Privacy Policy
Last updated: [DATE]
Notice: the text below is a base template. It must be reviewed by a lawyer and all bracketed fields must be completed before official publication.
1. Data controller
[LEGAL COMPANY NAME], [ADDRESS], contact email: [PRIVACY/DPO EMAIL].
2. Data we collect
- Account data: name, email, organization, role.
- Usage data: decision processes, alternatives, criteria, weights and votes.
- AI interaction data: prompts sent and responses generated.
- Technical data: IP address, browser type, activity logs.
- Billing data: [DESCRIBE — handled by payment provider [PROVIDER NAME]].
3. Processing purposes
Provide and improve the service; manage accounts and subscriptions; compute consensus decisions; run AI deliberation; ensure security and support; and comply with legal obligations.
4. Legal basis
Performance of contract (provision of the service), consent (where applicable), legitimate interest (security and improvement) and legal compliance. [ADJUST PER GDPR OR OTHER APPLICABLE REGULATION].
5. Use of AI providers and third parties
For expert deliberation we use AI model providers [NAME PROVIDERS, e.g. OpenAI/Anthropic]. Data sent to these services is processed under their policies. [INDICATE WHETHER BYOK IS USED AND HOW IT AFFECTS PROCESSING]. Other processors: hosting [HOSTING PROVIDER], analytics [IF APPLICABLE], payments [PROVIDER].
6. Multi-tenant isolation and security
Each organization's data is logically isolated. We apply role-based access control, encryption [IN TRANSIT/AT REST — CONFIRM] and audit logs.
7. Data retention
We retain data while the account is active and for [TERM] after closure, unless a legal obligation requires longer retention.
8. Your rights
Access, rectification, erasure, objection, restriction and portability. To exercise them, write to [EMAIL]. [INCLUDE THE RIGHT TO LODGE A COMPLAINT WITH THE RELEVANT SUPERVISORY AUTHORITY].
9. International transfers
[INDICATE WHETHER TRANSFERS OCCUR OUTSIDE THE USER'S ECONOMIC AREA AND THE SAFEGUARDS APPLIED].
11. Changes to this policy
We will notify material changes through the Platform or by email.
12. Contact
[PRIVACY EMAIL / DPO].