Privacy Policy

1. Introduction and scope

This Privacy Policy explains how Pruvelo ("we", "us") processes personal data when you visit our marketing site, create an account, or use the application. It should be read alongside our Terms of Service.

2. Categories of data we collect

• Account and profile: email address, password hash (managed by our auth provider), name and company if you provide them, subscription plan, timezone or locale where relevant, and preferences such as reminder settings.
• Journal and product content: text you submit, AI-derived structured fields, tags, exports, interview or raise prep sessions, analytics aggregates derived from your entries, and related metadata. You own your substantive content.
• Technical and usage data: IP address and approximate location from standard server logs, device and browser type, request timestamps, diagnostic events, and product analytics as implemented in the Service (including privacy-preserving web analytics from our hosting provider, described below).
• Payment-related data: billing status, subscription identifiers, and transaction references. Paddle processes card and payment details; we do not store your full card number on our application servers.
• Support and communications: content of emails or in-app messages you send us.

3. How we use personal data

We process data to provide and secure the Service; authenticate users; deliver transactional and optional reminder emails; run AI structuring, synthesis, and related features you request; measure reliability and product usage; process payments; communicate with you; comply with legal obligations; enforce our Terms; and defend against fraud or abuse.

Where European or UK law applies, we rely on appropriate lawful bases such as performance of a contract, legitimate interests (for example securing the Service and understanding aggregate usage), and consent where required (for example certain cookies or marketing, if offered).

4. AI processing

Text you submit for structuring or generation is sent to the Anthropic API when you use AI features. Anthropic acts as a subprocessor and processes data under their terms and privacy policy: anthropic.com/privacy. We configure the product to deliver the Service to you; we do not use your journal content to train public foundation models, consistent with our agreements and product settings with the provider.

5. Storage and security

Application data is stored in Supabase (managed PostgreSQL). Access is enforced with authentication and row-level security so users ordinarily read and write only their own rows. Infrastructure providers apply encryption in transit and at rest according to their standards. No online service can guarantee perfect security; we follow reasonable industry practices and review vendors we rely on.

6. International transfers

We and our subprocessors may process data in the United States and other countries. Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms. You may contact us for more information about transfers relevant to your account.

7. Retention

We retain personal data while your account is active and for a limited period afterwards for backups, security, legal compliance, and dispute resolution. You may request deletion of your account and associated personal data subject to legal exceptions; some anonymised or aggregated data may be retained where it no longer identifies you.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or export personal data; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. To exercise these rights, contact hello@pruvelo.com. We will respond within the timeframe required by applicable law where one applies.

9. Cookies and analytics

We use cookies and similar technologies that are strictly necessary for authentication, security, and core site functionality (for example session cookies). When you allow it in our in-app cookie preferences, we load Vercel Analytics and Speed Insights for aggregated usage and performance insight. Your choices (essential, analytics, marketing) are stored locally in your browser (for example under the key pruvelo_cookie_consent) so we do not show the banner again until you clear site data or we bump the consent version. If we introduce advertising or cross-site tracking, we will update this policy and respect the marketing toggle when we load those tools.

When you are signed in, we also store each consent decision in our database as an append-only record tied to your account (choices, timestamps, which policy versions were in effect, how the save was triggered, and a truncated browser user-agent string). That supports legal compliance and dispute resolution. Anonymous visitors who are not logged in are not written to this log until they have an account and we receive a sync after sign-in.

10. Third-party services (subprocessors)

We rely on service providers that process personal data on our behalf, including:

• Supabase — database, authentication, and related infrastructure.
• Anthropic — AI structuring and generation you trigger in the product.
• Paddle — payments, tax, and subscription management as merchant of record.
• Resend — delivery of transactional and product emails (for example reminders and onboarding).
• Vercel — hosting, edge delivery, and web analytics as described above.

Each provider receives only the data needed to perform its service. Their use of data is governed by their respective agreements and policies.

11. Children's privacy

The Service is not directed to children under 13, or under the minimum digital consent age in your jurisdiction if higher. We do not knowingly collect personal information from children. If you believe we have done so, contact us and we will take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version with a new "Last updated" date. Where changes are material and the law requires, we will provide additional notice or obtain consent.

13. Contact

Privacy questions and requests: hello@pruvelo.com