.
  • We never sell your data. We never use TERRA conversations to train AI models.
  • You can delete your account and everything associated with it at any time by emailing us.

3. What we collect, and why

3.1 If you only read the site (no sign-in)

We collect nothing identifying. The site is statically generated and served from a CDN. We don't run analytics, advertising trackers, or fingerprinting on public pages.

If you use TERRA without signing in, we store a SHA-256 hash of your IP address for up to 48 hours so we can enforce the 3-message free limit. The hash is salted and is not used for any purpose other than the limit. Raw IPs are never written to our database.

3.2 If you sign in with Google

We receive from Google and store:

  • Your email address
  • Your display name (as set in your Google profile)
  • The URL of your Google profile picture (we don't copy the image — we link to it)
  • A unique account identifier issued by Supabase Auth

This information is stored in Supabase (see Section 5). The lawful basis under UAE PDPL Article 5 and GDPR Article 6(1)(b) is contract — we need it to give you a functioning account.

3.3 When you chat with TERRA

Your messages are sent to Anthropic's API for processing and the response is returned to you. 2050planet does not retain the content of your TERRA conversations. We store only:

  • The number of messages you sent (for usage analytics)
  • A timestamp
  • Your account ID (if you're signed in)

Anthropic processes your messages under their privacy policy. Anthropic does not use API inputs or outputs to train its models by default, per their commercial terms.

3.4 Server logs (operational)

Our hosting provider (Vercel) generates short-lived logs for every request: the URL accessed, HTTP status, response time, and originating region. These logs help us diagnose errors and detect abuse. They are retained according to Vercel's default retention (typically 7-30 days for the standard plan) and are not used for any other purpose.

4. What we don't collect

  • We do not run advertising or third-party trackers
  • We do not sell or share data with marketers
  • We do not store TERRA conversation content
  • We do not use your data to train AI models — ours or anyone else's
  • We do not collect payment information (the platform is free)

5. Who processes your data on our behalf

We use the following processors. Each is bound by a data processing agreement and is GDPR-ready.

ProcessorWhat they do for usWhere data sits
SupabaseAuthentication, profiles database, TERRA usage countsEU (Frankfurt) by default
AnthropicTERRA inference (the AI engine)United States
VercelWeb hosting, edge CDN, server logsEU (Frankfurt) for compute; global CDN edges for static
UpstashRate limiting (request counts only — no identifying data)EU
GoogleOAuth sign-in (you authenticate with Google, then we receive the data listed in 3.2)Global

6. International data transfers

Anthropic's servers are in the United States. When you use TERRA, your messages cross from the EU/UAE to the US. This transfer happens under Standard Contractual Clauses (GDPR Art. 46) and the equivalent controller-to-processor safeguards under UAE PDPL Art. 22. By using TERRA you consent to this transfer.

7. Your rights

Under UAE PDPL and GDPR you have the right to:

  • Access — ask us for a copy of the data we hold about you
  • Correction — ask us to correct inaccurate data
  • Erasure — ask us to delete your account and all associated data
  • Restriction — ask us to pause processing while we resolve a query
  • Portability — ask us to send your data to you in a machine-readable format
  • Objection — object to processing where we rely on legitimate interest
  • Withdraw consent — at any time, where we rely on consent

To exercise any of these, email privacy@2050planet.com. We respond within 30 days. There is no fee unless your request is manifestly unfounded or excessive.

If you believe we have not handled your data properly, you may complain to the UAE Data Office or, if you are in the EU, your national supervisory authority.

8. Data retention

  • Account data (email, profile): kept while your account exists; deleted within 30 days of account deletion
  • TERRA usage counts: 24 months for product analytics, then deleted
  • Hashed IPs (free-tier counter): up to 48 hours, then deleted by automated cleanup
  • Server logs: per Vercel default retention (typically 7-30 days)

9. Children's privacy

Parts of 2050planet are designed for young readers (Generation 2050 sections starting at age 2). The site itself is freely readable without any account. You must be 16 or older to create an account.If we learn that we have inadvertently created an account for someone under 16 without verifiable parental consent, we will delete it.

Parents who want their child to access TERRA can do so under their own account. Educators using 2050planet in classrooms should refer to our For Schools guide.

10. Security

We follow industry-standard security practices: TLS 1.2+ for all transport, security headers including HSTS and CSP, row-level security on all database tables, rate limiting on public endpoints, and a vulnerability disclosure programme described in our Security Policy.

No system is perfectly secure. If you believe you've found a vulnerability, please follow the coordinated disclosure process in our Security Policy.

11. Cookies

We use only the cookies strictly necessary for authentication (Supabase session cookies). We don't use analytics, advertising, or tracking cookies. Because all our cookies are necessary for the service you requested, we don't show a cookie banner — there's nothing for you to opt out of.

12. Changes to this policy

If we make material changes we will update the “Last updated” date at the top and, for signed-in users, notify you by email at least 30 days before the change takes effect.

13. Contact

Questions, requests, or complaints: privacy@2050planet.com.

For security-specific reports, see the Security Policy or email security@2050planet.com.