Percision
Legal

Privacy Policy

Effective dateMay 20, 2026
Last updatedMay 20, 2026
Applicable lawPIPEDA, GDPR, CASL
This Privacy Policy explains how Percision collects, uses, discloses, and safeguards your personal information when you use our platform. We take your privacy seriously. Please read this Policy carefully.

1. Who We Are

Percision (operating at percision.app) is an AI-powered strategic intelligence platform. For the purposes of data protection law, Percision is the data controller of personal information collected through the Platform.

Contact: info@percision.app · percision.app

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: Name, email address, password (hashed), company name, job title, billing address, and any profile information you choose to provide.
  • Payment data: Payment is processed by Stripe, Inc. We receive and store only a tokenized payment reference, last four digits of the card, card type, and billing postal code. We never store full card numbers, CVV, or bank account details.
  • Business input data: Information you enter into the Platform, including business descriptions, financial data, strategic objectives, market data, and any other content you submit for analysis ("Input").
  • Communications: Emails, support requests, feedback, and other messages you send to us.
  • AI Agent data: If you use our AI Agent or email agent features, we process the content, recipients, and configuration of AI-generated communications subject to your human-in-the-loop (HITL) approval.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, run history, timestamps, session duration, and feature interactions.
  • Device & technical data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.
  • Log data: Server logs recording requests, errors, and system events, retained for security and debugging purposes.
  • Cookies and similar technologies: See Section 9.

2.3 Information from Third Parties

We may receive information about you from third parties including authentication providers (if you sign in via OAuth), payment processors confirming transaction status, and analytics providers.

3. How We Use Your Information

We use personal information for the following purposes:

  • Providing the Platform: Creating and managing your account, processing payments, generating analysis outputs, and delivering all Platform features.
  • Improving the Platform: Understanding usage patterns, diagnosing technical issues, and developing new features. We do not use your Input to train AI models without your explicit written consent.
  • Communications: Sending transactional emails (account confirmation, billing receipts, password resets), product updates, and, where you have provided consent, promotional communications.
  • Security & fraud prevention: Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other illegal activity.
  • Legal compliance: Meeting our obligations under applicable law, including responding to lawful government requests.
  • Business operations: Internal analytics, financial reporting, and exercising our legal rights.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Platform services you have requested, including account management, running analyses, and processing payments.
  • Legitimate interests (Art. 6(1)(f) GDPR): Improving the Platform, detecting fraud, sending direct marketing to existing customers about similar services (where permitted), and enforcing our legal rights. We have conducted legitimate interest assessments balancing our interests against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c) GDPR): Compliance with applicable laws, tax obligations, and responding to lawful government requests.
  • Consent (Art. 6(1)(a) GDPR): Sending promotional communications to new contacts, setting non-essential cookies, and any other processing for which we have specifically requested and obtained your consent. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

5. Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share personal information only in the following circumstances:

  • Service providers: Third-party vendors who process data on our behalf (see Section 6) under data processing agreements that restrict their use of your data.
  • Business transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
  • Legal requirements: When required by law, court order, regulatory body, or governmental authority. We will attempt to notify you before disclosing, unless prohibited by law or in urgent circumstances.
  • Protection of rights: When we believe disclosure is necessary to protect the rights, property, or safety of Percision, our users, or the public.
  • With your consent: For any other purpose with your prior written consent.

6. Third-Party Sub-Processors

We use the following categories of sub-processors to operate the Platform. All sub-processors are bound by data processing agreements compliant with GDPR requirements:

  • Stripe, Inc. — Payment processing. Data residency: USA. Stripe Privacy Policy: stripe.com/privacy.
  • Anthropic, PBC / OpenAI, L.L.C. / Google LLC — AI inference and LLM API processing. Input data is processed to generate Output and is not used by these providers to train models without separate agreement. Data residency: USA.
  • Cloudflare, Inc. — Website hosting, CDN, DDoS protection, DNS, and email routing. Data residency: USA/Global.
  • Google LLC (Google Drive, Workspace) — Internal document storage and operational purposes only. Data residency: USA/Global.
  • Gamma.app — PDF deck generation from analysis output. Data residency: USA.

You may request a current list of sub-processors by emailing info@percision.app. We will notify you of material changes to our sub-processor list.

7. International Data Transfers

Percision operates primarily from Canada. Your personal data may be transferred to and processed in the United States and other countries where our sub-processors operate. These countries may have data protection laws different from those in your jurisdiction.

For transfers from the EEA, UK, or Switzerland to countries not recognized as providing adequate protection, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission or equivalent transfer mechanisms. Copies of applicable SCCs are available on request.

By using the Platform, you acknowledge and consent to such international transfers subject to the safeguards described herein.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements:

  • Account data: Retained for the duration of your account plus 3 years following account closure, unless longer retention is required by law.
  • Payment records: Retained for 7 years to comply with tax and accounting obligations.
  • Analysis Input and Output: Retained for the duration of your account. If your account is closed, Input and Output are deleted within 90 days, subject to any legal hold.
  • Server logs: Retained for up to 12 months for security and debugging purposes.
  • Marketing consent records: Retained for the duration of our relationship plus 3 years to demonstrate compliance.
  • Communications: Retained for 3 years following the last communication, or longer if legally required.

When retention periods expire, data is securely deleted or anonymized so it can no longer be associated with you.

9. Cookies & Similar Technologies

9.1 Essential Cookies. We use strictly necessary cookies required for the Platform to function, including session authentication cookies and security tokens. These cookies cannot be disabled without disrupting the Platform.

9.2 Analytics Cookies. We may use analytics tools to collect aggregated usage data to improve the Platform. Where required by law, we obtain your consent before setting non-essential cookies.

9.3 No Third-Party Advertising Cookies. We do not use third-party advertising networks or tracking pixels for behavioral advertising purposes.

9.4 Managing Cookies. You can control cookies through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly. For more information, see your browser's help documentation.

10. Security

We implement commercially reasonable technical and organizational security measures, including:

  • TLS/HTTPS encryption for all data in transit;
  • Encryption of sensitive data at rest;
  • Access controls limiting personal data access to authorized personnel on a need-to-know basis;
  • Regular security assessments and monitoring;
  • Incident response procedures.

No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that creates a risk to your rights and freedoms, we will notify affected individuals and applicable authorities as required by law, within 72 hours of becoming aware of the breach (for GDPR-covered incidents).

11. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Right of Access Request a copy of the personal data we hold about you.
Right to Rectification Request correction of inaccurate or incomplete personal data.
Right to Erasure Request deletion of your personal data, subject to legal retention obligations.
Right to Restriction Request restriction of processing while a dispute is resolved.
Right to Portability Receive your data in a structured, machine-readable format.
Right to Object Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent Withdraw consent at any time where processing is consent-based.
Right to Complain Lodge a complaint with your applicable supervisory authority.

To exercise any of these rights, submit a written request to info@percision.app. We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing requests. We will not discriminate against you for exercising these rights.

PIPEDA (Canada): Canadian residents may access or correct personal information held about them and may file complaints with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

GDPR (EEA/UK): EEA and UK residents may lodge complaints with their local data protection authority.

12. CASL — Commercial Electronic Messages

For users in Canada, our commercial electronic messages (promotional emails) are governed by Canada's Anti-Spam Legislation (CASL). We only send commercial electronic messages to you with your express or implied consent, and we include an unsubscribe mechanism in every such message. You may unsubscribe at any time by clicking the "Unsubscribe" link in any promotional email or by emailing info@percision.app. Unsubscribe requests are processed within 10 business days.

13. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately at info@percision.app and we will promptly delete it.

14. Third-Party Links

The Platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of third parties.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Policy at percision.app/privacy.html with a new "Last Updated" date, and by sending notice to your registered email address at least 14 days before the changes take effect. Your continued use of the Platform after the effective date of any update constitutes acceptance of the revised Policy.

16. Contact Us & Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy complaints promptly and fairly. If you are not satisfied with our response, you have the right to lodge a complaint with your applicable data protection authority.