Privacy Policy

Personal Information

When you create an account or use our services, we may collect the following personal information:

• Name and email address
• Profile information (optional)
• Payment and billing information
• Company name and workspace details
• Authentication credentials (via OAuth providers)

Usage Data

We automatically collect certain information when you use Contessa:

• IP address and browser information
• Device and operating system details
• Pages visited and features used
• API usage statistics and patterns
• Error logs and performance metrics
• Content models and entries you create

Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings.

We use the information we collect for the following purposes:

• To provide, maintain, and improve our services
• To process your transactions and manage billing
• To authenticate and secure your account
• To communicate with you about updates, features, and support
• To personalize your experience and provide relevant content
• To train and improve our AI models
• To detect, prevent, and address technical issues and fraud
• To comply with legal obligations and enforce our Terms of Service
• To conduct analytics and research to improve our platform

When you use our AI-powered features:

• Your prompts and generated content may be processed by third-party AI providers (e.g., OpenAI, Anthropic)
• We may use anonymized content to improve our AI models and services
• You retain all rights to your content and AI-generated outputs
• We do not sell your content to third parties
• Content is encrypted in transit and at rest

You can opt out of content-based AI model training by contacting us at privacy@contessa.ai. This may limit certain features.

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share data with trusted third-party vendors who help us operate our platform (e.g., AWS, Stripe, email providers)
• Team Members: Within your workspace, authorized team members can access shared content
• Legal Requirements: We may disclose information to comply with laws, regulations, or legal processes
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
• With Your Consent: We may share information when you explicitly authorize us to do so

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Secure infrastructure hosted on AWS with DDoS protection
• Regular backups and disaster recovery procedures
• Employee training on data protection and privacy

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account information: Retained while your account is active
• Content and data: Retained until you delete it or close your account
• Usage logs: Typically retained for 90 days
• Billing records: Retained for 7 years for tax and accounting purposes
• Marketing data: Retained until you unsubscribe

After account deletion, we may retain certain information in anonymized form for analytics or as required by law.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information
• Data Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Restrict Processing: Request limitations on how we use your data
• Object: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@contessa.ai. We will respond within 30 days.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard contractual clauses approved by regulatory authorities
• Compliance with GDPR, CCPA, and other applicable privacy laws
• Data processing agreements with all third-party vendors
• Regular privacy impact assessments

Contessa is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child without parental consent, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@contessa.ai.

Our platform integrates with third-party services that have their own privacy policies:

• OAuth providers (Google, GitHub)
• Payment processors (Stripe)
• AI providers (OpenAI, Anthropic)
• Cloud infrastructure (AWS)
• Analytics tools (if applicable)

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email or through our platform
• Provide a prominent notice on our website

Your continued use of Contessa after changes become effective constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We take privacy concerns seriously and will respond to all inquiries within a reasonable timeframe.