Privacy Policy

1. Information We Collect

Information you provide: Email address, name, account preferences, payment information (processed by our payment provider), and the decisions, reflections, and content you submit through our platform.

Automatically collected: Device type, operating system, browser type, IP address, approximate location (city/country level), usage patterns, feature interactions, session duration, and referring URLs.

Third-party AI processing: To provide our AI-powered analysis, your content is processed by third-party AI providers including OpenAI and/or Anthropic. These providers operate under strict data processing agreements and do not retain your data for their own training purposes. We may change AI providers at our discretion to improve service quality.

2. How We Use Your Information

Service delivery: Your decision data is used to generate your Ethical Intelligence Reports, track your progress, provide personalized insights, and improve your experience.

AI improvement: We use anonymized, aggregated patterns from user interactions to improve our algorithms, train our proprietary AI models, develop new features, and enhance service quality. Your individual data is never used in identifiable form for training purposes. Anonymization includes removing all personal identifiers and aggregating data across multiple users.

Communications: We use your email for transactional messages (receipts, account alerts, security notifications), and with your explicit consent, product updates and educational content.

Legal basis (GDPR): We process data based on: (a) contract performance (providing the Service), (b) legitimate interests (security, fraud prevention, service improvement), (c) consent (marketing communications), and (d) legal obligations (tax, regulatory compliance).

3. Data Security

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your reflections and decision data are stored in isolated, encrypted containers with role-based access controls.

We implement industry-standard security measures including: regular security audits, penetration testing, intrusion detection, secure development practices, and employee security training. Our infrastructure provider maintains SOC 2 Type II compliance.

Breach notification: In the event of a data breach affecting your personal information, we will notify you within 72 hours of discovery via email and, where required by law, notify relevant supervisory authorities.

4. Data Retention

Active accounts: We retain your data for as long as your account is active. Your decision history and reports are retained for the duration of your subscription plus 90 days to allow for reactivation.

Deleted accounts: Upon account deletion request, we delete or anonymize your personal data within 30 days. Some data may be retained for up to 7 years where required by law (tax records, fraud prevention) or for legitimate business purposes.

Specific retention periods:

• Account data: Duration of account + 90 days
• Transaction records: 7 years (legal requirement)
• Server logs: 90 days
• Analytics data: 26 months
• Support communications: 3 years

Anonymized data: Aggregated, anonymized data that cannot identify you may be retained indefinitely for research, statistical analysis, and service improvement.

5. Data Sharing

We never sell your data. We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not participate in data broker networks.

Service providers: We share data with trusted service providers under strict data processing agreements:

• Cloud hosting and infrastructure
• AI processing (OpenAI, Anthropic)
• Payment processing (Stripe)
• Email delivery services
• Analytics (anonymized data only)

Research partnerships: We may share anonymized, aggregated data with academic institutions and AI safety research organizations to advance the field of ethical AI development. This research data:

• Contains no personally identifiable information
• Uses cryptographically hashed identifiers that cannot be reversed
• Cannot be used to re-identify individual users
• Is shared only under strict data use agreements prohibiting re-identification attempts
• Is used solely for legitimate research purposes (AI safety, cognitive science, ethical decision-making)

We carefully vet all research partners and require them to maintain confidentiality and data protection standards equivalent to our own. Research findings may be published in academic papers, but only in aggregate form that cannot identify individuals.

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is subject to a different privacy policy.

Legal requirements: We may disclose data if required by law, valid legal process, or to protect the rights, property, or safety of MultiPerspect, our users, or the public.

6. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

Safeguards: For transfers from the EU/EEA/UK, we rely on: (a) Standard Contractual Clauses approved by the European Commission, (b) adequacy decisions where applicable, and (c) binding corporate rules of our service providers.

By using our Service, you acknowledge and consent to the transfer of your data to these countries.

7. Your Rights

All users: You have the right to access, correct, export, or delete your data at any time through your account settings or by contacting us at privacy@multiperspect.com.

EU/EEA/UK residents (GDPR): You have additional rights including: data portability, right to object to processing, right to restrict processing, right to withdraw consent, and right to lodge a complaint with your local Data Protection Authority.

California residents (CCPA/CPRA): You have the right to: know what personal information we collect and how it's used, request deletion of your data, opt-out of the "sale" or "sharing" of personal information (we do not sell personal information), limit use of sensitive personal information, and non-discrimination for exercising your rights.

Other US states: Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have similar rights. Contact us to exercise your rights under applicable state law.

Response time: We respond to verified requests within 45 days (or 30 days for GDPR requests). Complex requests may require an extension with notice.

8. Children's Privacy

MultiPerspect is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it within 30 days. If you believe a child has provided us with personal information, please contact us immediately at privacy@multiperspect.com.

9. Cookies and Tracking Technologies

Essential cookies: Required for authentication, session management, security, and basic functionality. These cannot be disabled while using the Service.

Analytics cookies: Used (with your consent where required) to understand how users interact with our platform, measure performance, and improve our Service. You can opt-out through your browser settings or our cookie preferences.

Do Not Track: We honor Do Not Track browser signals. When enabled, we limit data collection to essential service functionality.

10. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify you via email and prominent notice on our platform at least 30 days before changes take effect. The "Last updated" date at the top indicates when the policy was last revised. Continued use after the effective date constitutes acceptance. If you disagree with changes, you may delete your account.