You hand Príncipe confidential material — questions, deck context, your read on a decision. This policy explains exactly what we collect, how it is used, who processes it, and the rights you have over it. Where a guarantee has a limit, we name the limit.

1. Who we are

Príncipe is a synthetic-respondent platform that pressure-tests a security or investment decision against a panel of calibrated, AI-generated expert respondents. When you use the hosted Príncipe service, Príncipe acts as a processor of the content you submit, processing it only on your documented instructions. You are the controller of the content you choose to submit. For privacy questions, contact us at support@principe.cloud.

2. What we collect

Content data

The text of the questions you ask and any materials you attach as context (for example, pitch-deck context). You control what you submit; you should avoid submitting special-category personal data or material you have no right to share.

Account data

The names, work email addresses, and roles of your authorised users — used to operate your account, authenticate requests, and contact you about the service.

Usage metadata

Identifiers, counts, timings, and cost. This is metadata only — never the text of your inputs. The improvement loop that makes Príncipe better sees these numbers, never the content of your questions or decks.

Website analytics

Our marketing site uses a cookieless page-view beacon. The server hashes the visitor IP; we set no cookies and operate no advertising trackers on the site.

3. How we use your data

• To run the panel: your content is assembled into prompts and sent to the model provider so the panel can reason over it, then the derived results are returned and stored.
• To operate, secure, and support the service, and to authenticate your users.
• To improve the product from metadata only — counts, timings, and cost — never from the text of your inputs.
• To meet legal and security obligations.

We do not sell, rent, or repurpose your content, and we never pool it across customers.

4. We do not train on your content

Your content is never used to train any model — not ours, and not the provider's. On the Managed key model, no-training and Zero-Data-Retention are enabled on our model-provider account. On bring-your-own-key, inference runs under your own provider account and terms (see §6).

5. Sub-processors

We use a small set of sub-processors to run the service. We impose data-protection terms on each that are materially equivalent to our own commitments, and we will inform you of intended changes so you have the chance to object.

Paddle is the Merchant of Record for paid subscriptions: it processes your payment, handles tax, and is the seller of record for the transaction. Paddle processes only the billing details needed to take payment — never your panel content. See Paddle's own privacy notice for how it handles payment data.

6. Two key models — you choose

The hosted service offers two ways to run inference:

• Managed (default): content is processed under Príncipe's model-provider account, on which no-training and Zero-Data-Retention are enabled. The provider is a disclosed sub-processor.
• Bring-your-own-key: content is processed under your own model-provider account and terms. For that leg, Príncipe is not the processor — the relationship is between you and your provider.

7. The honest limit

8. Encryption & security

• Encryption in transit (TLS) and at rest (AES-256-GCM) for sensitive fields, including stored credentials.
• Strict tenant isolation — your content is scoped to your firm and never pooled with another customer's.
• Authentication required on every request; least-privilege access; secrets held in a managed store, never in source.
• Access transparency: when a Príncipe operator accesses your content through the application, it is recorded in an access log you can see.

9. Data residency

Your data is stored and processed in the EU. Where any transfer outside the EEA occurs, it is covered by an adequacy decision or by Standard Contractual Clauses with supplementary measures.

10. Retention & deletion

You set how long we keep the raw inputs of each analysis — your question text and any raw notes you submit. After that window, those raw inputs are deleted, while your derived results — the verdict, the objections, the analysis you paid for — are preserved. Reference material you add to your library to ground panels persists as configuration and is removed when you delete it or at account teardown, not on the age schedule.

11. Your rights

Subject to applicable law, you have the right to access, correct, export, restrict, or object to the processing of your personal data, and the right to erasure. You can have your data erased; tenant teardown purges records on request. To exercise any of these rights, email support@principe.cloud. You also have the right to lodge a complaint with your local data-protection authority.

12. Self-hosted & open-source use

Príncipe is also available as open-source, self-hosted software under AGPL-3.0. When you run Príncipe on your own machine under your own API key, your panels and results stay on your machine, no accounts are created, and nothing is sent to us — the only outbound call is to your model provider, under your own key. This Privacy Policy governs the hosted service we operate; the self-hosted edition is governed by what you run.

13. Changes to this policy

We may update this policy as the service evolves. Material changes will be reflected by the "last updated" date above, and we will keep our sub-processor list in sync with the providers we actually use.

14. Contact

Questions, requests, or concerns: support@principe.cloud.