Privacy Policy

We collect the following types of information:

• Personal Information: Name, email address, and account credentials when you register.
• Usage Data: How you interact with our services, including pages visited, features used, and session duration.
• Document Content: Text you submit for AI processing, including drafts, prompts, and writing samples used to build your voice profile.
• Payment Information: Billing details provided during subscription, processed securely by Stripe.

We use the information we collect to:

• Provide Services: Deliver AI-powered writing assistance, voice preservation, and document management.
• Improve AI Quality: Analyze anonymized usage patterns to enhance our AI models and writing suggestions.
• Communicate: Send service updates, security alerts, and optional product announcements.
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access.

PiccoLeap uses AI to analyze your writing style and generate content that matches your voice.

• Voice Profiles: We create and store voice profiles based on your writing samples. These profiles capture stylistic patterns, tone preferences, and vocabulary choices.
• AI Analysis: Your documents are processed by our AI systems (powered by Anthropic) to provide writing suggestions and generate content.
• Data Isolation: Voice profiles are tied to your account and are never shared with other users or third parties.
• No Training: Your content is not used to train general-purpose AI models.

We take the security of your data seriously.

• Infrastructure: Your data is stored on Supabase infrastructure with enterprise-grade security.
• Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
• Access Controls: Strict role-based access controls limit who can access your data within our organization.
• Regular Audits: We conduct regular security assessments and vulnerability testing.

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor.

• We never store your credit card numbers, CVV codes, or full card details on our servers.
• Stripe processes and stores your payment information in compliance with the highest industry security standards.
• You can manage your payment methods and billing history through your account settings.

We use the following third-party services to deliver PiccoLeap:

• Anthropic (Claude AI): Powers our AI writing assistance and voice analysis features.
• Supabase: Provides database hosting, authentication, and file storage infrastructure.
• Stripe: Handles all payment processing and subscription management.

Each provider maintains their own privacy practices and is contractually bound to protect your data.

• Active Accounts: Your data is retained for as long as your account remains active.
• Account Closure: Upon account deletion, all personal data and documents are permanently deleted within 30 days.
• Backups: Encrypted backups may retain data for up to 90 days after deletion before being purged.
• Legal Obligations: We may retain certain data longer if required by law.

You have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Correction: Update or correct inaccurate personal information.
• Deletion: Request permanent deletion of your account and all associated data.
• Export: Download your documents and data in standard formats.
• Restriction: Request that we limit processing of your personal data.

To exercise any of these rights, contact us at privacy@piccoleap.com.

For users in the European Economic Area (EEA):

• Lawful Basis: We process data based on contractual necessity (providing the service), legitimate interest (improving our product), and consent (marketing communications).
• Data Portability: You may request your data in a machine-readable format at any time.
• Right to Erasure: You may request complete deletion of your personal data, subject to legal retention requirements.
• DPO Contact: For GDPR-related inquiries, contact our Data Protection Officer at dpo@piccoleap.com.

PiccoLeap is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time. When we make material changes:

• We will notify you via email or a prominent notice within the service.
• The updated policy will include a new effective date at the top.
• Your continued use of PiccoLeap after changes take effect constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy, contact us at privacy@piccoleap.com.