Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how Apache-3 Inc. ("Persoona", "we", "our", "us") collects, uses, processes, shares, and protects information in connection with the Persoona.ai website, application, APIs, and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy and our Terms of Service. If you do not agree, do not use the Service.

2. Information we collect

We collect information from and about you in the following categories:

2.1 Information you provide

• →Account information: email address, and any authentication credentials issued by our identity provider.
• →Profile information (Persona): full name, headline, years of experience, primary domain, skills, goals, résumé text or files (when uploaded), social-network URLs, and any other content you enter in onboarding or profile-management interfaces.
• →User-generated content: workspace names, descriptions, idea selections, free-text inputs to AI modules, files uploaded, and any other content you submit through the Service.
• →Communications: content of emails, support tickets, survey responses, and other communications you send to us.
• →Payment information: when you subscribe to a paid tier, we collect billing identifiers from our payment processor (we do not store full payment-card numbers).

2.2 Information collected automatically

• →Device + connection data: Internet Protocol (IP) address, browser type and version, operating system, referrer URL, language preferences, screen resolution, and approximate location derived from the IP address.
• →Usage data: pages visited, time spent, features used, modules run, click events, error events, performance telemetry, and similar interaction data.
• →Cookies, web beacons, and similar technologies: see Section 6.
• →Inferred data: we may derive additional data from the above (e.g., engagement scores, segment membership, fraud-risk signals).

2.3 Information from third parties

• →If you authorize a third-party account integration (such as a Google sign-in or, in the future, a GitHub connection for repo provisioning), we receive identity and account information from that platform per its terms and your authorization.
• →Information from analytics, advertising, fraud-prevention, identity-verification, or enrichment service providers we engage from time to time.
• →Publicly available information that you choose to share with us, such as social-network profile URLs you submit as part of your Persona.

2.4 What we do not collect from LinkedIn

Persoona does not access LinkedIn's services, scrape LinkedIn pages, use LinkedIn APIs, or store information from LinkedIn's servers. When you submit a LinkedIn URL or paste LinkedIn profile text into Persoona, that content is information you have provided to us directly. The submitted URL is stored as a public link on your own founder profile and the pasted text is used only to generate the outputs you requested. Persoona is not affiliated with, endorsed by, or sponsored by LinkedIn Corporation.

3. How we use information

We may use information we collect for any of the following purposes:

• →To provide, operate, maintain, secure, and improve the Service.
• →To authenticate users, prevent fraud, enforce our Terms, and protect the rights, property, or safety of Persoona, our users, or the public.
• →To personalize the Service, including by using your Persona to generate AI module outputs, ranking results, and tailoring recommendations.
• →To train, fine-tune, evaluate, and improve our own machine-learning models and the Service generally. Training on customer data may include both individual-account context (used solely to serve you) and aggregated or de-identified data used to improve features for all users. We may use anonymized or aggregated outputs in published research, marketing materials, or competitive benchmarks.
• →To process payments, manage subscriptions, send invoices, and prevent fraudulent charges.
• →To communicate with you about service updates, security alerts, billing, support requests, surveys, and (with your consent where required) marketing.
• →To comply with applicable law, respond to legal process, or cooperate with regulators or law-enforcement authorities.
• →For any other purpose disclosed at the time of collection or otherwise with your consent.

We may rely on the following legal bases (where applicable under GDPR/UK GDPR): performance of a contract with you, legitimate interests, consent, and compliance with legal obligations.

4. How we share information

We may share information in the following circumstances:

• →Service providers + sub-processors: vendors that perform services on our behalf (hosting, database, authentication, AI-model providers, analytics, payments, email delivery, customer support, fraud prevention, security, and similar). Current sub-processors include, without limitation: Supabase (database + auth), Vercel (hosting + CDN), Stripe (payments), and AI-inference providers we may engage from time to time, including but not limited to Anthropic, OpenAI, and Google. The list of sub-processors may change; we will use reasonable efforts to keep an up-to-date list available on request.
• →Affiliates: entities that control, are controlled by, or are under common control with Apache-3 Inc.
• →Business transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets, in which case the recipient may continue to use the data subject to this Policy or a successor policy.
• →Legal + safety: when we believe in good faith that disclosure is necessary to comply with applicable law, legal process, or governmental request; to enforce our agreements; to protect the rights, property, or safety of Persoona, our users, or others; or in connection with an investigation of fraud or wrongdoing.
• →With your consent or at your direction: including when you choose to share content publicly, post in community surfaces, or integrate with a third-party tool.
• →Aggregated or de-identified information: we may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you.

5. AI-generated outputs + training

The Service uses artificial-intelligence systems, including third-party large-language models and our own models, to generate structured outputs in response to your inputs. By using AI-powered features:

• →You acknowledge that AI outputs may be inaccurate, incomplete, or otherwise flawed and that you are solely responsible for evaluating and verifying outputs before relying on them.
• →You grant us the right to use your inputs and the resulting outputs to operate the Service, troubleshoot, improve our systems, train our models, and develop new features, subject to applicable law.
• →Where we route data to third-party AI providers, we will use commercially reasonable efforts to engage providers that contractually limit their use of customer data; however, we do not guarantee specific provider terms.

6. Cookies + similar technologies

We and our service providers use cookies, web beacons, pixels, local storage, server logs, and similar technologies for authentication, session management, security, fraud prevention, preference storage, analytics, performance measurement, and (where applicable and lawful) marketing and advertising. You can control cookies through your browser settings. Disabling certain cookies may impair the functionality of the Service.

7. Data retention

We retain information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of data, the purposes for which it was collected, and applicable legal requirements. We may retain certain information after account deletion in anonymized or aggregated form, in backups (until those backups expire), or as required by law.

8. Security

We employ administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit, role-based access controls, row-level security in our database, and routine security review of third-party providers. Despite these measures, no system is perfectly secure; we cannot guarantee the security of any information transmitted to or stored by us. You are responsible for maintaining the confidentiality of your account credentials.

9. Your rights + choices

Subject to applicable law, you may have the following rights with respect to information we hold about you:

• →Right to access: request a copy of personal information we hold about you.
• →Right to correct: request correction of inaccurate or incomplete personal information.
• →Right to delete: request deletion of personal information, subject to exceptions allowed by law.
• →Right to restrict or object: restrict or object to certain processing of your personal information.
• →Right to portability: receive personal information in a structured, machine-readable format.
• →Right to withdraw consent: where processing is based on consent, withdraw consent at any time without affecting prior lawful processing.
• →Right to lodge a complaint: file a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, email apache3corp@gmail.com. We may need to verify your identity before fulfilling a request and may decline requests that are unfounded, repetitive, or that would adversely affect the rights of others. We will respond within the time required by applicable law.

10. California privacy rights (CCPA/CPRA)

If you are a California resident, you have the rights described in Section 9 plus, where applicable, the right to opt out of the "sale" or "sharing" of personal information as defined under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). We do not knowingly "sell" personal information for monetary consideration. We may "share" certain identifiers, internet activity, and inferences with service providers and advertising partners for cross-context behavioral advertising as defined by California law. To opt out, email apache3corp@gmail.com with "CCPA Opt-Out" in the subject. We will not discriminate against you for exercising your rights.

11. EU/UK + international users

We are headquartered in the United States, and information we collect may be transferred to, stored, and processed in the United States or any other country in which we or our service providers operate. By using the Service, you consent to such transfers. Where personal information of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States, we rely on standard contractual clauses or other lawful transfer mechanisms.

12. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete it promptly. Parents or guardians who believe their child has provided personal information may contact apache3corp@gmail.com.

13. Third-party links + services

The Service may contain links to, or integrate with, third-party websites, applications, or services. This Policy does not apply to the practices of those third parties. We are not responsible for the content, privacy practices, or policies of third parties. We encourage you to review the privacy policies of any third party before providing information.

14. Changes to this Policy

We may modify this Policy at any time, in our sole discretion. If we make material changes, we will provide notice through the Service, by email to the address associated with your account, or by other reasonable means before the changes take effect. Your continued use of the Service after the effective date of any change constitutes your acceptance of the modified Policy. If you do not agree to the modified Policy, you must stop using the Service. The "Last updated" date at the top of this page indicates when the Policy was most recently revised.

15. Contact

Apache-3 Inc.
Email: apache3corp@gmail.com
For privacy-specific inquiries, lead the subject line with "Privacy:".