Privacy Policy

The personal data we process may include identification and account data, such as name, account email address, login identifiers, authentication credentials, access tokens, account status, and language or profile preferences.

We process user-submitted content in the application, including text entries, tasks, plans, comments, preferences, export or deletion requests, and other records submitted, created, or associated with use of the service.

We process technical, device, and browsing data, including IP address, browser and device information, timestamps, session identifiers, cookie or local storage identifiers, request metadata, analytics events, and interaction logs from the website, the application, the API, and the MCP endpoint.

We process communications, contact, and support records, including requests sent by email or other contact channels, messages, feedback, issue reports, complaints, and related correspondence.

We receive that data directly from users, automatically from browsers, devices, and client applications, and from service providers acting on our instructions in categories such as infrastructure and hosting, storage, authentication, security, email and communications delivery, model or LLM processing, analytics, measurement, advertising, audience, and support operations.

We process personal data on the basis of contract performance, or steps requested by the user before entering into a contract, to create and administer accounts, authenticate access, synchronize tasks, plans, and other records, process requests made through the website, the API, and the MCP endpoint, use LLM processing where it forms part of the core functionality requested by the user, and maintain the core functionality of the product.

We process personal data on the basis of legitimate interests to operate and protect the website and the service, including service security, fraud prevention, abuse detection, incident response, audit logging, internal documentation, reliability and performance improvement, business continuity, and ordinary handling of service-related communications.

We process personal data on the basis of consent where the relevant processing depends on prior permission required by law, including analytics cookies, measurement tools, advertising trackers, cross-site identifiers, audience technologies, and other non-essential technologies that require consent or equivalent authorization.

We process personal data on the basis of legal obligation where required for regulatory compliance, responses to competent authorities, maintenance of required records, and enforcement of the Terms of Use.

Certain data is required to create and administer accounts, authenticate access, process API or MCP requests, operate the core product functionality, including where that functionality depends on LLM processing of user-submitted inputs and related internal service data flows, meet legal obligations, and respond to support requests. If that data is not provided, relevant features may be unavailable or may function only in a limited manner.

Other data may be provided on an optional basis, including preferences, supplemental content, feedback, and communications that are not necessary for basic use of the service.

Public pages process request metadata needed for delivery, security, operational monitoring, and limited public-page presentation consistency. Where active, a compatible consent-state mechanism may also be stored in the browser so compatible privacy choices can be reapplied on related subdomains.

Public pages also store language preference in the browser so later visits open in the selected locale rather than repeating the same choice flow.

The authenticated product stores account records, work records, and related content in private systems with access controls. Certain core product functions may require LLMs to process user-submitted inputs and related internal service data flows, including task context, instructions, work states, and other records reasonably necessary to generate structure, questions, plans, and other service outputs.

Programmatic access is protected with revocable credentials, and authorization controls are designed so each account can access only its own records unless broader access is expressly granted.

The core service records covered by this policy are stored in the European Union.

Some third-party integrations, including LLM, analytics, measurement, advertising, audience, communications, support, or other operational integrations, may process, receive, or access certain personal data from outside the European Union where that is needed to operate the service or the functionality chosen by the user.

Where applicable law requires it, the relevant cross-border access or transfer arrangements for those integrations should rely on the legal transfer mechanism and corresponding safeguards applicable to that arrangement.

Data and services may migrate between different hosting, storage, security, authentication, advertising, analytics, or infrastructure providers over time. Where those changes materially affect the substance of this notice, the notice will be updated before or when the change takes effect, as required by applicable law.

We disclose personal data to processors and service providers acting on our instructions in categories such as infrastructure and hosting, storage, authentication, security, email and communications delivery, model or LLM processing, analytics, measurement, advertising, audience, operational monitoring, and support operations.

We may also disclose personal data to professional advisers or authorities where disclosure is reasonably necessary for legal, regulatory, security, collection, fraud-prevention, or dispute-resolution purposes.

Relevant records may also be disclosed in connection with a merger, financing, acquisition, corporate reorganization, or sale of assets, subject to appropriate confidentiality obligations and applicable legal safeguards.

The public website uses browser storage mechanisms and cookies, including preference cookies, consent-state and consent-record cookies, functional cookies, analytics cookies, pixels, advertising tags, advertising trackers, persistent identifiers, and cross-site identifiers, to remember language preference, support security, preserve session integrity, enable analytics, measurement, attribution, advertising, audience workflows, support operational monitoring, record consent choices, and, where compatible, reapply consent choices on related subdomains.

These mechanisms may include analytics cookies, advertising trackers, pixels, tags, persistent identifiers, and cross-site or cross-context identifiers used to measure traffic, attribute visits and conversions, support frequency capping, audience matching, targeted or cross-context behavioral advertising, and operational diagnostics. The language-preference and consent-state mechanisms used by the site remain distinct from technical mechanisms that may be strictly necessary for page delivery, security, session integrity, and basic operational diagnostics. Related consent records may also be retained in server-side infrastructure to demonstrate valid choices, respond to requests, and maintain a proportionate audit trail.

Where applicable law requires it, the use of non-essential analytics, measurement, advertising, or audience technologies depends on valid consent or another applicable legal basis. Additional information about those mechanisms and related controls is provided in the Cookie Notice and the Privacy Controls page.

Language preference may remain in browser storage until it is changed or cleared by the user and, where it is also written by the site to a locale-preference cookie, for up to one year unless it is changed or removed earlier. Consent-mirror cookies used to reapply compatible choices on related subdomains, and a pseudonymous identifier used to record consent choices, may remain for up to one year unless changed or removed earlier. Consent audit records may remain in operational storage for up to 90 days and, after monthly export and archiving, in archive storage for up to 12 months unless a different period is required by law or reasonably needed to defend rights. Analytics cookies, advertising trackers, and other persistent or cross-site identifiers may remain for the session or for additional periods defined by the relevant configuration, browser, integrator, or applicable provider unless they are removed earlier. Additional information about types, purposes, controls, and retention is provided in the Cookie Notice.

The website, the application, and related acquisition, activation, or purchase flows may use third-party advertising, measurement, and audience tools.

Those tools may use analytics cookies, local storage, pixels, tags, advertising trackers, persistent identifiers, cross-site identifiers, server-to-server event sharing, and similar technologies to collect or receive data from the browser, device, and interactions with the website, application, related campaigns, or relevant integrations.

Certain categories of personal data processed in connection with the website, the application, or related purchases may also be used for those purposes, including browser or device data, browsing data, signup or purchase status, and, where applicable and appropriately disclosed, user-submitted content or other records associated with use of the service.

The data involved may include browser or device identifiers, IP address, visited URLs, referral data, timestamps, browsing events, conversion events, signup or purchase status, and, where applicable, pseudonymized or hashed identifiers used for audience matching.

That processing may be used for ad delivery, frequency capping, campaign measurement, conversion attribution, fraud prevention, audience building, similar audiences, and targeted or cross-context behavioral advertising.

Where applicable law requires it, advertising, measurement, or audience technologies depend on valid consent or another applicable legal basis before or during their use. Additional disclosures and relevant controls should be made available through the Cookie Notice and the Privacy Controls page as required by applicable law.

pergunta.me may disclose identifiers, browsing data, conversion events, signup or purchase status, and related signals to analytics, advertising, measurement, or audience partners in connection with active website and service operations.

Depending on applicable law and the specific disclosure flow, that processing may qualify as a sale, sharing, targeted advertising, or cross-context behavioral advertising. This policy and the Privacy Controls page should identify the request, objection, or opt-out channels that apply to the configuration then in use.

pergunta.me does not, in the configuration described by this policy, use personal data for decisions based solely on automated processing that produce legal or similarly significant effects on you.

If the service later uses AI, LLMs, or other automated processing to make or significantly influence decisions about users that produce legal or similarly significant effects, the relevant notice, workflow, or product surface should also explain the logic involved in meaningful terms, the significance and likely consequences for the user, and the rights or safeguards available under applicable law, including GDPR Article 22 where it applies.

We implement technical, administrative, and organizational measures designed to protect personal data. No system is completely secure, and no transmission or storage method can be guaranteed to be entirely free from risk.