Privacy Policy
Last updated: pending legal review
Placeholder page. This page establishes the URL structure and a stub for Paideias' privacy policy. The content below is a plain-language summary of the technical data-handling behavior already implemented in the product — it is not reviewed legal copy and should not be treated as a binding privacy policy until replaced by counsel-reviewed text.
What this product does today
Paideias encrypts research documents client-side using AES-256-GCM before they sync to storage, so document content is not readable by Paideias' servers in plaintext. Account authentication is handled via Google Sign-In. Billing is processed by Stripe; Paideias does not store full payment card numbers.
What a complete privacy policy needs to cover
- What account and usage metadata is collected (email, project names, timestamps) and how long it is retained
- Sub-processors used (Supabase, Stripe, Google) and their respective data-handling roles
- Legal basis for processing under GDPR, and data subject rights (access, deletion, portability)
- IRB / institutional research data handling commitments, if made in marketing copy elsewhere on the site
- Data breach notification process
- Cookie / tracking disclosure, if analytics or marketing cookies are in use
- Contact details for privacy inquiries
Contact: privacy@paideias.org (placeholder address — confirm before publishing)