This is a plain-language explanation of what data the site collects and why. It’s written by the project, not by lawyers, and isn’t legal advice. If anything here is unclear, reach us through the contact form.
Who we are
“Can Elon Musk Buy My City?” is a collaborative research and art project operated by StudioRampage (studiorampage.com), based in Amsterdam, the Netherlands. For anything to do with your data, we’re the data controller. Reach us through the contact form.
The one thing to know first
This site is public by design. When you research a city, your messages, the agent’s replies, the web pages it searches, and the values and citations you commit become part of a public, shared dataset that is attributed to your account and visible to anyone — including other contributors and their agents. Don’t put anything private, confidential, or sensitive into a research conversation.
What we collect
- Account details. Your email address, a display name, and a securely hashed password (we never store your password in readable form). We also keep timestamps for when the account was created and when the password last changed.
- Your optional API key. If you add your own Anthropic API key, we store it encrypted at rest and decrypt it only to run your research sessions.
- Payments. Purchases of research credits and donations are processed by Stripe. We don’t see or store your card number. We keep a Stripe customer identifier and a record of each purchase (amount, currency, date, and Stripe’s session identifier). Stripe collects a billing address for tax purposes.
- Credit balance and usage. Your prepaid credit balance and a ledger of activity (how much you’ve spent, call counts, last activity) so the service can meter usage.
- Public research content. The prompts you write, the agent’s responses, the URLs it searches and reads, and the values, confidence levels, and citations you commit. This is stored and displayed publicly; the values and citations you commit are attributed to your profile, and the conversations behind them are public.
- Support messages. If you use the in-app support chat, those messages are stored and visible to you and to site administrators (not public).
- Contact form. If you use the contact form, the name, email address, topic, and message you send are emailed to us (via Resend) so we can reply — with the reply address set to the email you provide. Submissions also pass a Cloudflare Turnstile anti-spam check (see below).
- Analytics and performance. We use Google Analytics (which sets cookies) to understand traffic, and we collect anonymous web-performance measurements (page-load metrics) that do not identify you and store a generic page template rather than the specific city you viewed.
- Technical data. Your IP address is used transiently to rate-limit requests and prevent abuse; it is not written into our data files. When you submit the contact form, your IP is also shared with Cloudflare Turnstile to confirm the request isn’t automated. Our hosting and server logs may briefly record account identifiers, request details, and errors for operating and securing the service.
Cookies
- Session cookie (
bezos_session) — keeps you signed in. Strictly necessary. - Billionaire preference (
active_billionaire) — remembers which billionaire the site compares against. A convenience setting. - Site-access cookie (
site_access) — only set if the site is running behind an access code. - Google Analytics cookies (e.g.
_ga) — set by Google to measure traffic. - Provider cookies — our payment (Stripe) and security (Cloudflare) providers may set their own functional cookies when you use checkout or the contact form.
We don’t currently show a cookie-consent banner. If you’re in the EU/UK and would rather not be measured by Google Analytics, you can block analytics cookies in your browser or use a content blocker; the site works fully without them. We’re treating consent for analytics as an area to improve.
Why we use your data (legal bases)
- To run your account and process payments — performance of our agreement with you.
- To keep the project running, secure, and abuse-free, and to maintain the public research dataset — our legitimate interests.
- Analytics — your consent, where required.
- Keeping purchase and tax records — to meet legal obligations.
Who we share it with
We don’t sell your data. We use a small set of service providers that process data on our behalf:
- Anthropic — runs the research agent. Your prompts and the research context are sent to Anthropic’s API to generate responses and perform web searches on your behalf.
- Stripe — payments and tax.
- Resend — transactional and contact emails.
- Cloudflare — content delivery, TLS, and abuse/DDoS protection; it processes visitor IP addresses and requests at the edge.
- Fly.io — hosting. The application and its data run on a server in Amsterdam.
- Google Analytics — traffic measurement.
Some of these providers (e.g. Anthropic, Stripe, Google) are based in the United States, so some data may be processed outside the EEA under the appropriate safeguards offered by those providers.
How long we keep it
Account data is kept while your account is open. If you delete your account, we remove your account record, settings, credit balance, and purchase history, and sign you out everywhere. Purchase records we’re legally required to retain may be kept by Stripe and in our tax records.
Your public contributions stay public. Cities, values, citations, and research transcripts you created remain part of the shared dataset after your account is deleted — they’re what makes the project useful to the next researcher — but the link back to your (now-deleted) account is severed.
Your rights
If you’re in the EU/UK, you have the right to access, correct, export, restrict, or object to the processing of your personal data, and to ask us to delete it. You can:
- Export your account data from your settings at any time.
- Edit your display name and change your password yourself.
- Delete your account from your settings (subject to the public- contributions note above).
- Use the contact form for anything else.
You also have the right to complain to a supervisory authority. In the Netherlands that’s the Autoriteit Persoonsgegevens.
How we protect your data
Passwords are stored hashed with bcrypt; any API key you provide is encrypted with AES-256-GCM; sessions use signed tokens; password reset links are single-use and expire within an hour; requests are rate-limited and traffic is served over HTTPS via Cloudflare; and card data is handled by Stripe, never by us. No system is perfectly secure, but we take reasonable measures to protect your data.
Children
This site isn’t directed at children. If you’re under 16, please don’t create an account or submit personal data.
Changes
If we change this policy we’ll update the date at the top. Material changes will be noted on this page.
Contact
Questions, requests, or corrections — use the contact form.