Privacy Policy

This Privacy Policy explains how we handle data for the Teams Program.

We collect and process data needed to provide the service, secure the platform, and improve product quality.

Account data: business email, team name, billing details, and collaborator access metadata.

Product data: lead submissions, idea text, report outputs, and dashboard interactions.

Technical data: logs, device and browser metadata, and security telemetry.

To authenticate users, run analyses, generate reports, and power dashboard workflows.

To process billing, provide support, detect abuse, and maintain platform security.

To improve quality and reliability using aggregated and operational metrics.

Workspace data is never used in public marketing materials, blog posts, or benchmark reports. Aggregated metrics derived from Teams workspaces remain strictly internal and are never combined with consumer datasets we may publish elsewhere.

We use trusted providers for hosting, data storage, analytics, authentication, AI processing, and payment operations.

AI processing is handled by Google (Gemini), Anthropic (Claude), and OpenAI (GPT) under enterprise API terms that prohibit model training on your data. Requests may be routed through ZenMux and OpenRouter, LLM gateways with their own data handling policies.

These providers only process data as necessary to deliver the service under contractual safeguards.

Workspace and report data is retained while your team account remains active. Upon account closure or deletion request, workspace data is permanently deleted within 30 days.

Financial records (invoices, billing logs) are retained for 10 years as required by French tax law. Security logs are retained for 12 months to support incident investigation.

You may request deletion at any time by contacting support.

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Our infrastructure providers (Supabase, Vercel, Stripe) are SOC 2 Type II certified. We use row-level security to logically isolate workspace data, multi-factor authentication for production access, and continuous security monitoring. No system is fully risk-free, but we maintain incident response procedures aligned with industry standards.

In the event of a personal data breach affecting your workspace, we will notify affected teams within 72 hours of discovery, as required by GDPR Article 33.

Data may be processed in countries outside your own, including the United States, where some of our AI and infrastructure providers operate. Where personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards, to ensure your data receives equivalent protection.

You may request access, correction, export, or deletion of your data, subject to legal limitations.

You may also request details about how your team data is processed.

To submit a privacy request, contact us at support@preuve.ai from your account email.

For customers on Starter, Pro, or Scale plans, a Data Processing Agreement (DPA) is available on request. Contact support to receive a copy for your legal team to review and sign.

If we make material changes to this policy, we will update the date on this page and provide notice when required.