Last updated: April 12, 2026
WTAF is a satirical personality quiz for entertainment only. This page describes exactly what we collect when you use the site, why, and how long we keep it. We aim for honesty, not legalese.
When you finish the 30-question test, your browser sends the following to our server:
GHOST, FML) — used to tally aggregate statistics like "14,000 people have been roasted"from parameters from that linkThis data is stored against a random session ID that is not linked to any personal identifier. We do not know who you are. Session records are automatically deleted after 30 days. Aggregate counts (how many people got each personality type, how many came from each source) are retained indefinitely.
On your result page, you can tap Unlock for $1.99 to generate an AI-written personal reading. When you do, your browser sends the following to our server, which forwards it to a third-party AI provider (Moonshot AI):
The generated reading is returned to you. Moonshot's own retention and processing policies apply to data sent to their API.
To prevent abuse of this endpoint, we store a one-way SHA-256 hash of your IP address alongside the reading that was generated for you. If you request another reading from the same network within 30 days, we return your existing cached reading rather than calling the AI again. We do not store the raw IP address — only the hash. This entry auto-expires after 30 days.
If you arrive at WTAF via a link containing parameters like ?utm_source=reddit, ?utm_medium=social, or ?from=meirl_day1, your browser stores those parameters in sessionStorage (which is wiped when you close the browser tab). When you complete a quiz, those parameters are sent along with your result so we can understand which communities and campaigns bring visitors. Only the parameter values themselves are sent — never the full URL. The raw document.referrer string (the page that linked to us) is also captured if present, capped at 200 characters.
We use Cloudflare Web Analytics, a privacy-friendly service that does not use cookies, does not build profiles of individual users, and does not track you across sites. It collects aggregate pageview counts and coarse geographic data (country-level).
This site is served through Cloudflare Pages with storage via Cloudflare Workers KV. Cloudflare may collect standard infrastructure logs (IP address, user-agent, request timestamps) as part of its DDoS protection and network operations. See Cloudflare's Privacy Policy for their retention and practices.
If card payments are enabled in the future, they will be processed by a third-party merchant of record (such as Lemon Squeezy or Stripe). We will not store your card details. Please refer to the processor's privacy policy for how they handle payment information.
Because the data we collect is tied to a session ID rather than your identity, we cannot locate, export, or delete "your" data on request — we would not know which session is yours. Every session record is automatically deleted after 30 days. If you have questions or concerns, contact us at the email below.
If we materially change what we collect or how we use it, we will update this page and the "last updated" date above. Because we do not have your email address, we cannot notify you directly.