Privacy Policy
DiscreteRate, a ChiAha™ product · Last updated 2026-05-21
The short version
DiscreteRate is a public marketing + education site for the Discrete Rate Simulation paradigm. The interactive sandbox runs entirely in your browser — your sketches and inputs never leave your machine. This site collects only the minimum needed to serve pages, process newsletter signups, and run aggregate analytics. We do not sell or share your data with advertisers and we do not use your inputs to train AI models.
Contents
1. What we collect
1.1 Operational telemetry (every visitor)
- IP address — appears in Fly.io's platform HTTP access logs (retained per Fly's standard log window, up to 30-90 days). IP is not written to any durable file on our side.
- User-agent string — appears in Fly's transient HTTP access logs only; not persisted by us.
- Timestamp, request path, response status, response time — standard HTTP access logging.
1.2 Interactive sandbox (/sandbox)
The sandbox shows three conceptual Discrete Rate animations (Hamburger Duo, Valdez Tanker, Fast-Slow Drain) plus an "ask the model" question bar. Important:
- The animations run entirely in your browser. We do not record what you watch or click.
- The "ask the model" bar is a rule-based keyword reader operating on the current demo's facts — it does not call any AI service. Your questions never leave your browser.
- The sandbox is illustration-only. Engine-faithful playback (against the sc-sim engine) is planned for a future release; if and when it ships, this policy will be updated to disclose how those engine calls are handled.
1.3 Telemetry endpoint (POST /telemetry)
An optional telemetry endpoint accepts POSTs from out-of-band integrations (currently used by the offline-resources sibling site to ping us when a user opens the offline materials). The payload typically includes a small JSON blob indicating event type. We log the request timestamp, IP address, and the first ~200 characters of the body to the standard Fly platform logs (no durable JSONL file on our side). Slack notification fires for offline:true events. No durable per-user record is built.
1.4 Newsletter / contact form (POST /subscribe, only if you submit it)
- If you submit your email through the contact form, we pass it to the ChiAha gateway service (HMAC-signed) which forwards into our CRM (ActiveCampaign) for product-update emails about DiscreteRate and the companion textbook.
- You can unsubscribe at any time via the link in any email we send.
1.5 Analytics
- We use Google Tag Manager (container
GTM-NL7VDMTV) and Google Analytics 4 for pageview and traffic-source aggregates. GA4 collects standard browser/device fingerprints; IP anonymization is enabled where supported.
1.6 What's NOT yet on the site (forward-looking)
DiscreteRate's roadmap includes a possible AI chat coach and an MCP server surface (mirroring our queuesim.com / qsimhealth.com / reliasim.com pattern). Neither exists today. If either ships, this policy will be updated before they go live to disclose: per-turn metadata storage, opt-in content capture via a Report button, anti-fabrication guard-rails on MCP tool results, and the 90-day retention cadence that backs the rest of the ChiAha fleet's privacy policies.
2. What we do NOT collect
- No account data. There is no signup or login on this site.
- No payment data. Pricing happens via the ChiAha sales process; no card information is captured here.
- No sandbox content. Whatever you sketch or ask in the sandbox stays in your browser.
- No chat content. No AI chat surface exists yet.
- No third-party advertising trackers. No retargeting pixels, no ad-network beacons.
- No sensitive personal information. Race, religion, sexual orientation, health, financial, biometric, precise geolocation — none collected.
3. How we use what we collect
- Serve the public marketing and education pages.
- Run the sandbox (in your browser).
- Detect and prevent abuse.
- Compute aggregate site analytics for product decisions.
- Send you product emails if you submitted the contact form.
We do not use any of the data we collect for advertising, profiling, or automated decisions that produce legal or similarly significant effects on you.
4. Who we share data with
- Fly.io — hosts the application and the standard HTTP access logs. fly.io/legal/privacy-policy
- ActiveCampaign — receives your email for product-update emails (only if you submitted the form). activecampaign.com/legal/privacy-policy
- Google (Tag Manager + Analytics 4) — receives aggregate site analytics. policies.google.com/privacy
We do not sell, rent, or trade your data. We do not "share" personal information for cross-context behavioral advertising as that term is defined under California law.
5. AI model training
- We do not use any of the data we collect to train AI models. The sandbox, the newsletter signup, and the analytics are not used to train any model on our side.
- There is no AI service connected to this site today. The sandbox's "ask the model" bar is a rule-based keyword reader, not an LLM.
- If we add an AI surface in the future, the data-handling for that surface will be disclosed in §1 before launch.
6. Cookies
DiscreteRate sets only first-party cookies necessary for the analytics integration. We do not set any advertising or cross-site tracking cookies.
| Cookie | Source | Purpose | Lifetime |
|---|---|---|---|
_ga |
Google Analytics 4 (via GTM) | Distinguishes unique visitors | ~2 years (Google default) |
_ga_<property-id> |
Google Analytics 4 (via GTM) | Session state for GA4 | ~2 years (Google default) |
7. Retention
| What | Where | Retention |
|---|---|---|
| HTTP access logs (IP, UA, path, status) | Fly.io platform logs | Up to 90 days (Fly's standard log window) |
| Telemetry events (printed to stdout, captured in Fly logs) | Fly.io platform logs | Up to 90 days (no durable file on our side) |
| Newsletter subscriber list | ActiveCampaign | Until you unsubscribe, then suppressed |
| GA4 aggregate analytics | Google Analytics property 433243670 | 14 months (configured GA4 default) |
8. Your rights and how to exercise them
To exercise a right, email discreterate@chiaha.com and include:
- What action you want. Common options: access, deletion, correction, opt-out of analytics, unsubscribe.
- Any identifier we'd have on file. For email requests, your email. For telemetry-related requests, the approximate date/time and the IP you were using.
We respond within 5 business days.
9. International users (GDPR, UK GDPR)
DiscreteRate is operated from the United States. If you are accessing from the EEA, UK, or another jurisdiction with similar data-protection laws, your data is transferred to and processed in the United States.
Lawful bases (under GDPR Article 6):
- Legitimate interest — for operational telemetry, abuse prevention, and aggregate analytics.
- Consent — for newsletter submission. Withdraw any time by emailing us or unsubscribing.
10. California users (CCPA / CPRA)
- Categories collected: identifiers (IP, email if you submit the form), internet/network activity (UA, request paths, GA4 cookies). No sensitive personal information.
- Sources: directly from you (form submissions), from automated server logs.
- Sale or sharing: we do not sell or share personal information for cross-context behavioral advertising.
- Rights: access, deletion, correction, opt-out of sale or sharing (not applicable since we don't do so). Email discreterate@chiaha.com.
11. Children's privacy
DiscreteRate is not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us and we will delete it.
12. Security
Infrastructure runs on Fly.io with TLS terminating at the edge. There are no user passwords or accounts on this site. The signup form is HMAC-signed at the ChiAha gateway. We do not make HIPAA or SOC 2 claims because we do not collect the kind of data those frameworks govern.
13. Changes to this policy
If we make material changes — particularly if we add an AI chat surface, an MCP server, or any new data-collecting feature — we'll update this page and revise the "Last updated" date above.
14. Contact
Questions, requests, or concerns: discreterate@chiaha.com. We aim to respond within 5 business days.