Privacy Policy

Our Privacy Commitment

Your privacy matters. ImprovoMagic is built with privacy-first principles. We collect only what's necessary, never sell your data, and give you full control.

What Information We Collect

Information You Provide:

• Account Information: Name, email address, password (encrypted)
• Team Data: Team names, member names, roles
• Assessment Data: Your responses to assessment questions
• Payment Information: Handled securely by PayPal (we never see your payment details)

Information We Collect Automatically:

• Usage Data: Pages visited, features used, time spent
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies for authentication (essential only)

How We Use Your Information

We use your data to:

• Provide the Service: Run assessments, generate reports, track progress
• AI Insights: Power personalized recommendations using AI
• Improve ImprovoMagic: Understand how features are used, fix bugs
• Communication: Send account emails, product updates (you can opt out)
• Security: Detect fraud, prevent abuse, protect user accounts

How We Share Your Information

We DO NOT sell your data. Ever.

We share data only in these limited cases:

• Service Providers: Supabase (database), Vercel (hosting), Resend (emails), PayPal (payments) - all under strict contracts
• AI Processing: Claude by Anthropic for generating insights (anonymized when possible, no training on your data)
• Legal Requirements: If required by law or to protect rights/safety
• With Your Consent: Any other sharing requires your explicit permission

Your Privacy Rights (GDPR)

You have these rights:

• Access: See all data we have about you
• Export: Download your data in JSON or CSV format
• Correction: Update incorrect information
• Deletion: Request account and data deletion (30-day grace period)
• Portability: Transfer your data to another service
• Object: Object to certain data processing
• Withdraw Consent: Change your mind about data usage

Exercise these rights from your Privacy Settings page.

Data Security

We protect your data with:

• Encryption: HTTPS for all traffic, bcrypt for passwords
• Access Controls: Role-based permissions, admin-only sensitive operations
• Regular Security Audits: Ongoing monitoring and updates
• Secure Infrastructure: Hosted on enterprise-grade platforms (Supabase, Vercel)

Data Retention

• Active Accounts: We keep your data as long as your account is active
• Deleted Accounts: 30-day grace period, then permanent deletion
• Backups: Encrypted backups retained for 90 days for disaster recovery
• Legal Holds: Data may be retained longer if required by law

Cookies & Tracking

Essential Cookies: Session authentication (required for login)

No Third-Party Tracking: We don't use Google Analytics, Facebook Pixel, or similar tracking scripts

Cloudflare Turnstile: Optional bot protection (privacy-first, no cookies)

Children's Privacy

ImprovoMagic is not intended for users under 18. We don't knowingly collect data from children. If you believe a child has created an account, contact us immediately.

International Data Transfers

Your data is primarily stored in EU data centers (Supabase EU region). If you're outside the EU, your data may be transferred internationally. We ensure adequate protections through standard contractual clauses.

Changes to This Policy

We may update this privacy policy occasionally. We'll notify you of significant changes via email. Continued use after changes means you accept the updated policy.

Contact Us

Questions about your privacy? Contact us:

• Email: ludvig.ahlin@gmail.com
• Data Protection: We take privacy seriously - expect a response within 48 hours
• Location: Sweden 🇸🇪 (EU GDPR applies)

Built with passion, fueled by Swedish coffee, shared with purpose 🚀