Privacy Policy

Last Updated: June 2, 2026

Version: 1.4

Privacy at a Glance

  • We collect only what's necessary to provide our AI advisory service
  • Your conversations are stored securely and used to improve your experience
  • Pro users can upload documents — we don't use them to train any AI model
  • Uploaded documents are automatically deleted after 30 days of conversation inactivity
  • We use trusted third-party services (Anthropic, OpenAI, Stripe, Supabase, Vercel, Resend)
  • You can request deletion of your data at any time
  • We never sell your personal information

1. Introduction

Welcome to Schutzduck ("we," "our," or "us"), a product of Schutzworks. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business advisory service.

By using Schutzduck, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you:

  • Create an account: Name, email address, password (securely hashed)
  • Use our service: Messages and conversations with our AI advisor
  • Upload documents (Pro plan): Files you upload for discussion with the AI advisor, including extracted text and embedded images
  • Subscribe: Payment information (processed securely by Stripe)
  • Contact us: Any information in your support requests or feedback

2.2 Automatically Collected Information

When you use our service, we automatically collect:

  • Usage data: Number of messages sent, conversation frequency, feature usage
  • Technical data: IP address, browser type, device information, operating system
  • Timestamps: When you access the service and send messages
  • Conversation metadata: Conversation IDs, message IDs, timestamps

2.3 Information from Third Parties

We may receive information from:

  • Stripe: Payment confirmation and subscription status
  • Authentication providers: If you sign in through third-party services (future feature)

3. How We Use Your Information

We use the information we collect to:

  • Provide our service: Generate AI responses, maintain conversation history, process uploaded documents, and deliver our advisory service
  • Improve our service: Analyze usage patterns, identify bugs, and enhance AI responses
  • Process payments: Handle subscriptions and billing through Stripe
  • Communicate: Send service updates, respond to inquiries, and provide customer support
  • Enforce policies: Monitor for violations of our Terms of Service
  • Comply with legal obligations: Respond to legal requests and prevent fraud
  • Personalize experience: Track usage limits and provide tier-appropriate service
  • Analyze trends: Identify common themes and topics across all conversations (in aggregate, without identifying individual users) to improve our service and inform our communications

4. Third-Party Services

We use trusted third-party services to operate Schutzduck:

Stripe (Payment Processing)

Handles all payment information securely. We never store your full credit card details.

View Stripe Privacy Policy →

Supabase (Database & Authentication)

Stores your account information, conversation history, uploaded documents, consent records, and usage data securely.

View Supabase Privacy Policy →

Anthropic Claude (AI Model for Chat Services & Analysis)

Powers the AI advisory responses for direct conversations AND is used to analyze conversations to improve our service. When you upload a document, extracted text is included in the conversation context sent to Anthropic. If your document contains embedded images (such as charts, diagrams, or screenshots), those images are also sent to Anthropic for visual analysis. When performing aggregate analysis (such as identifying trending topics), conversations are processed without user identifiers. Data sent to Anthropic is not used to train or improve their models. Anthropic may retain API inputs for up to 30 days for safety and abuse monitoring.

View Anthropic Privacy Policy →

OpenAI (Text Embeddings for Knowledge Retrieval)

Used solely to match your questions against our knowledge base. When you send a message, the text is converted into a mathematical representation (an "embedding") to find the most relevant advisory content. Only message text is sent — no user identifiers, account information, conversation history, or uploaded document content. Data is not stored by OpenAI and is not used to train or improve their models.

View OpenAI Privacy Policy →

Vercel (Hosting & Infrastructure)

Hosts and serves the Schutzduck application. As our infrastructure provider, Vercel processes web requests necessary to deliver the service, which includes standard technical data such as IP addresses and request metadata. Vercel does not access conversation content or user account data.

View Vercel Privacy Policy →

Resend (Transactional Email)

Delivers service emails such as policy update notifications and account communications. Your email address is shared with Resend solely for email delivery. Resend does not access conversation content or other account data.

View Resend Privacy Policy →

5. How We Share Your Information

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With third parties that help us operate our service (Stripe, Supabase, Anthropic, OpenAI, Vercel, Resend)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With Your Consent: When you explicitly authorize us to share information
  • Protection: To protect our rights, prevent fraud, or ensure safety

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted is encrypted using SSL/TLS
  • Secure Storage: Data is stored in secure, encrypted databases
  • Access Controls: Limited employee access on a need-to-know basis
  • Password Protection: Passwords are hashed and never stored in plain text
  • Regular Updates: We regularly update our security practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6.1 Data Isolation

Your conversations and uploaded documents are completely isolated and never accessible to other users. Each user's data is stored separately and protected by row-level security controls that prevent cross-user access.

7. Uploaded Documents

Pro plan subscribers can upload documents (PDF, DOCX, PPTX, TXT, and image files) for discussion with the AI advisor. This section explains how uploaded documents are handled.

7.1 What We Store

When you upload a document, we store:

  • The original file in a private, encrypted storage bucket
  • Extracted text from the document for use in your conversation
  • Embedded images (such as charts, diagrams, and screenshots found within PDF, DOCX, and PPTX files) that meet a minimum size threshold, for visual analysis by the AI advisor

7.2 How Documents Are Processed

Extracted text from your document is included in the conversation context sent to Anthropic to generate relevant AI responses. If your document contains embedded images, those images are sent to Anthropic's vision capabilities for analysis. No user identifiers are sent alongside document content — only the content itself, in the context of your conversation.

7.3 Storage Limits

  • Per-file limit: 50 MB maximum file size
  • Per-user limit: 200 MB total storage across all uploaded documents

These limits exist to ensure responsible service operation, not as a billing mechanism.

7.4 Document Retention & Deletion

Uploaded documents are automatically deleted after 30 days of inactivity in the parent conversation. Documents are also deleted when you:

  • Delete the conversation containing the document
  • Delete your account

You do not need to take any action to clean up old documents — the 30-day automatic cleanup handles this for you. Deleted documents may persist in encrypted database backups for up to 7 days.

7.5 No Training Use

We do not use uploaded documents to train any AI model — ours, Anthropic's, OpenAI's, or any other provider's. Anthropic may retain API inputs for up to 30 days for safety and abuse monitoring, but does not use them for training.

7.6 Administrative Access

We do not routinely access uploaded documents. Administrative access to document content is limited to:

  • Explicit user consent (such as a support request where you ask us to review a document)
  • Security incident response
  • Legal compliance obligations
  • Terms of Service enforcement

8. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account Information: Retained while your account is active and for a reasonable period after deletion
  • Conversation History: Retained to improve the service and provide conversation continuity
  • Uploaded Documents: Automatically deleted after 30 days of conversation inactivity, or when the parent conversation or account is deleted (see Section 7.4)
  • Payment Records: Retained for 7 years for legal and tax compliance
  • Usage Analytics: May be retained in aggregated, anonymized form indefinitely
  • Backups: Deleted data may persist in encrypted database backups for up to 7 days

You can request deletion of your data at any time by contacting us at support@schutzduck.com.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a portable format
  • Restriction: Request restriction of processing your information
  • Objection: Object to our processing of your information
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at support@schutzduck.com. We will respond within 30 days.

Note: Some rights may be limited by legal obligations or legitimate business interests.

10. Children's Privacy

Schutzduck is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately at support@schutzduck.com, and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country. By using Schutzduck, you consent to the transfer of your information to the United States and other countries where our service providers operate.

We ensure that such transfers comply with applicable data protection laws and use appropriate safeguards.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, email us at support@schutzduck.com with "CCPA Request" in the subject line.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is your consent and our legitimate business interests in providing and improving our service.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email if the changes are material
  • Post a prominent notice on our service
  • Request your consent if required by law

Continued use of Schutzduck after changes indicates acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Schutzworks
Email: support@schutzduck.com
Website: schutzduck.com

16. Your Consent

By using Schutzduck, you consent to this Privacy Policy and agree to its terms. If you do not agree, please do not use our service.

Questions about this document?

Contact Us