Privacy Policy
Effective date: April 7, 2026 Last updated: April 7, 2026
This Privacy Policy explains how Entropsy, Inc. ("Entropsy," "we," "us," or "our") collects, uses, and shares information when you visit entropsy.io or purchase a report from us.
If you have questions, contact us at mauricio@entropsy.io.
1. Who we are
Data controller: Entropsy, Inc. Contact: mauricio@entropsy.io
We operate entropsy.io, an AI competitive intelligence platform that maps AI tools and delivers competitive landscape reports for founders and operating teams.
2. Information we collect
2a. Information you provide directly
Contact form submissions
- Name
- Email address
- Job role
- Company name
- Interest type and any notes you include
Report purchases
- Name and email address
- Company name, company website URL, and company description
- Uploaded documents (PDF, DOCX, MD, or TXT files up to 5 MB) you provide to inform your report
- Payment billing name and email (passed through Stripe — we never see or store your card number, CVV, or full billing address)
Account creation (if applicable)
- Email address and password (managed through Supabase Auth)
2b. Information collected automatically
Payment records
- Stripe session ID and payment intent ID (so we can link your purchase to your report)
Generated reports
- The AI-generated report we deliver to you is stored in our database, linked to your email address
Server logs
- IP address, browser user agent, referring URL, and page request details — standard logs kept by our hosting provider, Netlify
Analytics
- We use Google Analytics (GA4, tag G-S0WDJHZRC3) and PostHog to understand how visitors use the site. These tools collect anonymized data such as pages viewed, session duration, and general geographic region.
Cookies and local storage
- Authentication cookies set by Supabase to keep you logged in
- Analytics cookies set by Google Analytics and PostHog
3. How we use your information
| Purpose | Data used |
|---|---|
| Generate your competitive intelligence report | Company name, URL, description, uploaded documents |
| Process payment | Email, name; Stripe handles card data |
| Deliver your report by email | Email address |
| Respond to contact form inquiries | Name, email, role, company, notes |
| Improve our service | Anonymized analytics data |
| Prevent fraud and abuse | Server logs, IP address |
| Legal obligations | Any data required by applicable law |
4. AI processing disclosure
This is important. When you purchase a report, the company information and documents you provide are sent to Anthropic's Claude API for AI processing. Anthropic uses this data to generate your report.
Specifically:
- Your company name, URL, description, and any uploaded documents are included in prompts sent to Claude
- Anthropic processes this data under their own privacy policy and usage policy
- Anthropic does not use API-submitted data to train their models by default (see their API usage policy)
- We do not send personally identifiable information beyond what is necessary for report generation (your name and email are not sent to Claude)
If you upload a document, it is processed to extract relevant text for the report. Uploaded files are stored in our database and linked to your purchase.
5. Data sharing and third parties
We do not sell your personal data. We share data only with the services required to operate the platform:
| Service | Purpose | Data shared | Their privacy policy |
|---|---|---|---|
| Stripe | Payment processing | Billing name, email, purchase amount | stripe.com/privacy |
| Supabase | Database and authentication | All stored data (hosted on AWS us-west-2) | supabase.com/privacy |
| Resend | Transactional email delivery | Name, email address | resend.com/privacy |
| Anthropic | AI report generation | Company name, URL, description, uploaded document text | anthropic.com/privacy |
| Google Analytics | Website analytics | Anonymized usage data | policies.google.com/privacy |
| PostHog | Product analytics | Anonymized usage data | posthog.com/privacy |
| Netlify | Hosting and CDN | Server log data | netlify.com/privacy |
We may also share data if required by law, court order, or to protect the rights and safety of Entropsy or others.
6. Data retention
| Data type | Retention period |
|---|---|
| Contact form submissions | 2 years |
| Report data and uploaded documents | 3 years from purchase date, or until you request deletion |
| Payment records (Stripe session ID, payment intent) | 7 years (required for financial recordkeeping) |
| Server logs | 90 days |
| Analytics data | Per Google Analytics and PostHog defaults (up to 14 months for GA4) |
You can request earlier deletion of your data at any time — see Section 7.
7. Your rights
GDPR — EU and UK residents
If you are located in the European Union or United Kingdom, you have the following rights under the GDPR:
- Access — Request a copy of the personal data we hold about you
- Rectification — Ask us to correct inaccurate or incomplete data
- Erasure ("right to be forgotten") — Ask us to delete your personal data
- Portability — Receive your data in a structured, machine-readable format
- Restriction — Ask us to stop processing your data in certain circumstances
- Objection — Object to processing based on legitimate interests or for direct marketing
To exercise any of these rights, email mauricio@entropsy.io. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. For EU residents, this is your national DPA. For UK residents, this is the ICO.
CCPA — California residents
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell personal data)
- Non-discrimination for exercising your privacy rights
To submit a California privacy request, email mauricio@entropsy.io with the subject line "California Privacy Request."
8. Cookies
We use the following cookies:
| Cookie | Purpose | Type |
|---|---|---|
| Supabase auth session | Keeps you authenticated | Strictly necessary |
| Google Analytics (_ga, _gid, _ga_*) | Website usage analytics | Analytics |
| PostHog (ph_*) | Product analytics | Analytics |
How to opt out of analytics cookies: You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on. You can opt out of PostHog tracking by contacting us or using the opt-out method in PostHog's documentation.
Most browsers also allow you to block or delete cookies in your browser settings. Note that blocking strictly necessary cookies may affect your ability to log in or use the platform.
9. Security
We take reasonable technical and organizational measures to protect your data:
- All data in transit is encrypted via TLS (HTTPS)
- Data at rest in Supabase is encrypted using AES-256
- Access to production systems is restricted to authorized team members
- We do not store payment card numbers — Stripe handles all card data under their PCI DSS compliance program
No system is completely secure. If you believe your data has been compromised, please contact us immediately at mauricio@entropsy.io.
10. International data transfers
Entropsy is based in the United States. Your data is processed and stored on servers in the United States (Supabase on AWS us-west-2, Netlify CDN infrastructure).
If you are located in the EU or UK, your data is transferred to the US. We rely on:
- Standard Contractual Clauses (SCCs) where required by our sub-processors
- Our sub-processors' participation in applicable cross-border data transfer frameworks
For questions about international transfers, email mauricio@entropsy.io.
11. Children
Entropsy is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Changes to this policy
If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify you by email if you have an account with us.
We encourage you to review this page periodically.
13. Contact us
For privacy questions, data requests, or concerns:
Email: mauricio@entropsy.io Subject line: Privacy Request
We aim to respond within 5 business days for general inquiries and within 30 days for formal rights requests.