Privacy Policy

Account information. Email address, display name, and authentication identifiers (e.g., Google OAuth subject) when you sign up.

Content you upload. When you upload a document or image, we extract its text (running OCR on images) and then discard the original file. We store the extracted text and markdown, the original filename, file size, token counts, and any AI-generated output (summary, tags, structured cognitive analysis). The original PDF, DOCX, or image bytes are not retained on our servers. Prompts and modules you create in the Grimoire are stored as text.

Usage data. Aggregated event data about how you use the product — pages visited, features used, token counts processed, success/error rates — for performance and reliability.

Payment metadata. If you subscribe, our payment processor (Stripe) handles card details directly. We receive a customer identifier, subscription status, plan, and billing period — never your card number or CVC.

Device & log data. IP address, browser user-agent, and minimal logs for security and abuse prevention.

• Deliver the Service: store your Vault, run OCR, generate summaries and tags, compute token savings, produce exports.
• Authenticate you and keep your account secure.
• Process payments and manage your subscription.
• Send transactional email (receipts, security alerts, important product changes).
• Detect, prevent, and respond to abuse, fraud, and security incidents.
• Improve the Service through aggregated, de-identified analytics.

We do not sell your data. We do not use the private content of your Vault to train foundation models.

To generate summaries, structured cognitive output, and tags, we send the relevant portions of your content to large language models through the Lovable AI Gateway. Current model providers reached through the gateway include:

• Google (Gemini family)
• OpenAI (GPT family)

These providers process your content as a sub-processor on our behalf and are contractually prohibited from using your content to train their models. We may add or replace providers; the up-to-date list lives on this page.

Your data is stored on Lovable Cloud (built on Supabase / PostgreSQL) with encryption in transit (TLS) and at rest. Row-level security policies scope every record to its owner.

We retain your Vault contents for as long as your account is active. When you delete an item, it’s removed promptly from primary storage and purged from backups within 30 days. If you delete your account, we remove your personal data within 30 days, except where we’re legally required to retain it (e.g., tax records).

We share data only with:

• Sub-processors strictly required to run the Service (hosting, AI gateway, payments, transactional email, error monitoring).
• Legal authorities when required by valid legal process; we’ll push back on overbroad requests.
• A successor entity in the event of a merger, acquisition, or asset sale — with notice to you.

We never sell your personal data to advertisers.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate.
• Delete your data (right to erasure).
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent at any time.
• Lodge a complaint with a data protection authority.

EEA / UK (GDPR): our legal bases are performance of a contract (delivering the Service), legitimate interests (security, anti-abuse, product improvement), consent (where required), and legal obligation.

California (CCPA / CPRA): California residents have the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

To exercise any of these rights, email info@themeansofproduction.press. We’ll respond within 30 days.

We use a small number of strictly necessary cookies for authentication (keeping you signed in) and basic, privacy-respecting analytics for product performance. We do not use third-party advertising or cross-site tracking cookies.

Your data may be processed in the United States and other countries where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect international transfers.

We follow standard industry practice: TLS in transit, encryption at rest, row-level-security scoping every record to its owner, least-privilege access controls for staff, and audit logging. No system is perfectly secure, but we take incidents seriously and will notify affected users promptly if a breach occurs.

The Service is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, email info@themeansofproduction.press and we’ll delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice. The “Last updated” date at the top reflects the most recent revision.

Questions, concerns, or requests about your data? Email info@themeansofproduction.press. We’re a small team and we read every message.