Privacy Policy

1. Introduction

Product Sanctum ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at productsanctum.com (the "Service").

2. Information We Collect

Account Information: When you create an account via Google OAuth, we collect your name, email address, and profile picture from your Google account.

Content You Create: This includes briefs, stories, practice session responses, conversation messages, and other materials you generate through the Service.

Usage Data: We collect information about how you interact with the Service, including pages visited, features used, session duration, and AI interaction patterns.

Technical Data: Browser type, device information, IP address, and similar technical identifiers collected automatically.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Personalize your experience with context-aware AI coaching
• Carry context between modules (brief injection) to improve preparation quality
• Send transactional emails (account updates, billing)
• Monitor usage for rate limiting and cost management
• Detect and prevent fraud or abuse

4. AI and Your Content

Your personal content (conversations, briefs, stories) is processed by our AI provider to deliver coaching responses. Your content is never used to train AI models. We do not sell or share your personal information.

With your consent, anonymized and aggregated question patterns may be used to improve company intelligence data. You can opt out of this aggregation in your Settings at any time. Personal content is never included in aggregated data.

5. Data Retention

Conversation messages are retained for 90 days after creation, then automatically deleted. Briefs, stories, and account data are retained for the life of your account. Inactive accounts (no login for 18 months) will receive a 30-day warning email before deletion.

6. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your data
• Opt out of anonymized data aggregation

To exercise these rights, visit your Settings page or contact us at [email protected].

7. Sub-processors

We use third-party services to operate the platform. See our Sub-processor List for details.

8. Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest for sensitive data (AES-256 for API keys), and regular security reviews.

9. Changes to This Policy

We will provide 30 days notice before making material changes to this Privacy Policy. Continued use of the Service after changes take effect constitutes acceptance.

10. Contact

For privacy-related questions, contact us at [email protected].