1. Information We Collect
We collect information you provide directly:
- Account Information: Email address and password when you create an account
- Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
- Document Content: Files you upload for SWP tagging (processed temporarily and not stored permanently)
- Usage Data: How you interact with our Service to improve functionality
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process your subscriptions and payments
- Send important service-related communications
- Improve and optimize our Service
- Protect against fraud and abuse
3. Document Processing
When you upload documents for SWP tagging:
- Documents are processed in memory and not permanently stored on our servers
- Tagged output is generated and provided to you immediately
- We do not retain copies of your documents after processing
4. AI-Powered Features and External AI Provider Data Sharing
Several features use external AI providers (OpenAI, Anthropic, Google) to process text. These features include:
- GPT Idea Builder (/, Pro tier) — generates and refines documents using OpenAI
- SWP Support Chat (/support) — answers questions about IdeaPhase using OpenAI
- SWP Playground (/playground, Pro tier) — runs A/B evaluations using your chosen AI provider
When you use any of these features:
- PII Scrubbing: We apply automated pattern-based detection to identify and remove common forms of personal information (such as email addresses, phone numbers, social security numbers, credit card numbers, and street addresses) from your input before it is sent to any external AI provider. While this reduces PII exposure, no automated system can guarantee complete removal of all personal information
- Data Shared: After PII scrubbing, text prompts and user inputs are sent to the selected AI provider for processing
- Processing: External AI providers process this data to generate responses; we do not control their data handling practices
- Retention: AI providers may retain data according to their own policies; please review OpenAI's Privacy Policy, Anthropic's Privacy Policy, and Google's Privacy Policy for details
- Audit Logging: We log metadata about each AI provider call (service name, provider, character count, timestamp) for compliance purposes. The actual content of your input or the AI response is never logged
- No Sensitive Data: Despite automatic PII scrubbing, do not submit sensitive personal information, financial data, or confidential information through AI features
- Opt-Out: You can avoid external AI data sharing by not using these features
5. Data Security
We implement industry-standard security measures:
- HTTPS encryption for all data transmission
- Bcrypt password hashing
- CSRF protection on all forms
- Secure session management
- Regular security audits
6. Third-Party Services
We use trusted third-party services:
- Stripe: For secure payment processing (Stripe Privacy Policy)
- OpenAI, Anthropic, Google: For AI-powered features (GPT Idea Builder, Support Chat, Playground) - see Section 4 above for details
- Replit: For hosting infrastructure
7. Cookies and Tracking
We use essential cookies for:
- Session management and authentication
- CSRF protection
We do not use advertising cookies or third-party tracking.
8. Data Retention
We retain your account information as long as your account is active. You may request deletion of your account and associated data by contacting us.
9. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data
- Opt out of non-essential communications
10. Children's Privacy
The Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice on our Service.
12. Contact Us
For privacy-related questions or to exercise your rights, please contact us through the About page.