Last Updated: January 5, 2025

Privasim ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our business planning and profile builder services.

By using Privasim, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

1. Overview

Privasim ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our business planning and profile builder services.

By using Privasim, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2. Data We Collect

2.1 User-Provided Data

When you use our Profile Builder and business planning features, you may provide:

Professional Information: Work experience, skills, industries, job roles

Personal Interests: Hobbies, domain expertise, preferences

Business Plans: Ideas, strategies, implementation plans you create

Account Information: Email address, authentication credentials (managed by Supabase Auth)

Chat Messages: Conversations with our AI assistant for business planning

2.2 Automatically Collected Data

We automatically collect:

Usage Data: Feature interactions, session duration, navigation patterns

Technical Data: Browser type, device information, IP address (anonymized)

Performance Metrics: Error logs, load times for service improvement

3. How We Use Data

We use your data to:

Personalize Recommendations: Generate business plans tailored to your profile

Improve Service Quality: Analyze usage patterns to enhance features

Provide Support: Respond to inquiries and troubleshoot issues

Ensure Security: Detect and prevent fraudulent activity

Communicate Updates: Send service announcements and feature updates (with your consent)

We do NOT:

Sell your personal data to third parties

Use your data for advertising purposes

Share your profile information with external partners without consent

4. Storage & Retention

Browser Storage (localStorage)

Profile Data: Your work experience, skills, and interests are stored locally in your browser using localStorage

Transient Conversations: Chat history is stored temporarily in your browser and not persisted to our servers

Control: You can clear this data anytime through browser settings

Supabase Database

Explicit Backups: When you save a backup, it is stored in our Supabase database with row-level security (RLS)

Tab States: Your active tab preferences are persisted to enable cross-device continuity

Authentication: User accounts are managed by Supabase Auth with industry-standard encryption

Retention Policy

Active Accounts: Data retained while your account is active

Inactive Accounts: Data may be deleted after 24 months of inactivity (with prior notice)

Deletion Requests: Honored within 30 days of request

5. Data Sharing

We share data only in these limited circumstances:

5.1 AI Service Providers

OpenRouter/Mistral AI: Your prompts are sent to generate business plans

Privacy Guarantee: Mistral models via OpenRouter do not log your data

Documentation: OpenRouter Privacy & Logging Policy

5.2 Third-Party Provider Logging Practices

OpenRouter hosts multiple AI providers with varying privacy policies. While we restrict our services to privacy-focused providers, you should be aware of the landscape:

Vision/Image Analysis: When you submit screenshots or other images, OpenRouter routes the request through Chutes (the Mistral vision hosting tier). Chutes logs prompts and media for abuse monitoring and model improvement, even though standard text-only usage stays on Mistral infrastructure without logging.

Provider Logging for Training Retention

Mistral AI No (privacy-first) Brief for abuse monitoring

Chutes Yes (improvement) Extended for training

Other providers Varies Refer to provider terms

Note: This table reflects current policies as documented by OpenRouter. Providers may change their practices. Always review the latest OpenRouter privacy documentation for up-to-date information.

5.3 Infrastructure Providers

Supabase: Hosts our database with encryption at rest and in transit

Railway: Deploys our application with secure HTTPS connections

5.4 Legal Obligations

We may disclose data if required by law, court order, or to protect our rights and safety.

6. Your Rights

You have the following rights regarding your data:

Access: Request a copy of all data we hold about you

Correction: Update inaccurate or incomplete information

Deletion: Request permanent deletion of your account and data

Portability: Export your data in a machine-readable format (JSON)

Opt-Out: Unsubscribe from marketing communications

Withdraw Consent: Revoke permissions for data processing

To exercise these rights, contact us at contact@privasim.com.

7. AI Providers & Third-Party Services

OpenRouter & Mistral AI

We use Mistral models served through OpenRouter for business plan generation

No Data Logging: Mistral models are configured with privacy-first defaults

No Training: Your prompts are not used to train AI models

Review: OpenRouter Privacy Documentation

Supabase

Provides authentication and database services

Encryption: Data encrypted in transit (TLS) and at rest (AES-256)

RLS Policies: Row-level security ensures users can only access their own data

8. Security Measures

We implement industry-standard security practices:

Encryption: All data transmitted over HTTPS/TLS

Database Security: Row-level security (RLS) policies on all user tables

Authentication: Secure session management via Supabase Auth

Access Controls: Minimal privilege principle for internal systems

Regular Audits: Periodic security reviews and vulnerability assessments

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please use strong passwords and enable two-factor authentication when available.

9. Children's Privacy

Privasim is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately at contact@privasim.com.

10. Updates & Contact

Policy Updates

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use after changes constitutes acceptance.

Contact Information

For questions, concerns, or data requests:

Email: contact@privasim.com

Response Time: We aim to respond within 5 business days

11. International Users

Privasim is operated globally. By using our services, you consent to the transfer and processing of your data in accordance with this policy and applicable laws.

GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

Right to object to processing

Right to restrict processing

Right to lodge a complaint with your local data protection authority

CCPA Compliance (California Users)

California residents have the right to:

Know what personal information is collected

Request deletion of personal information

Opt-out of the sale of personal information (we do not sell data)

By using Privasim, you acknowledge that you have read and understood this Privacy Policy.