We collect information in the following ways:

Account Information

When you create an account, we collect your email address and, optionally, a username. If you sign up via Google OAuth, we receive your Google email address and profile name from Google's authentication service. We do not store your Google password.

User-Generated Content

We store the ideas, problem descriptions, and chat messages you submit to the Service. This content is used to generate market research reports and is stored in your account for future reference.

Generated Reports

Market research reports, competitor analyses, build briefs, and other AI-generated outputs are stored in association with your account and projects.

Usage Data

We track the number of analyses you've used per billing period to enforce plan limits. We may collect basic analytics data such as page views and feature usage to improve the Service.

We use your information to:

• Provide and operate the Service, including generating AI-powered market research
• Authenticate your identity and manage your account
• Process payments and manage subscriptions
• Enforce usage limits and rate limiting
• Send transactional emails (account verification, password resets, billing receipts)
• Improve the Service based on usage patterns

We do not sell your personal information to third parties. We do not use your submitted ideas or research data to train AI models.

Your data is stored securely using Supabase, a hosted PostgreSQL database service with enterprise-grade security. Key security measures include:

• Row Level Security (RLS) policies ensuring users can only access their own data
• Encrypted connections (TLS/SSL) for all data in transit
• Server-side API authentication on all endpoints
• Rate limiting to prevent abuse
• Passwords hashed using bcrypt via Supabase Auth (we never store plain-text passwords)

Supabase infrastructure is hosted on AWS in the United States. For more information about Supabase's security practices, see supabase.com/security.

The Service integrates with the following third-party providers. Each processes data as necessary to provide the Service:

You have the right to:

• Access your data — all your projects, messages, and reports are visible in the app
• Export your data — use the Export Brief feature to download your research
• Delete your data — delete individual projects or your entire account via Settings
• Correct your data — update your username and password via Settings

Account deletion is permanent and immediate. When you delete your account, all associated data (projects, messages, reports, profile, usage records) is permanently removed from our database. This action cannot be undone.

We retain your data for as long as your account is active. If you delete your account, all data is permanently deleted immediately. We do not maintain backups of deleted user data beyond standard database backup windows (typically 7 days), after which deleted data is permanently purged.

Anonymized, aggregated usage statistics (e.g., total number of analyses run across all users) may be retained indefinitely for internal analytics purposes.

We use essential cookies only, required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The authentication cookies are httpOnly and secure, managed by Supabase Auth.

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@skopple.io.