Back to Home

Privacy Policy

Last updated: January 20, 2025

1. Introduction

Perpetual Core ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered operating system service ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

  • Account Information: Email address, name, password, organization details
  • Profile Information: Avatar, bio, preferences, notification settings
  • User Content: Messages, documents, tasks, calendar events, notes, and other content you create or upload
  • Payment Information: Billing address, payment method details (processed securely by Stripe)
  • Communication Data: Support requests, feedback, and correspondence with us

2.2 Automatically Collected Information

We automatically collect certain information when you use the Service:

  • Usage Data: Features used, actions taken, time spent, frequency of use
  • Device Information: IP address, browser type, device type, operating system
  • Log Data: Access times, pages viewed, errors encountered
  • Cookies and Tracking: Session data, preferences, analytics (see Cookie Policy)

2.3 Information from Third Parties

We may receive information from third-party services you connect to the Service:

  • OAuth Integrations: Slack, Zoom, Google Drive, calendar services
  • AI Providers: Usage data from Anthropic Claude, OpenAI GPT-4, Google Gemini
  • Payment Processor: Subscription and payment status from Stripe

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Process your requests, enable features, store your content
  • AI Processing: Send your messages and content to AI providers to generate responses
  • Account Management: Create and maintain your account, authenticate users
  • Billing: Process payments, manage subscriptions, send invoices
  • Communication: Send service updates, security alerts, support responses
  • Improvement: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect fraud, prevent abuse, protect against security threats
  • Legal Compliance: Comply with legal obligations and enforce our terms
  • Analytics: Understand how users interact with the Service to improve user experience

4. How We Share Your Information

4.1 AI Service Providers

When you use AI features, your messages and content are sent to third-party AI providers:

  • Anthropic (Claude): Subject to Anthropic's privacy policy and commercial terms
  • OpenAI (GPT-4): Subject to OpenAI's privacy policy and API terms
  • Google (Gemini): Subject to Google's privacy policy and AI terms

These providers may use your data to provide AI responses but are contractually prohibited from using your data to train their models (for enterprise API usage).

4.2 Service Providers

We share data with trusted service providers who assist in operating the Service:

  • Supabase: Database and authentication services
  • Stripe: Payment processing and subscription management
  • Resend: Email delivery services
  • Twilio: WhatsApp messaging services
  • Analytics Providers: Usage analytics and monitoring

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal requests (subpoenas, court orders)
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud or security issues
  • Enforcement of our Terms of Service

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so (e.g., when connecting integrations like Slack or Google Drive).

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Authentication: Secure password hashing, optional two-factor authentication (2FA)
  • Access Controls: Role-based access, principle of least privilege
  • Infrastructure Security: Regular security audits, vulnerability scanning
  • Monitoring: Intrusion detection, activity logging, security alerts

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Retention periods vary by data type:

  • Account Data: Retained until you delete your account
  • User Content: Retained until you delete it or close your account
  • Usage Logs: Retained for up to 90 days for security and analytics
  • Billing Records: Retained for 7 years for tax and legal compliance
  • AI Conversation History: Retained according to your settings (30-90 days default)

After account deletion, we may retain some information as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

7. Your Rights and Choices

7.1 Access and Portability

You can access and export your data at any time through your account settings. We provide data export in standard formats (JSON, CSV).

7.2 Correction and Deletion

You can update or correct your account information and delete your content through the Service. To delete your account entirely, contact us at privacy@perpetualcore.com.

7.3 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or updating your notification preferences. We will still send transactional emails (e.g., password resets, billing notifications).

7.4 Cookies

You can control cookies through your browser settings. See our Cookie Policy for more information.

7.5 Do Not Track

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for compliance.

8. Regional Privacy Rights

8.1 GDPR (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with supervisory authorities

8.2 CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

8.3 Other Regions

We comply with applicable privacy laws in other jurisdictions. Contact us to exercise your rights under local privacy laws.

9. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete the information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • Adherence to Privacy Shield principles (where applicable)

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last updated" date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@perpetualcore.com

Data Protection Officer: dpo@perpetualcore.com

Address: Perpetual Core, Inc.

We will respond to your request within 30 days (or as required by applicable law).

14. Data Processing Addendum

For enterprise customers who require a Data Processing Addendum (DPA) for GDPR compliance, please contact our legal team at legal@perpetualcore.com.

This Privacy Policy describes how Perpetual Core collects, uses, and protects your personal information. For questions or to exercise your privacy rights, contact us at privacy@perpetualcore.com.