Privacy Policy

1. Data Controller

The Service is operated by Tiago Marques, an individual based in Portugal, acting as the data controller under GDPR Article 4(7).

Contact:

• Email: pensatorium.ai@gmail.com
• Address: Odivelas, Portugal

For EU/EEA users, complaints may be submitted to the Portuguese Data Protection Authority (CNPD — Comissão Nacional de Proteção de Dados, https://www.cnpd.pt).

2. Data We Collect

We collect only what is necessary to provide and improve the Service.

2.1 Account information (via Clerk)

• Email address
• Name and profile image (if provided via social sign-in)
• Authentication provider (Google or email/password)
• Authentication tokens and session metadata

2.2 User-generated content

• Voice recordings you capture
• Transcriptions of those recordings
• Thoughts, notes, reflections, folders, areas, insights, tags, and any other text you create or edit

End-to-end encryption (optional, with custom passphrase):

When you enable a custom passphrase, the following content is encrypted with a key derived from your passphrase before it is stored on our servers, and cannot be read by us, our hosting providers, or any third party:

• Thought titles, transcriptions, AI-processed content, and notes
• Private notes on action items, questions and answers, and saved reflections

The following data is not end-to-end encrypted, even with a custom passphrase, because the Service requires it in plaintext to function:

• Folder and area names (used to organize and navigate)
• Action item labels and scheduled times (used to deliver reminders, push notifications, and to power external calendar feeds, which run outside an authenticated session)
• The original phrase that produced a temporal action (e.g., “next Tuesday”), retained to display alongside the reminder
• Vector embeddings (used to power semantic search)
• Extracted entities such as people and organizations (used for cross-thought linking)
• Timestamps, language detection, processing status, and other technical metadata

Voice recordings: Audio is transmitted over TLS to our transcription provider (OpenAI Whisper) and deleted immediately after transcription. We do not retain raw audio. The resulting transcription text is then encrypted as described above.

Without a custom passphrase: Your content is still encrypted at rest by our database and storage providers (AES-256) and protected in transit by TLS. In this mode, encryption keys are managed by us, which means we technically have the ability to access your content if required by law or to assist with account recovery.

How we handle your passphrase: When you read or write encrypted content, your passphrase is transmitted to our servers over TLS solely so we can derive your encryption key for that request. We do not store, log, or retain your passphrase or the derived key — once the request completes, we hold no key material and have no way to read your encrypted content. Strict client-side end-to-end encryption (where the passphrase never reaches our servers) is on our roadmap; implementing it requires architectural changes that would limit certain server-side features such as semantic search.

If you lose your custom passphrase, your end-to-end encrypted content cannot be recovered — not by you and not by us. A recovery code is generated when you set up your passphrase; keep it somewhere safe.

2.3 Device and usage data

• Device model, operating system, and OS version (for support and troubleshooting)
• IP address and user-agent string (for rate limiting, abuse prevention, and audit logs of sensitive actions such as account deletion)
• Push notification tokens (to deliver notifications you opt into)
• Approximate language/locale (from the device)

2.4 Payment data (via LemonSqueezy)

If you purchase a subscription, LemonSqueezy processes your payment as Merchant of Record. We receive subscription status and billing metadata but do not receive or store your full card number.

2.5 Data we do not collect

• Precise location
• Contacts or calendar entries from your device (beyond what you explicitly create in the app)
• Advertising identifiers
• Microphone data outside of explicit recording sessions you initiate

2.6 Operational logs

• Aggregated usage metrics (number of thoughts, recordings, AI tokens consumed) used for billing, cost monitoring, and abuse prevention
• Audit logs of sensitive account actions (data export, account deletion) including timestamp, IP, and user-agent
• AI processing logs (model used, processing duration, success/failure) — these reference your content but do not duplicate it

2.7 Calendar feed tokens

If you choose to subscribe to your Pensatorium calendar from an external app (in iCalendar/ICS format), we generate a unique bearer token embedded in the feed URL. Anyone with that URL can read the feed, so treat it as a secret. You can revoke and regenerate the token at any time from your settings.

External calendar apps that subscribe to your feed will display action labels, scheduled times, and folder/area names in plaintext. This is an unavoidable consequence of the iCalendar format, which has no encryption layer. Private notes attached to an action are not included in the feed.

3. How We Use Your Data

We do not sell your personal data. We do not use your data to train AI models for third parties. We do not run behavioral advertising.

4. Third-Party Processors

We rely on the following service providers ("sub-processors") who act on our instructions:

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) under GDPR Art. 46(2)(c) or equivalent adequacy decisions.

5. Data Retention

• Account data: retained for the life of your account
• Thoughts and recordings: retained until you delete them or delete your account
• Backups: may persist for up to 30 days after deletion
• Server, audit, and AI processing logs: up to 90 days
• Legal/tax records (payments): up to 10 years as required by Portuguese law

When you delete your account, we delete personal data within 30 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict or object to processing
• Portability — receive your data in a machine-readable format
• Withdraw consent at any time (without affecting prior lawful processing)
• Lodge a complaint with a supervisory authority

How to exercise these rights

• In-app: Settings → Account → "Export my data" / "Delete my account"
• Email: pensatorium.ai@gmail.com (subject: "Privacy request")

We respond within 30 days (extendable by 60 days for complex requests, per GDPR Art. 12(3)).

California residents (CCPA/CPRA)

You additionally have the right to know which categories of personal information we collect and the right to opt out of "sharing" for cross-context behavioral advertising — we do not share for this purpose.

Brazil residents (LGPD)

You have equivalent rights under LGPD Art. 18. For LGPD matters, you can contact us at pensatorium.ai@gmail.com. As the sole operator of the Service, the data controller also serves as the privacy contact (Encarregado).

7. Children

The Service is not intended for users under 16 years old (or the minimum legal age in your country, if higher). By creating an account, you represent that you meet this age requirement. We do not knowingly collect data from children below that age. If you believe a child has provided us data, contact us and we will delete it.

8. Security

We implement industry-standard measures including:

• TLS encryption in transit
• AES-256 encryption at rest provided by our database and storage providers
• Optional end-to-end encryption via a user-controlled passphrase (see Section 2.2 for the precise scope of what is and is not E2E-encrypted)
• Row-Level Security (RLS) on all user-data tables
• Access controls on administrative systems

No system is perfectly secure. We disclose material breaches to affected users and regulators within 72 hours as required by GDPR Art. 33–34.

9. Cookies and Similar Technologies

The mobile app uses secure device storage (Keychain/Keystore) for session tokens. The web app uses strictly necessary cookies for authentication. We do not set advertising or tracking cookies. See our Cookie Policy for details.

10. Automated Decision-Making

AI-powered features (transcription, insight generation, thought discovery) process your content to produce suggestions. These are advisory and do not produce legal or similarly significant effects under GDPR Art. 22.

11. Changes to This Policy

We may update this Policy. Material changes will be announced in-app and by email (where reasonably possible) at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact

For privacy questions, data requests, or complaints:

• Email: pensatorium.ai@gmail.com
• Address: Odivelas, Portugal