Legal Documents

Privacy Policy

Effective Date: January 5, 2025
Last Updated: January 5, 2025

Privasim ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our business planning and profile builder services.

By using Privasim, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

1. Overview

Privasim ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our business planning and profile builder services.

By using Privasim, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2. Data We Collect

2.1 User-Provided Data

When you use our Profile Builder and business planning features, you may provide:

  • Professional Information: Work experience, skills, industries, job roles
  • Personal Interests: Hobbies, domain expertise, preferences
  • Business Plans: Ideas, strategies, implementation plans you create
  • Account Information: Email address, authentication credentials (managed by Supabase Auth)
  • Chat Messages: Conversations with our AI assistant for business planning

2.2 Automatically Collected Data

We automatically collect:

  • Usage Data: Feature interactions, session duration, navigation patterns
  • Technical Data: Browser type, device information, IP address (anonymized)
  • Performance Metrics: Error logs, load times for service improvement

3. How We Use Data

We use your data to:

  • Personalize Recommendations: Generate business plans tailored to your profile
  • Improve Service Quality: Analyze usage patterns to enhance features
  • Provide Support: Respond to inquiries and troubleshoot issues
  • Ensure Security: Detect and prevent fraudulent activity
  • Communicate Updates: Send service announcements and feature updates (with your consent)

We do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising purposes
  • Share your profile information with external partners without consent

4. Storage & Retention

Browser Storage (localStorage)

  • Profile Data: Your work experience, skills, and interests are stored locally in your browser using localStorage
  • Transient Conversations: Chat history is stored temporarily in your browser and not persisted to our servers
  • Control: You can clear this data anytime through browser settings

Supabase Database

  • Explicit Backups: When you save a backup, it is stored in our Supabase database with row-level security (RLS)
  • Tab States: Your active tab preferences are persisted to enable cross-device continuity
  • Authentication: User accounts are managed by Supabase Auth with industry-standard encryption

Retention Policy

  • Active Accounts: Data retained while your account is active
  • Inactive Accounts: Data may be deleted after 24 months of inactivity (with prior notice)
  • Deletion Requests: Honored within 30 days of request

5. Data Sharing

We share data only in these limited circumstances:

5.1 AI Service Providers

  • OpenRouter/Mistral AI: Your prompts are sent to generate business plans
  • Privacy Guarantee: Mistral models via OpenRouter do not log your data
  • Documentation: OpenRouter Privacy & Logging Policy

5.2 Third-Party Provider Logging Practices

OpenRouter hosts multiple AI providers with varying privacy policies. While we restrict our services to privacy-focused providers, you should be aware of the landscape:

Vision/Image Analysis: When you submit screenshots or other images, OpenRouter routes the request through Chutes (the Mistral vision hosting tier). Chutes logs prompts and media for abuse monitoring and model improvement, even though standard text-only usage stays on Mistral infrastructure without logging.

ProviderLogging for TrainingRetention
Mistral AINo (privacy-first)Brief for abuse monitoring
ChutesYes (improvement)Extended for training
Other providersVariesRefer to provider terms

Note: This table reflects current policies as documented by OpenRouter. Providers may change their practices. Always review the latest OpenRouter privacy documentation for up-to-date information.

5.3 Infrastructure Providers

  • Supabase: Hosts our database with encryption at rest and in transit
  • Railway: Deploys our application with secure HTTPS connections

5.4 Legal Obligations

We may disclose data if required by law, court order, or to protect our rights and safety.

6. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all data we hold about you
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request permanent deletion of your account and data
  • Portability: Export your data in a machine-readable format (JSON)
  • Opt-Out: Unsubscribe from marketing communications
  • Withdraw Consent: Revoke permissions for data processing

To exercise these rights, contact us at contact@privasim.com.

7. AI Providers & Third-Party Services

OpenRouter & Mistral AI

  • We use Mistral models served through OpenRouter for business plan generation
  • No Data Logging: Mistral models are configured with privacy-first defaults
  • No Training: Your prompts are not used to train AI models
  • Review: OpenRouter Privacy Documentation

Supabase

  • Provides authentication and database services
  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • RLS Policies: Row-level security ensures users can only access their own data

8. Security Measures

We implement industry-standard security practices:

  • Encryption: All data transmitted over HTTPS/TLS
  • Database Security: Row-level security (RLS) policies on all user tables
  • Authentication: Secure session management via Supabase Auth
  • Access Controls: Minimal privilege principle for internal systems
  • Regular Audits: Periodic security reviews and vulnerability assessments

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please use strong passwords and enable two-factor authentication when available.

9. Children's Privacy

Privasim is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at contact@privasim.com.

10. Updates & Contact

Policy Updates

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use after changes constitutes acceptance.

Contact Information

For questions, concerns, or data requests:

Email: contact@privasim.com
Response Time: We aim to respond within 5 business days

11. International Users

Privasim is operated globally. By using our services, you consent to the transfer and processing of your data in accordance with this policy and applicable laws.

GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with your local data protection authority

CCPA Compliance (California Users)

California residents have the right to:

  • Know what personal information is collected
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell data)

By using Privasim, you acknowledge that you have read and understood this Privacy Policy.