Privacy Policy

When you create an account and use the service, we collect:

• Email address — used to identify your account and send the confirmation link at signup.
• Diagnostic answers — your responses to the six Henderson readiness questions, stored so we can save your history and show your progress over time.
• Business context — business model, stage, customer type, and the optional description of what you're building and the outcome you're targeting. Provided voluntarily to personalise your results.
• AI-generated content — the Pro Insights, Action Plans, and framework attributions generated during your sessions are stored against your account.
• Intent statement — the sentence you write when unlocking Pro access.

We do not collect payment information. We do not use analytics tracking cookies or third-party advertising.

We process your data to provide the service you signed up for — running diagnostics, saving your history, and generating personalised coaching content. The lawful basis under GDPR is contract performance: processing is necessary to deliver what you asked for when you created an account.

For optional context fields (product description, business model, etc.) the basis is legitimate interest — you provided this information to improve the quality of your results, and we use it only for that purpose.

We do not sell your data. We share it only with the sub-processors needed to run the service:

• Supabase — our database and authentication provider. Your account data and diagnostic history are stored on Supabase infrastructure (EU and US regions). Supabase is SOC 2 Type II certified. See supabase.com/privacy.
• Google Gemini via Lovable's AI gateway — when you expand a Pro Insight or generate an Action Plan, your diagnostic answers and business context are sent to Google's Gemini model to generate the response. This data is processed under Google's API terms and is not used to train Google's models. See Google's privacy policy.

No other third parties receive your personal data. We do not use third-party analytics (no Google Analytics, no Mixpanel, no Meta Pixel).

Your data is retained for as long as your account is active. You can delete individual diagnostic runs or export all your data at any time from your Account page. To delete your account and all associated data, contact us at productstratagems@gmail.com and we will action it within 30 days.

Under GDPR (and equivalent laws), you have the right to:

• Access your data — available via the Account page (Export as JSON).
• Correct your data — edit your saved context on the Account page.
• Erase your data — delete individual runs on the Account page, or request full account deletion by email.
• Portability — download everything as JSON from the Account page.
• Object or restrict processing — contact us at productstratagems@gmail.com.
• Lodge a complaint — with your local data protection authority if you believe we have mishandled your data.

We will respond to rights requests within 30 days.

We use a single session cookie to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across other websites. We do not use advertising, analytics, or third-party tracking cookies.

If we make material changes to how we collect or use your data, we will notify you by email or with an in-app notice before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

Owner: Product Stratagems
Email: productstratagems@gmail.com