Privacy Policy

1. Who we are

PRD Wizard is operated by AIS Software (“we”, “us”). This Privacy Policy explains how we process personal data when you use our service (the “Service”). We provide services globally.

2. What data we collect

Depending on how you sign in, we may receive:

• Name (Google Sign-In only)
• Email address (Google Sign-In or email sign-up)
• Password (email sign-up only) - stored by Supabase Auth as a cryptographic hashed and salted value. We never store or see your plaintext password.

We do not receive your Google password. We do not intentionally collect sensitive categories of data. If you type personal data into free-text fields, you choose what to provide.

3. Why we use your data (purposes)

• Authenticate you and secure your account.
• Provide core features of the Service (e.g., saving and managing your PRD work).
• Send essential service messages (account, security, legal notices).

4. Legal bases (EEA/UK)

• Contract - to provide the Service you request.
• Legitimate interests - to keep the Service secure and prevent abuse.
• Consent - where required (we do not currently send optional marketing).

5. Service providers & recipients

• Google - Identity provider (Google Sign-In). Shares your name and email with us.
• Supabase - Authentication & application data hosting. Stores account metadata (name, email) and hashed passwords for email sign-ups, plus app content needed to run the Service.

These providers act as processors on our behalf. We do not sell your personal data.

6. International transfers

We operate globally, so your data may be processed in countries outside your own. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) to protect your information.

7. Data retention

We keep your account information while your account is active. If you close your account or request deletion, we delete or anonymize your personal data unless we are required to keep it longer (e.g., legal obligations). Backups may persist for a limited period.

8. Your rights

Depending on your location, you may have rights to request access, correction, deletion, restriction, portability, or to object to certain processing. You can also withdraw consent where processing is based on consent.

To exercise rights, contact ais.software.io@gmail.com. If you are in the EEA/UK, you can complain to your supervisory authority - please contact us first so we can help.

9. Security

We use reasonable technical and organizational measures, including industry-standard authentication, transport encryption, and hashed+salted passwords for email sign-ups via Supabase Auth. No system is 100% secure - please use a strong, unique password and keep it safe.

10. Cookies

We use essential cookies for authentication and session management. For details, see our Cookies Policy.

11. Children

The Service is not directed to children under 16 (or the age required by local law). We do not knowingly collect data from children.

12. Changes to this policy

We may update this Privacy Policy. We’ll post updates here and adjust the “Last updated” date. Material changes may be announced in-app or by email. Continued use after changes constitutes acceptance.

13. Contact

Questions or requests? Email ais.software.io@gmail.com.