Privacy Policy

The personal data we process may include identification and account data, such as name, account email address, login identifiers, authentication credentials, access tokens, account status, and language or profile preferences.

When you choose to authenticate through a third-party identity provider (social login), we receive identification and authentication data that the provider makes available, which may include email address, name, provider identifier, and access token.

We process user-submitted content in the application, including text entries, tasks, plans, comments, preferences, export or deletion requests, and other records submitted, created, or associated with use of the service.

We process knowledge items, attached links and documents, and related extracted content, chunks, and embeddings generated for assisted support.

We process execution and planning preferences, such as available time, preferred work block length, and energy context.

We process notification preferences, endpoint subscriptions, and delivery records.

We process voice input and transcription data when you choose to use the microphone input feature.

We process image, photo, and other file attachments that you attach to tasks, including the file content, the file name, and basic attachment metadata. When you choose to use camera capture or equivalent features to suggest a task, image bytes may be submitted to a vision-capable LLM processor to generate the suggestion.

We process accessibility telemetry data when you consent to that processing.

We process service-usage and quota records as a per-call event ledger linked to your account, including the call source, the provider, the model, input and output token counts, the provider-cost value, the related currency, and structured operational metadata for each call generated when model- or LLM-assisted features run for your account.

We process progressive-suggestion telemetry linked to the account, including identifiers of the suggestion variants shown, variant key, a coarse cohort label, the measurement window date, and counts of suggestion outcomes such as shown, accepted, dismissed, reverted, or negative.

We process subscription, plan, billing, and payment-status data linked to the account, including customer, subscription, product, and period identifiers provided by the payment processor, subscription status, paid-period start, renewal, or end dates, and limited transaction references needed to operate the plan and reconcile billing.

We process technical, device, and browsing data, including IP address, browser and device information, timestamps, session identifiers, cookie or local storage identifiers, request metadata, analytics events, and interaction logs from the website, the application, the API, and the MCP endpoint.

We process communications, contact, and support records, including requests sent by email or other contact channels, messages, feedback, issue reports, complaints, and related correspondence.

We receive that data directly from users, automatically from browsers, devices, and client applications, and from service providers acting on our instructions in categories such as infrastructure and hosting, storage, authentication, security, email and communications delivery, model or LLM processing (including image and vision processing), payment processing, billing and merchant of record services, analytics, measurement, advertising, audience, and support operations.

We process personal data on the basis of contract performance, or steps requested by the user before entering into a contract, to create and administer accounts, authenticate access, synchronize tasks, plans, and other records, process requests made through the website, the API, and the MCP endpoint, use LLM processing where it forms part of the core functionality requested by the user, manage subscriptions, paid plans, billing, renewals, and termination of contracted services, and maintain the core functionality of the product.

We process personal data on the basis of legitimate interests to operate and protect the website and the service, including service security, fraud prevention, abuse detection, incident response, audit logging, internal documentation, reliability and performance improvement, business continuity, enforcement and measurement of plan quotas and usage limits, evaluation, improvement, and selection of progressive-suggestion variants based on impression and outcome telemetry, and ordinary handling of service-related communications.

We process personal data on the basis of consent where the relevant processing depends on prior permission required by law or where the feature is optional, including analytics cookies, measurement tools, advertising trackers, cross-site identifiers, audience technologies, and other non-essential technologies that require consent or equivalent authorization, as well as optional LLM-assisted features (including photo- or vision-based task suggestions), voice input processing, and accessibility telemetry.

We process personal data on the basis of legal obligation where required for regulatory compliance, responses to competent authorities, maintenance of required records, and enforcement of the Terms of Use.

Certain data is required to create and administer accounts, authenticate access, process API or MCP requests, operate the core product functionality, including where that functionality depends on LLM processing of user-submitted inputs and related internal service data flows, manage paid-plan subscriptions, meet legal obligations, and respond to support requests. If that data is not provided, relevant features may be unavailable or may function only in a limited manner.

Other data may be provided on an optional basis, including preferences, supplemental content, feedback, photos or other files attached to tasks, and communications that are not necessary for basic use of the service.

The use of optional features, such as voice input, certain LLM-assisted features, photo- or vision-based task suggestions, and accessibility telemetry, depends on explicit consent and is not required for basic service operation.

Public pages process request metadata needed for delivery, security, operational monitoring, and limited public-page presentation consistency. Where active, a compatible consent-state mechanism may also be stored in the browser so compatible privacy choices can be reapplied on related subdomains.

Public pages also store language preference in the browser so later visits open in the selected locale rather than repeating the same choice flow.

The authenticated product stores account records, work records, and related content in private systems with access controls, including photos and other files attached to tasks, kept as private attachments under the same per-account access rules. Authentication may be performed directly or through third-party identity providers (social login), subject to those providers’ own privacy policies and terms of use. Certain core product functions may require LLMs to process user-submitted inputs and related internal service data flows, including task context, instructions, work states, and other records reasonably necessary to generate structure, questions, plans, and other service outputs. When you choose to use camera capture or equivalent features to suggest a task, image bytes may be transmitted to a vision-capable LLM processor to generate the suggestion.

Paid plans are processed through a third-party payment processor that operates as merchant of record for checkout, recurring billing, customer portal, receipts, and refunds. Full payment-instrument data is handled by that processor and is not stored in pergunta.me’s own systems beyond the customer, subscription, product, and period identifiers, the subscription status, and limited transaction references needed to operate the plan and reconcile billing.

Programmatic access is protected with revocable credentials, and authorization controls are designed so each account can access only its own records unless broader access is expressly granted.

The core service records covered by this policy are stored in the European Union.

Some third-party integrations, including LLM integrations (including image and vision processing), payment processing, billing and merchant of record services for paid plans, analytics, measurement, advertising, audience, communications, support, or other operational integrations, may process, receive, or access certain personal data from outside the European Union where that is needed to operate the service or the functionality chosen by the user.

Where applicable law requires it, the relevant cross-border access or transfer arrangements for those integrations should rely on the legal transfer mechanism and corresponding safeguards applicable to that arrangement.

Data and services may migrate between different hosting, storage, security, authentication, advertising, analytics, or infrastructure providers over time. Where those changes materially affect the substance of this notice, the notice will be updated before or when the change takes effect, as required by applicable law.

We disclose personal data to processors and service providers acting on our instructions in categories such as infrastructure and hosting, storage, authentication, security, email and communications delivery, model or LLM processing (including image and vision processing), payment processing, billing and merchant of record services for paid plans, analytics, measurement, advertising, audience, operational monitoring, and support operations.

We may also disclose authentication data to identity or social login providers when you choose to authenticate through them, as well as to authorized third-party clients through the OAuth server, within the limits of the scope approved by you.

We may also disclose personal data to professional advisers or authorities where disclosure is reasonably necessary for legal, regulatory, security, collection, fraud-prevention, or dispute-resolution purposes.

Relevant records may also be disclosed in connection with a merger, financing, acquisition, corporate reorganization, or sale of assets, subject to appropriate confidentiality obligations and applicable legal safeguards.

The public website uses browser storage mechanisms and cookies, including preference cookies, consent-state and consent-record cookies, functional cookies, analytics cookies, pixels, advertising tags, advertising trackers, persistent identifiers, and cross-site identifiers, to remember language preference, support security, preserve session integrity, enable analytics, measurement, attribution, advertising, audience workflows, support operational monitoring, record consent choices, and, where compatible, reapply consent choices on related subdomains.

These mechanisms may include analytics cookies, advertising trackers, pixels, tags, persistent identifiers, and cross-site or cross-context identifiers used to measure traffic, attribute visits and conversions, support frequency capping, audience matching, targeted or cross-context behavioral advertising, and operational diagnostics. The language-preference and consent-state mechanisms used by the site remain distinct from technical mechanisms that may be strictly necessary for page delivery, security, session integrity, and basic operational diagnostics. Related consent records may also be retained in server-side infrastructure to demonstrate valid choices, respond to requests, and maintain a proportionate audit trail.

Where applicable law requires it, the use of non-essential analytics, measurement, advertising, or audience technologies depends on valid consent or another applicable legal basis. Additional information about those mechanisms and related controls is provided in the Cookie Notice and the Privacy Controls page.

Language preference may remain in browser storage until it is changed or cleared by the user and, where it is also written by the site to a locale-preference cookie, for up to one year unless it is changed or removed earlier. Consent-mirror cookies used to reapply compatible choices on related subdomains, and a pseudonymous identifier used to record consent choices, may remain for up to one year unless changed or removed earlier. Consent audit records may remain in operational storage for up to 90 days and, after monthly export and archiving, in archive storage for up to 12 months unless a different period is required by law or reasonably needed to defend rights. Analytics cookies, advertising trackers, and other persistent or cross-site identifiers may remain for the session or for additional periods defined by the relevant configuration, browser, integrator, or applicable provider unless they are removed earlier. Additional information about types, purposes, controls, and retention is provided in the Cookie Notice.

The website, the application, and related acquisition, activation, or purchase flows may use third-party advertising, measurement, and audience tools.

Those tools may use analytics cookies, local storage, pixels, tags, advertising trackers, persistent identifiers, cross-site identifiers, server-to-server event sharing, and similar technologies to collect or receive data from the browser, device, and interactions with the website, application, related campaigns, or relevant integrations.

Certain categories of personal data processed in connection with the website, the application, or related purchases may also be used for those purposes, including browser or device data, browsing data, signup or purchase status, and, where applicable and appropriately disclosed, user-submitted content or other records associated with use of the service.

The data involved may include browser or device identifiers, IP address, visited URLs, referral data, timestamps, browsing events, conversion events, signup or purchase status, and, where applicable, pseudonymized or hashed identifiers used for audience matching.

That processing may be used for ad delivery, frequency capping, campaign measurement, conversion attribution, fraud prevention, audience building, similar audiences, and targeted or cross-context behavioral advertising.

Where applicable law requires it, advertising, measurement, or audience technologies depend on valid consent or another applicable legal basis before or during their use. Additional disclosures and relevant controls should be made available through the Cookie Notice and the Privacy Controls page as required by applicable law.

pergunta.me may disclose identifiers, browsing data, conversion events, signup or purchase status, and related signals to analytics, advertising, measurement, or audience partners in connection with active website and service operations.

Depending on applicable law and the specific disclosure flow, that processing may qualify as a sale, sharing, targeted advertising, or cross-context behavioral advertising. This policy and the Privacy Controls page should identify the request, objection, or opt-out channels that apply to the configuration then in use.

pergunta.me does not, in the configuration described by this policy, use personal data for decisions based solely on automated processing that produce legal or similarly significant effects on you.

If the service later uses AI, LLMs, or other automated processing to make or significantly influence decisions about users that produce legal or similarly significant effects, the relevant notice, workflow, or product surface should also explain the logic involved in meaningful terms, the significance and likely consequences for the user, and the rights or safeguards available under applicable law, including GDPR Article 22 where it applies.

We implement technical, administrative, and organizational measures designed to protect personal data. No system is completely secure, and no transmission or storage method can be guaranteed to be entirely free from risk.