Privacy Policy
Last updated: May 2026
For any privacy-related questions, contact us at hello@perennial.you.
What We Collect and Why
We collect only what is necessary to deliver your communication fingerprint in form of a system prompt.
1. Email Address
What: Your email address when you initiate an order.
Why: To send you your questionnaire link, processing updates, and your completed system prompt.
Retention: Kept for as long as your order record exists. You may request deletion at any time by emailing hello@perennial.you. Note: By deleting your email you will be disqualified from any future returning customer special offers or bonuses.
2. Questionnaire Responses
What: Your answers to the explicit questions and conversation thread modules in the Perennial.you questionnaire. This includes personal information you choose to share — communication habits, values, professional background, and emotional patterns.
Why: Solely to generate your personalised AI system prompt. Your answers are the input to our processing pipeline and are used for no other purpose.
Retention: Automatically and permanently deleted 30 days after your prompt is delivered. We retain your responses for this window solely to support pipeline redo requests and refund verification. No manual step is required — deletion is automated. You may request earlier deletion by emailing hello@perennial.you; note that doing so will make a pipeline redo impossible.
3. Generated System Prompt
What: The .md file produced by our pipeline and delivered to your email.
Why: This is your product deliverable. After delivery, we retain a server-side copy. You can request this copy if you lost your original one.
Retention: Kept for as long as your order record exists. You may request deletion at any time by emailing hello@perennial.you. Note: By deleting the original .md file you will be disqualified from any future upgrade paths or products that would require the original unedited file.
4. Payment Information
What: We do not collect or store your payment card details. All payment processing is handled by Creem (creem.io), our payment processor and Merchant of Record. When you check out, you are submitting your payment details directly to Creem's systems, not ours.
Why: To process your one-time purchase.
Retention: Governed by Creem's own Privacy Policy, available at creem.io.
5. Technical and Usage Data
What: Basic analytics data — page views, general location (country level), device type — collected via Vercel Analytics.
Why: To understand how the site is used and improve it.
Retention: Aggregated and anonymised. Not linked to individual users.
How We Use Your Data
Your data is used exclusively to:
- Deliver the product you purchased
- Send transactional emails related to your order (questionnaire link, processing status, delivery)
- Handle redo requests and refund requests within their respective windows
- Improve pipeline quality using aggregated, anonymised insights (never individual questionnaire content)
We do not:
- Train AI models on your questionnaire answers
- Sell, rent, or share your personal data with third parties for marketing
- Use your data for any purpose beyond what is described in this policy
- Send marketing emails without your explicit consent
Third-Party Subprocessors
We use the following services to operate the product. Each acts as a data processor under our instruction.
| Service | Role | Data Received | Privacy Info |
|---|---|---|---|
| xAI (Grok) API | Paid AI model API for pipeline processing | Questionnaire content and generated responses during processing. xAI states that API inputs and outputs are not used to train models by default. | xAI Legal, xAI Privacy Policy |
| Supabase | Database (order records, questionnaire responses, generated prompts) | Email, order status, questionnaire responses, generated prompt. Stored encrypted at rest. | supabase.com/privacy |
| Creem | Payment processing (Merchant of Record) | Payment details, email, purchase amount | creem.io/privacy |
| Resend | Transactional email delivery | Your email address, email content | resend.com/privacy |
| Vercel | Website hosting and serverless functions | Anonymised usage data | vercel.com/legal/privacy-policy |
| Inngest | Background job orchestration | Order IDs and status only — never questionnaire content | inngest.com/privacy |
xAI Grok API Processing
Our pipeline uses the paid xAI Grok API for AI processing. Your questionnaire data and generated responses are sent to Grok during processing so the system prompt can be produced. xAI states that API inputs and outputs are not used to train models by default. See the xAI Legal and xAI Privacy Policy pages for details.
Data Security
We apply the following protections to your data:
- All data in transit is encrypted via HTTPS/TLS
- All data at rest in our database is encrypted using AES-256 (Supabase)
- Database access is restricted via Row Level Security — only our server-side processes can read your data
- Questionnaire content is never included in background job event payloads — only order identifiers are passed between systems
- API keys and secrets are stored as environment variables, never in source code
Your Privacy Rights
Regardless of where you are located, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request that inaccurate data be corrected
- Deletion — request that your data be deleted (actioned within 30 days)
- Restriction — request that processing of your data be restricted
- Portability — receive your data in a portable format
- Objection — object to processing of your data
To exercise any of these rights, email hello@perennial.you. We will respond within 30 days.
EEA and UK Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, the GDPR or UK GDPR applies to our processing of your personal data. Our lawful basis for processing is contract performance — we process your data solely to deliver the product you purchased. You have the right to lodge a complaint with your local data protection authority. A directory of EEA supervisory authorities is available at edpb.europa.eu.
California Residents (CCPA)
If you are a California resident, the CCPA gives you the right to know what personal information we collect, the right to request its deletion, and the right to opt out of its sale. We do not sell personal information. Contact hello@perennial.you to exercise your rights.
Data Transfers
Your data may be processed on servers in various countries, including the United States and European Union, by the subprocessors listed above. We rely on each subprocessor's standard contractual protections and certifications for international data transfers.
Changes to This Policy
We will update this policy when our data practices change. The date at the top reflects the most recent revision. Continued use of the service after an update constitutes acceptance of the revised policy. For material changes we will notify users by email where possible.
Contact
Perennial · hello@perennial.you · perennial.you