Skip to content

Privacy Policy

Version 1.0.0 | Effective Date: December 27, 2025

1. Information We Collect

Account Information

  • Email, name, password (hashed)
  • Billing information (via Stripe, we don't store card numbers)
  • Plan selection and subscription status

Usage Data

  • AI requests (subject to your logging preference)
  • Credit usage and transactions
  • Mission execution and outcomes
  • Quality scores and evaluations
  • Platform interactions and analytics

Technical Data

  • IP address, user agent, device info
  • Log files, error reports, performance metrics
  • Cookies for authentication and preferences

2. How We Use Your Information

  • Provide and improve the Platform
  • Process payments and manage subscriptions
  • Evaluate outcome guarantees and issue refunds
  • Generate weekly reports and analytics
  • Measure AI quality and optimize routing
  • Comply with legal obligations
  • Communicate service updates and support

3. AI Prompt & Response Logging

You Control AI Data Storage:

  • Off: We store only billing metadata (no prompts/responses)
  • Redacted (default): We store with PII removed
  • Encrypted: We store encrypted full bodies (AES-256-GCM)

Configure in: Dashboard → Compliance → Privacy Preferences

4. Data Sharing

We share data with:

  • AI Providers: OpenAI, Anthropic, Google (for AI processing only)
  • Payment Processor: Stripe (for payments)
  • Service Providers: Hosting, monitoring, email (under contract)

We do NOT:

  • Sell your data
  • Use your data to train AI models (unless you opt-in)
  • Share with advertisers or data brokers

5. Data Retention

You control retention periods:

  • AI Logs: 30–365 days (your choice, default 90)
  • Audit Logs: 30–730 days (your choice, default 365)
  • Billing Data: 7 years (legal requirement)
  • Account Data: Until account deletion + 30 days

6. Your Rights (GDPR/CCPA)

  • Access: Download all your data via Audit Pack
  • Deletion: Request account deletion (settings page)
  • Portability: Export in JSON format
  • Opt-Out: Shadow runs, model training, analytics
  • Rectification: Update account info anytime

7. Security

We implement:

  • Encryption in transit (TLS) and at rest (AES-256-GCM)
  • Access controls and authentication
  • Regular security audits
  • Automated backup and recovery
  • Incident response procedures

8. Cookies

We use cookies for:

  • Authentication (essential)
  • Preferences (functional)
  • Analytics (optional, PostHog)

9. International Transfers

Data may be transferred to/stored in US. By using the Platform, you consent to transfers. We use standard contractual clauses for GDPR compliance.

10. Children's Privacy

Platform not intended for users under 18. We don't knowingly collect children's data. If we discover it, we'll delete it.

11. Changes to Privacy Policy

We may update this policy. Material changes = 30-day email notice. Continued use = acceptance.

12. Contact & DPO

Privacy questions: [email protected]
Data Protection Officer: [email protected]
CloudCommerce Inc., [Address TBD]

Document ID: PRIVACY-v1.0.0
Last Updated: December 20, 2025