Privacy Policy

Introduction

Welcome to Pensatorium. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our AI-powered thought processing application.

Information We Collect

1. Information You Provide

• Account Information: Email address, name, and profile picture when you sign up via Clerk authentication (Google, Apple, GitHub, or email)
• Thought Content: Voice recordings, transcriptions, processed thoughts, notes, and insights you create within the application
• User Preferences: Settings, theme preferences, privacy controls, and customization options
• Beta Invite Codes: If you join during our beta phase, we store your invite code for access verification

2. Automatically Collected Information

• Usage Data: How you interact with the application, features used, and usage patterns
• Device Information: Browser type, operating system, device identifiers
• Technical Data: IP address, timestamps, error logs, and performance metrics
• Cookies: Authentication cookies and optional functional/analytics cookies (see our Cookie Policy)

3. AI Processing Data

• Audio Processing: Voice recordings sent to OpenAI Whisper for transcription
• Content Processing: Thought content processed by OpenAI GPT-4 for enhancement and insights
• Embeddings: Vector embeddings generated for semantic search (stored in our database)

How We Use Your Information

• Core Functionality: Provide thought processing, transcription, AI enhancement, and search features
• Authentication: Manage your account and authentication via Clerk
• Improvement: Analyze usage patterns to improve features and user experience
• Security: Detect and prevent fraud, abuse, and security threats
• Communication: Send important updates, security notifications, and beta feedback requests
• Compliance: Meet legal obligations and enforce our terms of service

Data Storage and Security

Encryption

• In Transit: All data transmitted using TLS/SSL encryption (HTTPS)
• At Rest: Sensitive data encrypted using AES-256-GCM encryption
• Database: Row Level Security (RLS) ensures data isolation between users

Data Location

• Database: Hosted on Supabase (PostgreSQL) in secure data centers
• Authentication: Managed by Clerk (DPF certified, GDPR compliant)
• AI Processing: OpenAI API (processes data in compliance with their policies)

Access Controls

• Strict access controls limit who can access your data
• Admin access is restricted to authorized personnel only
• All access is logged and monitored

Third-Party Services

We use the following third-party services to provide our application:

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (account deletion available in settings)
• Right to Data Portability: Export your data in a machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent for cookies and optional features

To exercise these rights, visit your Account Settings or contact us via our contact form.

Data Retention

• Active Accounts: Data retained as long as your account is active
• Account Deletion: 30-day grace period before permanent deletion
• Legal Obligations: Some data may be retained longer for compliance purposes
• Backups: Backup data deleted within 90 days after account deletion

Children's Privacy

Pensatorium is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the application. Continued use of Pensatorium after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us: