Privacy Policy

Last updated: May 2026

The most-asked question, answered up front

Your data is never used to train AI models. Not by us, not by Anthropic (Claude API), not by OpenAI (the embedding model we use for recall). Every provider in our stack has a contractual no-training guarantee on API inputs. Your business knowledge stays your business knowledge.

The Short Version

We build you a Marketing Brain. The brain is yours. We don't sell your data. We don't share it with advertisers. We don't train AI models on it. You can export it as standard files and take it with you if you ever leave.

We also collect anonymized aggregate signals (with your permission) so the brain gets smarter for businesses like yours. That's the only data of yours we ever combine with anyone else's — and you can opt out at any time.

What We Collect

Account Information

Your email address (for login and communication) and your business domain (for the readiness check). We use magic links — no passwords stored.

Business Information

Information you provide about your business: company name, website URL, industry, goals, and questionnaire answers. This seeds the first version of your Marketing Brain.

Website Scan Data

When you enter your website URL we crawl publicly accessible pages to analyze your tech stack, content, SEO signals, brand colors, and online presence. We only scan what's already public on the internet — no logins, no passwords, no books.

Brand Kit

Logos, brand colors, fonts, voice rules, forbidden patterns, and reference materials you upload. Stored securely and used only to produce on-brand work for your business. The brand kit is part of your brain — yours to keep.

The Brain Itself

Your Marketing Brain has three layers — frozen memory (the persistent map of how your business does marketing), skills (auto-generated playbooks you've approved), and sessions (every conversation you've had with the brain). All three are stored in our database with row-level security so only you can access them.

Conversations

Messages between you and the brain are stored to maintain conversation history and let the brain recall what you've discussed before. Vector embeddings of your messages power semantic recall (“what did we say about Q3 last month?”). The embeddings live alongside your data and are never shared.

Feedback Signals

When you approve a draft, reject one, edit one, or save a workflow as a skill, we capture that signal. It's how the brain learns. Feedback signals are tied to your account and never shared in non-anonymized form.

Payment Information

We use Stripe to process payments. We never see, store, or handle your credit card information. Stripe manages all payment data under their own PCI-compliant infrastructure.

Aggregate Intelligence — Opt-In by Default for Free, Opt-Out for Paid

With your permission, we use anonymized signals from your scans and brain to build vertical-specific benchmarks (e.g., “what marketing patterns work for plumbing businesses in Tampa”). These benchmarks help every customer in a vertical do better marketing — including you.

Free tier: aggregate inclusion is opt-in by default. You can toggle it off any time in your settings or during the lead-capture step.

Paid tiers (Advisor, Pro, Agent): aggregate inclusion is opt-out by default. Paid customers always have the choice — never the obligation — to contribute. You can flip the setting in the dashboard at any time.

Aggregate data is stored against an anonymous ID with no link back to your account in our analytics views. Vertical and geographic tags travel with the anonymous data; identifying information never does. We'll publish a third-party privacy audit before we launch any aggregate-data product (Phase 5).

AI Processing

Your data is processed by the Claude API (Anthropic) for the agent loop, and by OpenAI's embedding API (text-embedding-3-small) for vector recall. Neither provider trains on API inputs.Your data is sent for inference, the response comes back, and the providers don't retain it for training.

What We Don't Do

We don't sell your data to anyone, ever.
We don't share your data with advertisers.
We don't use your data to train AI models.
We don't give third parties access to your business information.
We don't hold your brain hostage. You can export it any time.

Data Storage and Security

Your data lives in Supabase (Postgres + Storage). Every brain table — customer_memory, customer_skills, customer_sessions, customer_messages, customer_feedback — has row-level security keyed to your account, so the database itself enforces that you can only access your own data. All traffic is TLS-encrypted; data at rest is encrypted by Supabase's underlying infrastructure.

Your Rights

Access: You can view all your data in the dashboard at any time.
Export your brain: Skills are exportable as standard agentskills.io files. Brand kit and deliverables export as PDF and Markdown. The brain is yours.
Aggregate opt-out: Toggle off in settings any time. Past anonymized contributions persist; future scans stop contributing immediately.
Delete: You can delete your account and your entire Marketing Brain instantly from Settings → Danger zone. The deletion is immediate, cancels any active subscription, and emails you a confirmation. If you can't reach the dashboard for any reason, email privacy@skolandhati.com and we'll process the request within 30 days as required by GDPR/CCPA.
Portability: Your brand kit, skills, and deliverables are yours to keep — even after cancellation.

Cookies and Tracking

We use first-party cookies that are strictly necessaryfor authentication and session management. Our internal product analytics live in our own database and are tied to your account, not to a third-party tracker. These are always on — the site can't work without them — and they don't require consent under GDPR or CCPA.

We also run Google Analytics 4 for marketing funnel measurement (which pages drive signups, where traffic comes from). GA4 is governed by Google Consent Mode v2 on our site: on first visit, GA4 receives only modeled, anonymized signals until you make a choice in the cookie banner. If you accept, full measurement turns on. If you decline, full measurement stays off. You can change your mind anytime via Cookie preferences in the footer.

We do not enable Google's advertising features by default (no ads personalization, no cross-site retargeting). We don't run Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, or any other third-party trackers. If we add advertising cookies in the future, the “Marketing” toggle in the cookie banner controls them — and we'll re-prompt for consent before any new vendor goes live.

California & EU Residents (CCPA / GDPR)

If you live in California, the EU, or another jurisdiction with comprehensive privacy law, you have the same rights listed above plus a few specific to your jurisdiction: right to know what data we hold about you, right to correct inaccuracies, right to portability (the brain export covers this), and right to delete (Settings → Danger zone covers this). To exercise any of these rights, email privacy@skolandhati.com. We don't sell or share personal information for cross-context behavioral advertising.

Contact

Questions about privacy? Email us at privacy@skolandhati.com. A human reads every message.