We collect the minimum needed to run the service.

Marketing site (priorstudio.ai): nothing identifying. No analytics, no tracking pixels, no third-party scripts beyond Google Fonts (which receives your IP address but sets no cookies — see the Cookie notice).

Hosted product (app.priorstudio.ai), when you sign up:

• Account identity: email address, display name, hashed password (bcrypt; we never store plaintext).
• Workspace + project metadata: the priors, models, evals, and runs you create. Treated as your data; you own it.
• Operational metadata: server logs (timestamps, IP, user-agent, endpoint hit) for a rolling 30 days, used only for debugging and abuse-control.
• Billing data: once paid plans launch, payment processing will go through Stripe — we never see your card details, only their tokenised reference.

• We don't run third-party analytics (no Google Analytics, no Mixpanel, no PostHog).
• We don't have advertising tracking pixels.
• We don't sell data. We don't share it with third parties for marketing.
• We don't read your training data or your prior code outside of running it for you (e.g. when you click "Sample" or "Run"). The execution environment is ephemeral and the outputs you see are the outputs we keep.

• Contract — running the service you signed up for. Account identity, workspace data, billing data.
• Legitimate interest — operational logs (debugging, abuse-control), security monitoring.
• Consent — Google Fonts loading. Implicit through the cookie banner; you can opt out by blocking fonts.googleapis.com in your browser (the site falls back to system fonts; it's still readable).

Our infrastructure runs on AWS in the us-east-1 region (United States). If you are in the EU / UK, your data is transferred to the US under Standard Contractual Clauses and the EU–US Data Privacy Framework. If you need an EU data-residency commitment, contact us before signing up — we can scope it project-by-project today and will offer a managed EU region as we scale.

• Account data: while your account is active, plus 30 days after deletion to handle disputes.
• Workspace data: same — you can delete projects any time; deletions take effect within 7 days across our backups.
• Operational logs: 30 days rolling.
• Billing records: 7 years (US tax law).

If you're in the EU, UK, California, or any jurisdiction with similar law, you have the right to:

• Access — get a copy of what we have about you.
• Rectify — fix anything that's wrong.
• Delete — close the account and have data removed within 30 days.
• Export — your workspace data is exportable as a tar.gz via the CLI (priorstudio export).
• Object — opt out of any processing based on legitimate interest.

Email privacy@profitops.ai with the request and we'll respond within 30 days.

PriorStudio is not directed at people under 16. We don't knowingly collect data from anyone under that age. If you believe we have, please email us and we'll delete it.

Passwords are hashed with bcrypt (cost factor 12). Data in transit is TLS 1.2+. Data at rest on our infrastructure is encrypted via AWS-managed keys. We are not yet SOC 2 / ISO 27001 certified — that's on the roadmap when revenue justifies the audit cost. In the meantime, treat the service as suitable for commercial PFN research and *not yet* suitable for regulated data (PHI, financial PII, etc.).

We'll edit this document in place and bump the "last updated" date at the top. For material changes that expand what we collect, we'll email registered users with the diff before the change takes effect.

ProfitOps Inc.
Email: privacy@profitops.ai (privacy matters)
Email: hello@profitops.ai (everything else)