Privacy Policy

We collect several types of information from and about users of our Service:

1.1 Information You Provide Directly

• Account Information: Email address used for authentication and communication
• Profile Information: Your name, social media handles, profile URLs, and bio content when you choose to provide them
• Positioning Data: Your positioning statement, enemy belief, content pillars, audience promise, and related strategic content
• Payment Information: Billing details processed through our third-party payment providers (we do not store full payment card details)
• Communications: Messages you send to us through email or support channels

1.2 Information Collected Automatically

• Device Information: Browser type, operating system, device identifiers, and screen resolution
• Log Data: IP address, access times, pages viewed, and referring URLs
• Usage Data: How you interact with our Service, features used, and actions taken
• Cookies and Tracking: Session cookies and similar technologies for authentication and analytics

1.3 Information from Third Parties

• Social Media Data: When you connect your X (Twitter) or other social accounts, we may access your public profile information, posts, and engagement metrics as authorized by you
• Payment Providers: Transaction confirmations and subscription status from our payment processors

We use the information we collect for the following purposes:

2.1 Providing the Service

• Generate your Recognition Score and positioning analysis
• Create and manage your locked position
• Generate bios, content angles, and other outputs
• Track drift detection and positioning consistency
• Process payments and manage subscriptions

2.2 Improving the Service

• Analyze usage patterns to improve features and user experience
• Develop new features based on user needs
• Debug technical issues and optimize performance
• Conduct research and analysis (using aggregated, anonymized data)

2.3 Communications

• Send transactional emails (account verification, password reset, receipts)
• Notify you about changes to our Service or Terms
• Respond to your inquiries and support requests
• Send marketing communications (only with your consent, and you can opt out anytime)

2.4 Security and Compliance

• Protect against unauthorized access and fraud
• Enforce our Terms of Service
• Comply with legal obligations

We do not sell your personal information. We may share your information only in the following circumstances:

3.1 Service Providers

We work with third-party companies that help us provide and improve our Service. These providers only have access to the information necessary to perform their functions and are contractually obligated to protect your data:

• Payment Processors: Stripe, Paddle, and LemonSqueezy for payment processing
• Hosting Providers: Cloud infrastructure services for data storage and delivery
• AI Services: Language model providers for generating scores, bios, and content angles (data is processed but not retained by these providers)
• Analytics: Services that help us understand usage patterns (using anonymized data where possible)
• Email Services: For sending transactional and marketing emails

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, government request)
• Protect our rights, privacy, safety, or property
• Protect against legal liability
• Investigate suspected fraud or violations of our Terms

3.3 Business Transfers

If PersonaOS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Secure Storage: Sensitive data is encrypted at rest using industry-standard encryption
• Access Controls: Strict access controls limit who can access your data within our organization
• Security Headers: We implement security headers including HSTS, X-Frame-Options, and CSP
• Regular Audits: We regularly review and update our security practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period afterward
• Recognition Scores: Retained indefinitely to enable progress tracking and comparison
• Positioning Data: Retained while your account is active; locked positions are preserved during the lock period
• Payment Records: Retained as required by financial and tax regulations (typically 7 years)
• Log Data: Retained for up to 90 days for security and debugging purposes

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

Depending on your location, you may have the following rights regarding your personal information:

6.1 Access and Portability

You can request a copy of the personal information we hold about you. We will provide this in a commonly used, machine-readable format.

6.2 Correction

You can update or correct inaccurate personal information through your account settings or by contacting us. Note: Locked positioning data cannot be modified during the lock period.

6.3 Deletion

You can request deletion of your account and personal information. We will process your request within 30 days, subject to any legal retention requirements.

6.4 Opt-Out

• Marketing Emails: You can unsubscribe from marketing emails using the link in each email
• Cookies: You can manage cookie preferences through your browser settings

6.5 Do Not Track

Our Service does not currently respond to “Do Not Track” signals. However, you can manage tracking through your browser settings.

To exercise any of these rights, please contact us at hello@personaos.xyz

We use cookies and similar tracking technologies to:

• Authenticate users and maintain sessions
• Remember your preferences and settings
• Analyze usage patterns and improve our Service
• Measure the effectiveness of our marketing

Types of Cookies We Use

PersonaOS is based in the United States. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws different from those in your country. By using our Service, you consent to the transfer of your information to these countries.

We take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy, including using Standard Contractual Clauses where applicable.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal data based on:

• Contract: To provide the Service you've requested
• Consent: For marketing communications and optional features
• Legitimate Interests: For analytics, security, and improving our Service
• Legal Obligation: For compliance with applicable laws

Additional Rights

• Right to object to processing based on legitimate interests
• Right to restrict processing in certain circumstances
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we've collected
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Information Collected

In the past 12 months, we have collected:

• Identifiers (email address, name, IP address)
• Commercial information (purchase history, subscription status)
• Internet activity (browsing history, usage data)
• Professional information (job title, company, if provided)

To exercise your CCPA rights, please contact us at hello@personaos.xyz

PersonaOS is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@personaos.xyz

Our Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services.

We encourage you to review the privacy policies of any third-party services you access through our Service. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the “Last updated” date at the top of this page
• Sending an email notification for significant changes (if you have an account)

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.