Legal

Privacy Policy

Last updated: March 1, 2026

Overview

Prodiki (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application, website, and related services (collectively, the “Service”).

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide

  • Account information — When you sign up via Google or Microsoft OAuth, we receive your name, email address, and profile image from the OAuth provider
  • Onboarding information — First name, last name, and use case
  • Payment information — Billing details processed through Stripe. We do not store your full credit card number
  • Contact information — Information you submit through our contact form

Information Generated Through Use

  • Product data (stored locally) — Workspaces, artifacts, insights, themes, PRDs. Stored in local SQLite on your device
  • AI usage data — Records of AI operations performed (type, credit cost, timestamps). We do not store content processed by AI
  • Billing records — Subscription status, credit balances, transaction history

Information Collected Automatically

  • Authentication tokens — JWT access and refresh tokens for maintaining your session
  • Basic analytics — Anonymized, aggregated usage metrics. No third-party tracking or advertising
2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — Authenticate your identity, manage your account, process payments, and deliver AI-powered features
  • Process AI requests — Content is sent to the Anthropic API for processing and returned to your local device
  • Manage billing — Track credit usage, process payments, manage your balance
  • Communicate with you — Send account notifications, security alerts, and respond to inquiries
  • Improve the Service — Analyze anonymized usage patterns to fix bugs and improve features
  • Enforce our Terms — Detect and prevent fraud, abuse, or violations

We do not sell your personal information. We do not use your data for advertising. We do not use your content to train AI models.

3. AI Data Processing

How your data is handled when using AI features:

AspectDetail
AI ProviderThird-party AI provider
What is sentContent you choose to process (e.g., transcript text)
Model trainingOur AI provider does not use API customer data to train models
Data retention by providerUp to 30 days for safety monitoring, then deleted
Results storageAI output stored locally on your device only

You control when AI features are used. No content is sent unless you explicitly trigger an AI operation.

4. Data Storage & Security

Where Your Data Lives

Data TypeStorage Location
Product data (workspaces, artifacts, insights, PRDs)Local SQLite database on your device
Account & authentication dataCloud database (encrypted, managed hosting)
Billing & subscription dataCloud database + Stripe
AI usage logsCloud database (metadata only, not content)

Security Measures

  • HTTPS encryption for all data in transit
  • OAuth 2.0 PKCE flow for secure authentication
  • JWT-based session management with short-lived access tokens
  • Stripe PCI-DSS compliance for payment processing
  • Local data remains under your control on your device
5. Data Sharing & Disclosure

We do not sell your personal information. We share data only in limited circumstances:

Service Providers

  • AI provider — AI processing (only content you submit)
  • Stripe — Payment processing and subscription management
  • Google / Microsoft — OAuth authentication
  • Linear — Ticket export (only when you explicitly choose to export)

We may also disclose information if required by law, in business transfers (with notice), or with your explicit consent.

6. Your Rights

For All Users

  • Access — Request a copy of the personal data we hold
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and cloud data
  • Data portability — Your product data is stored locally and always accessible
  • Withdraw consent — Stop using AI features or cancel your account at any time

For EEA/UK Residents (GDPR)

Additional rights to object to processing, restrict processing, and lodge complaints with your local data protection authority.

For California Residents (CCPA)

Rights to know what data is collected, request deletion, and opt out of data sales. We do not sell personal information.

Contact contact@prodiki.io to exercise any rights. We respond within 30 days.

7. Data Retention & Deletion
Data TypeRetention Period
Account dataUntil you delete your account, or 12 months after last activity
Billing records7 years (legal/tax requirement)
AI usage logs12 months
Local product dataUnder your control; remains on your device until you delete it
Contact form submissions12 months

When you request account deletion, cloud data is deleted within 30 days. Billing records may be retained up to 7 years as required by law. Local data is not affected.

8. Cookies & Tracking

The Prodiki desktop application does not use cookies or web tracking. Our marketing website may use essential cookies for basic functionality. No advertising cookies, third-party analytics, or cross-site tracking.

9. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. Contact contact@prodiki.io if you believe a child has provided us with personal data.

10. International Data Transfers

Cloud-stored data may be processed in the United States. For EEA/UK users, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

11. Changes to This Policy

We may update this policy. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.

12. Contact

Prodiki
Email: contact@prodiki.io
Web: prodiki.io/contact