← Back

Privacy Policy

Version 2026-06-11

This Privacy Policy explains how Copper Beech AI ("we", "us") collects, uses, and protects your personal data when you use No Probllama (the "Service"). We act as the data controller for this data. We are committed to handling your data in line with the EU/UK General Data Protection Regulation (GDPR).

Who we are

Data controller: Copper Beech AI, Moira, UK. For any privacy question or to exercise your rights, contact us at admin@copperbeechai.com. [If applicable, our Data Protection Officer can be reached at the same address.]

What data we collect

  • Account data: your email address (used to sign you in with a one-time link) and the first and last name you provide.
  • Content you create: projects, problem definitions and chat transcripts, perspectives, survey questions and responses, ideas, votes, plans, and reports.
  • Collaboration data: project memberships, and invitations you send or receive (including the invitee's email address).
  • Consent records: which version of this policy and our terms you accepted, and when.
  • Technical data: session cookies required to keep you signed in, and standard server logs.

How we use your data and our lawful bases

  • To provide the Service (create your account, store and display your content, enable collaboration) — lawful basis: performance of a contract.
  • To send service emails such as sign-in links and project/survey invitations — performance of a contract / our legitimate interest in operating the Service.
  • To process your content with AI to generate summaries, perspectives, and reports — performance of a contract.
  • To keep records of your consent and meet our legal obligations — compliance with a legal obligation.

Sub-processors

We share data with service providers who process it on our behalf under contract:

  • [Supabase] — authentication and database hosting.
  • [Microsoft Azure OpenAI] — AI processing of the content you submit to features that use it.
  • [Resend] — delivery of transactional email.

[Where any sub-processor processes data outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses.] We do not sell your personal data.

How long we keep it

We keep your account and content for as long as your account is active. When you delete your account, your personal data and content are deleted, except records we must retain by law (for example, consent logs) which we keep for [retention period].

Your rights

Under the GDPR you have the right to access a copy of your data, rectify inaccurate data, erase your data, restrict or object to certain processing, and withdraw consent where processing is based on consent. You can exercise the main rights yourself from your account page: export a copy of your data, edit your profile, or permanently delete your account. For anything else, contact us at [privacy@yourdomain.com]. You also have the right to lodge a complaint with your local data protection authority [e.g. the ICO in the UK].

Cookies

We use only the cookies strictly necessary to authenticate you and keep you signed in. We do not use advertising or third-party tracking cookies.

Changes to this policy

If we make material changes, we will update the version and ask you to review and accept the new policy the next time you sign in.