← Back to Home
Privacy Policy
Last Updated: March 11, 2026 | Effective: May 19, 2026
Your Privacy Matters: This Privacy Policy explains how ConversationMine collects, uses, and protects your personal information. We are committed to transparency and GDPR/CCPA compliance.
1. Information We Collect
1.1 Personal Information
When you register or use our services, we collect:
- Account Information: Name, email address, username, password (hashed)
- Payment Information: Credit card details (processed by Stripe, not stored by us)
- Profile Data: Tier level, subscription status, purchase history
- Contact Details: Support requests, feedback submissions
1.2 Usage Data
- IP address, browser type, device information
- Pages visited, features used, time spent on platform
- Crystal ball clicks, content generation requests
- API calls, pattern recognition queries
- Error logs, performance metrics
1.3 Cookies and Tracking
We use cookies for:
- Authentication: Session management (session_token)
- Analytics: Usage patterns, feature adoption
- Preferences: User settings, theme selection
- Security: CSRF protection, fraud detection
2. How We Use Your Information
| Purpose |
Legal Basis |
| Provide and maintain the Service |
Contract performance |
| Process payments and subscriptions |
Contract performance |
| Send transactional emails (receipts, confirmations) |
Contract performance |
| Improve platform features and user experience |
Legitimate interest |
| Prevent fraud and ensure security |
Legitimate interest |
| Comply with legal obligations |
Legal compliance |
| Send marketing communications (with consent) |
Consent |
3. Data Sharing and Disclosure
We do NOT sell your personal data. We share data only with:
3.1 Service Providers
- Stripe: Payment processing
- Railway: Hosting infrastructure
- OpenAI: AI content generation (anonymized)
- SendGrid: Email delivery
3.2 Legal Requirements
We may disclose data when required by law, court order, or to:
- Comply with legal processes
- Protect our rights and safety
- Investigate fraud or security issues
- Enforce our Terms of Service
4. Data Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for all data in transit
- Password Hashing: Werkzeug password hashing (bcrypt)
- Access Controls: Role-based permissions
- Database Security: SQLite with file permissions
- Logging: Audit trails for sensitive operations
However, no system is 100% secure. You are responsible for maintaining the confidentiality of your password.
5. Data Retention
- Active Accounts: Data retained while account is active
- Deleted Accounts: Personal data purged within 30 days
- Transaction Records: Retained for 7 years (legal requirement)
- Logs and Analytics: Anonymized after 90 days
6. Your Privacy Rights
6.1 GDPR Rights (EU Users)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion ("right to be forgotten")
- Portability: Receive data in machine-readable format
- Restriction: Limit processing of your data
- Objection: Object to processing based on legitimate interest
- Withdraw Consent: Opt-out of marketing communications
6.2 CCPA Rights (California Users)
- Know what personal information is collected
- Know if data is sold or disclosed (we don't sell)
- Request deletion of personal data
- Opt-out of data sales (not applicable)
- Non-discrimination for exercising rights
6.3 How to Exercise Rights
Email us at Support Center or use account settings to:
- Update profile information
- Export data (coming soon)
- Delete account
- Manage email preferences
7. Children's Privacy
ConversationMine is not intended for users under 13 years old. We do not knowingly collect data from children. If we learn a child has provided information, we will delete it immediately.
8. International Data Transfers
Data is processed in the United States. If you access the Service from the EU or other regions with data protection laws, your data may be transferred to the US.
EU Users: We rely on Standard Contractual Clauses for lawful data transfers.
9. Third-Party Links
Our Service may contain links to third-party websites (GitHub, HackerOne, USPTO). We are not responsible for their privacy practices. Review their policies before providing any data.
10. Marketing Communications
We may send:
- Transactional Emails: Order confirmations, password resets (cannot opt-out)
- Product Updates: New features, platform improvements
- Marketing Emails: Promotions, offers (opt-in required)
You can unsubscribe from marketing emails anytime via the link in each email.
11. Changes to Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Changes are effective upon posting. We will notify you of significant changes via email or platform notification.
12. Contact Us
For privacy questions or to exercise your rights:
Data Protection Officer: For EU users, contact our DPO for privacy-related inquiries.
© 2026 ConversationMine. All rights reserved. GDPR & CCPA Compliant.