Privacy Policy

A77 Inc. ("A77," "we," "us," or "our") operates Bob, a perception intelligence platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Data We Collect

Account Information

When you create an account, we collect your email address, display name, and optional profile details (organization name, phone number, address). This information is necessary to provide our services and manage your account.

Analysis Inputs

Content you submit for analysis, including text, URLs, structured briefs, and uploaded files. We also collect audience parameters, sector selections, and context metadata you provide during the analysis process.

Report Outputs

Perception intelligence reports generated by our platform, including scores, dimensional analyses, recommendations, and evidence sources.

Usage Analytics

We track aggregate usage data such as analysis counts, feature usage, and session metrics. This data does not include personally identifiable information and is used solely for platform improvement and capacity planning.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial data on our servers. We retain only the Stripe customer identifier and subscription status necessary to manage your billing.

2. How We Use Your Data

Analysis Processing

Your analysis inputs are sent to the Anthropic Claude API for processing. Anthropic's API usage policy states that data submitted through the API is not used for model training. We use the API solely to generate your perception intelligence reports.

Platform Improvement

We use anonymized, aggregated metadata (never raw content) to improve our analytical framework, sector profiles, and platform features. Individual analysis content is never shared, sold, or used outside of delivering your reports.

Communication

We may send you transactional emails related to your account (advisory confirmations, export notifications, account changes). We do not send marketing emails without your explicit consent.

3. Data Sharing

We do not sell your personal data or analysis content to third parties. Your data may be shared only in the following limited circumstances:

• Anthropic Claude API for analysis processing (governed by their data processing terms)
• Stripe for payment processing
• As required by law or to protect our legal rights

4. Data Retention

Your data is retained for as long as your account is active. You may export all your data at any time as a JSON file through your account settings. Upon account deletion request, your data will be permanently removed within 30 days.

5. GDPR Compliance (EU/EEA Users)

We comply with the General Data Protection Regulation. Your rights include:

• Right to Access: Export your data via account settings
• Right to Erasure: Delete your account and all associated data
• Right to Portability: Export your data in machine-readable JSON format
• Explicit Consent: We obtain explicit consent during signup for data processing
• Cookie Consent: We use essential cookies only and provide cookie consent controls

Data Subject Access Requests (DSARs) are handled exclusively through the authenticated account settings export feature. We do not process data requests through external channels to prevent unauthorized access.

6. CCPA Compliance (California Residents)

Under the California Consumer Privacy Act, you have the following rights:

• Right to Know: We collect account information, analysis inputs, report outputs, and usage analytics as described above
• Right to Delete: Delete your account through settings to remove all personal data
• Do Not Sell: We do not sell personal information. No opt-out is necessary because we never sell your data

Categories of personal information collected: Identifiers (email, name), commercial information (subscription details), internet activity (usage analytics), and professional information (analysis content).

7. Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication via Supabase, role-based access controls, and rate-limited API endpoints. All sessions are encrypted.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, contact us at privacy@a77inc.com