Skip to main content
Sign in

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy describes how DirectorDeck("we," "us," or "our") collects, uses, discloses, and protects information in connection with DirectorDeck(the "Service"). By using the Service, you agree to this Policy. If you do not agree, do not use the Service.

1. Who we are

The data controller for personal data processed through the Service is DirectorDeck. The Service is a web application that helps teams configure competitive intelligence workflows and view AI-assisted reports.

2. Information we collect

2.1 Account and authentication

  • Email address and password (or equivalent credentials) processed through our authentication provider (e.g. Supabase Auth) to create and secure your account.
  • Session and security tokens stored in cookies or local storage as needed to keep you signed in.

2.2 Workspace and product usage

  • Company context such as your company website URL, optional industry or profile fields, and analysis window preferences stored in your workspace record.
  • Competitor configuration — URLs or identifiers you add for comparison targets, subject to your plan limits.
  • Director's Desk overlay — optional free-text you provide to steer analysis; we process it as part of generating outputs you request.
  • Reports and job metadata — generated briefings (e.g. markdown), chart metrics, job status, and timestamps stored so you can view history in the product.
  • Notification preferences — toggles you set (e.g. run complete, digest, high-threat alerts), even if email delivery is not yet enabled.
  • Support submissions — subject, category, priority, and message content when you contact us through the Support form.

2.3 Billing

  • If you subscribe to a paid plan, our payment partner (e.g. Paddle) processes payment information. We typically receive subscription status, plan identifiers, and limited billing metadata synced to our database via webhooks—not full card numbers, which stay with the payment provider.

2.4 Automatically collected data

  • Technical and operational logs from hosting and application infrastructure (e.g. IP address, user agent, request paths, error logs) used for security, debugging, and reliability.

3. How we use information

We use the information above to:

  • Provide, operate, and secure the Service (authentication, storage, dashboards, reports);
  • Run analysis jobs you trigger: retrieve public web content via search/retrieval APIs, send relevant context to AI models, and store outputs you see in the app;
  • Enforce plan limits, trials, and subscription status;
  • Communicate with you about the Service, support requests, and (where permitted) product updates;
  • Comply with law, respond to lawful requests, and protect rights and safety.

We do not sell your personal information in the traditional sense (no money for personal data lists). We do not use your workspace content to train public AI models unless we notify you and offer a separate choice where required by law.

4. Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR-style rules apply, we rely on:

  • Contract — processing necessary to provide the Service you request;
  • Legitimate interests — securing the Service, improving reliability, and understanding aggregate usage, balanced against your rights;
  • Consent — where we ask for it (e.g. certain cookies or marketing, if offered);
  • Legal obligation — where required to comply with law.

5. Subprocessors and sharing

We use vetted service providers to host and operate the Service. Categories include: cloud hosting and serverless (e.g. Vercel), database and authentication (e.g. Supabase), AI inference (e.g. Google), web retrieval/search (e.g. Tavily or similar), payments (e.g. Paddle), and email or analytics if enabled. They process data on our instructions and under contractual obligations.

We may disclose information if required by law, court order, or to protect rights, safety, and security.

In a merger, acquisition, or asset sale, your information may transfer as part of the business, subject to this Policy or equivalent notice.

6. International transfers

We may process data in the United States and other countries where our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA, UK, or Switzerland.

7. Retention

We retain information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. You may request deletion of your account; some records may be retained in backups or as required by law for a limited period.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or export personal data; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. To exercise rights, contact us through Support (signed-in users) or the contact method we publish. We may verify your request before responding.

California (CCPA/CPRA):California residents may have additional rights (know, delete, correct, opt out of certain sharing). We do not "sell" or "share" personal information for cross-context behavioral advertising as defined by the CPRA in the operation of DirectorDeck as described here; if that changes, we will update this Policy.

9. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

10. Cookies and similar technologies

We use cookies and local storage that are essential for authentication and session management. If we add non-essential analytics or marketing cookies, we will describe them and, where required, obtain consent.

11. Security

We implement technical and organizational measures appropriate to the risk (encryption in transit, access controls, vendor security practices). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

12. Third-party sites

The Service may reference or retrieve public pages on third-party websites. Their privacy practices are not controlled by us. Review their policies when you visit them directly.

13. Changes to this Policy

We may update this Policy from time to time. We will post the revised version and update the "Last updated" date. Material changes may require additional notice where required by law.

14. Contact

For privacy questions or requests, use the in-product Support page (when signed in) or the contact channel published on our website.

← Back to home · Pricing · Contact · Terms · Privacy · Refunds