Privacy Policy

1. Information we collect

Placeholder — see docs/legal-prep.md.

• Account info (email, name, password hash)
• Profile data (display name, avatar)
• IP address + device/browser info
• User-generated 3D scenes + layouts
• Inspiration images uploaded for AI features
• Free-text inputs to AI chat / agent features
• Voice recordings (transient — not stored)
• Lead-form submissions (B2B sales pipeline)
• Cookies + analytics (auth session, PostHog)

2. How we use your information

Placeholder — operate the service, AI features, transactional email, analytics, abuse prevention, product improvement.

3. Legal bases (GDPR)

Placeholder — performance of contract, legitimate interests, consent (where required), legal obligation.

4. Sub-processors and third parties

Placeholder — full table in the rendered policy.

5. International data transfers

Placeholder — primary storage US, PostHog EU, SCCs in place with vendors handling EU data.

6. Data retention

Placeholder — account data: until deletion + 30 days. Logs / IP: 90 days. Voice: transient.

7. Your rights

Placeholder — access, correction, deletion, portability, objection, consent withdrawal, complaint to a DPA.

8. Cookies and similar technologies

Placeholder — auth session, PostHog analytics, future signed-asset cookies.

9. Children

apateo is for users 18 and over. We do not knowingly collect information from anyone under 18.

10. California (CCPA/CPRA) rights

Placeholder — categories collected, do-not-sell, sensitive PI.

11. Security

Placeholder — encryption at rest + in transit, scoped access, ongoing review.

12. Changes to this policy

We'll notify you by email and an in-app banner at least 30 days before material changes take effect.

13. Contact

Questions about this policy: hello@apateo.dev.