Privacy Policy

Effective date: 17.06.2026

1. Data Controller

2. Personal Data We Collect

When you visit the Site, we may collect the following data:

• —Your name and email address when you sign up or contact us.
• —Your email address when you sign up for product updates or marketing emails, provided with your explicit consent.
• —Billing and payment information when you make a purchase (processed via Stripe).
• —The content you send to the AI assistant: your messages and, in voice mode, your audio. This is processed by the AI providers listed in section 4 to generate responses.
• —If you connect an integration such as Gmail, the data from that service that is needed to provide the feature you use.
• —Technical data such as IP address, browser type, and cookies.
• —Interaction data (e.g., page views, clicks) via tools like Google Analytics.

3. How We Use Your Information

We use your personal information to:

• —Fulfill and manage orders (subscriptions).
• —Provide and operate the AI assistant, including processing your inputs through the third-party AI providers listed in section 4 to generate responses.
• —Provide customer support.
• —Communicate with you about your account and our services.
• —Send you marketing emails about Execution Compass products and updates — only when you have given your explicit consent. You can unsubscribe at any time via the link in every email.
• —Comply with legal obligations.
• —Improve and optimize the Site.

4. Sharing Your Personal Information

We share your data only with third parties (sub-processors) who help us operate the product. Below is who they are, what they receive, and why.

AI providers (to power the assistant)

When you use the AI assistant, the content you send it (your messages, and in voice mode your audio) is processed by these providers solely to generate responses for you.

• —DeepInfra (US): hosts the language models (DeepSeek) that generate the assistant's responses. Receives your text prompts and conversation history.
• —Groq (US): transcribes your speech to text in voice mode. Receives your audio.
• —OpenAI (US): converts the assistant's replies to speech in voice mode, and may also be used as an alternative language-model provider. Receives the relevant text.
• —We may also route assistant requests to other large-language-model providers to deliver or improve the service, currently Anthropic (US) and xAI (US).
• —LangSmith (US): used to debug, trace, and monitor the AI assistant. May receive prompts and responses for troubleshooting.

Infrastructure

• —Supabase (US): our database and authentication. Stores your account, conversations, boards, and settings.
• —Cloudflare (global): hosting, content delivery, and security for our website.
• —Cloudflare Turnstile (global): bot and abuse protection on our forms. Processes challenge data and your IP address.
• —Metered.ca (Canada): STUN/TURN relay servers for voice connectivity. Processes connection and network data (including IP) during voice calls.

Payments

• —Stripe (US): processes payments and manages your subscription. Receives your billing and payment information.

Email and marketing

• —Resend (US): sends transactional emails, such as account and service notifications.
• —Loops (loops.so, US): sends marketing and product-update emails, and stores your email address when you create an account or sign up for updates.
• —Notion (US): stores contact-form submissions (your name, email, and message) when you contact us through the Site.

Analytics

• —Google Analytics 4, with Google Consent Mode (US): measures website traffic and usage, and only after you accept analytics cookies (see section 8).

Integrations you choose to connect

• —Google / Gmail (US): if you connect your Google account, we access your email and related data through Google OAuth, within Google's permitted API scopes, solely to provide the email features you use.

We also use external data APIs for currency exchange rates and asset prices (for example HexaRate, CoinGecko, and Yahoo Finance). These receive only currency or ticker symbols and never your personal data.

We never sell your data to third parties.

5. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• —Your consent.
• —Performance of a contract.
• —Legal obligations.
• —Our legitimate interests (e.g., improving services).

6. Your Rights

As an EU resident, you have the right to:

• —Access your personal data.
• —Request correction or deletion.
• —Object to processing or request restriction.
• —Withdraw consent at any time.
• —Lodge a complaint with a data protection authority.

7. Data Retention

We keep your personal data only for as long as necessary for the purposes described in this policy. In practice: account and content data (including your boards, conversations, and AI inputs) are kept while your account is active and deleted or anonymized when you delete the relevant items or your account, subject to the exceptions below. Billing and transaction records are kept for the period required by tax and accounting law (in Poland, generally five years). Marketing data is kept until you unsubscribe or withdraw consent. We may retain limited data longer where required to comply with a legal obligation, resolve disputes, or enforce our agreements.

8. Cookies and Analytics

The Site uses Google Analytics 4 to measure traffic and understand how visitors use the Site. Analytics and advertising cookies are disabled by default and only activate after you click "Accept all" in the cookie banner shown on your first visit. If you click "Reject", no analytics or advertising cookies are stored — Google may still receive anonymized, cookieless signals (consent mode) that cannot identify you.

You can change your choice at any time by clearing the ec_cookie_consent_v1 entry in your browser's site storage, or by managing cookies through your browser settings.

9. Data Transfers Outside the EU

Most of our service providers are based in the United States, including OpenAI, Groq, DeepInfra, Anthropic, xAI, LangSmith, Supabase, Stripe, Resend, Loops, Notion, and Google. Metered.ca is based in Canada. When your data is transferred outside the European Economic Area, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and, where available, adequacy decisions, so that your data remains protected to EU standards.

10. Data Security

We take reasonable technical and organizational measures to protect your personal data, including encryption in transit, access controls, and the use of reputable infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users as required by law.

11. Children's Privacy

The service is not directed to children. You must be at least 16 years old, or the age required for valid consent to digital services in your country, to create an account. We do not knowingly collect personal data from children below that age. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Automated Decision-Making and AI

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. The AI assistant generates suggestions and content to help you, but you remain in control of any decisions and actions you take. Your inputs to the assistant are processed by the AI providers listed in section 4 to generate responses. We do not use your private content to train our own models.

13. Changes to the Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. Updates will be posted on this page.

14. Contact Us

For any questions or concerns about this Privacy Policy or your data, please contact us at:
contact@executionmasterywithmatt.com