Privacy Policy

Effective date: May 4, 2026. Last updated: May 4, 2026.

Alerterra LLC, a Delaware limited liability company doing business as Precipiq (“Precipiq,” “we,” “our,” or “us”), operates the Precipiq AI Consequences Ledger, comprising the Precipiq API at api.precipiq.com, the dashboard at app.precipiq.com, the documentation site at docs.precipiq.com, the marketing site at precipiq.com, and the official TypeScript and Python SDKs distributed under the package name precipiq (collectively, the “Service”).

This Privacy Policy explains what personal data we process, why we process it, with whom we share it, how long we keep it, and the rights individuals have over it. It applies to visitors of our marketing site, prospective customers, customers, end users authorized by our customers, and anyone who contacts us.

1. The two data perspectives

Precipiq is a business-to-business service. Our customers are organizations that record their AI agent decisions on our platform. The Service involves two distinct relationships:

Customer Data — processor relationship. When a customer submits AI decision records, financial events, or other content via the API, SDK, or dashboard, that content is “Customer Data.” We act as a processor (under GDPR terminology) or service provider (under CCPA / CPRA terminology) of that data on the customer’s behalf. The customer is the controller / business and is primarily responsible for the lawfulness of submitting that data.
Account and operational data — controller relationship. When you interact with our marketing site, sign up for an account, communicate with our support team, or visit our docs, we act as the controller / business of that limited set of personal data ourselves.

Sections 2–13 below describe both perspectives. Customers seeking a separate Data Processing Agreement should email privacy@precipiq.com; our DPA is available on request and is required for customers processing personal data of EU, UK, or California residents through the Service.

2. Information we collect

2.1 Information you give us

Account data. Email address, organization name, and the API keys we issue to you. API key secrets are stored as bcrypt hashes; we cannot recover an issued key after the moment of issuance.
Billing data. When you subscribe to a paid plan, our payment processor (Stripe) handles your card information directly. We never receive or store full card numbers. We do receive and store your Stripe customer ID, subscription ID, plan tier, and invoice history.
Customer Data. Decision records (timestamps, agent identifiers, action types, inputs, outputs, confidence scores, alternatives considered, human-in-the-loop flags), financial events (amounts, currencies, sources, line item descriptions), consequence links, liability estimates, and any metadata you attach. You control what is submitted; if any of it constitutes personal data of your end users, you are responsible for ensuring you have the lawful basis to submit it.
Integration data. When you authorize a third-party integration (Stripe, QuickBooks Online via Intuit), we store the OAuth refresh token, the integration’s tenant identifier (e.g. Stripe account ID, QuickBooks realm_id), and the minimum metadata required to read the events you have asked us to ingest. Refresh tokens are encrypted at rest. You may disconnect any integration at any time from your dashboard settings; disconnecting revokes the token at the upstream provider on a best- effort basis and clears it from our systems immediately.
Communications. Email you send to hello@precipiq.com, support@precipiq.com, privacy@precipiq.com, security@precipiq.com, or legal@precipiq.com, and your reply history.
Newsletter subscriptions. If you give us your email through the marketing site, we record the address, the timestamp of subscription, and a hashed proof of consent. We do not record IP, user-agent, or geolocation at the marketing-site subscription point.

2.2 Information we collect automatically

Operational telemetry. When you call the API or load the dashboard, we log request paths, response codes, request sizes, and latency. Sensitive headers (including the API key) and request bodies are redacted before storage.
Audit events. Authentication successes and failures, key rotations, plan changes, integration connect / disconnect events, and forensic export requests are recorded in a tamper-evident audit log so customers can demonstrate the integrity of the ledger.
Marketing-site analytics. The marketing site uses PostHog with identification disabled to count page views and aggregate referrer paths. We do not set identifying cookies on the marketing site.
Dashboard analytics. Once you sign in to the dashboard, PostHog records product events (page views, feature usage) tied to your organization so we can measure adoption. You can opt out of dashboard analytics in your dashboard settings.
Error reports. Our error tracker (Sentry) captures unhandled exceptions with stack traces. We scrub request bodies, headers, and known sensitive fields before transmission. If a stack trace includes Customer Data despite scrubbing, we treat it as Customer Data for retention and access purposes.

2.3 Cookies and similar technologies

The marketing site sets a single signed cookie (precipiq_gate) to remember that you have entered the early-access password during the pre-launch period. The dashboard sets a session cookie issued by our authentication system to keep you signed in, and an analytics-consent cookie to remember your PostHog opt-in / opt-out preference. Neither property uses third-party advertising cookies.

3. How we use information

We process personal data for these purposes only:

To provide the Service — authenticate API requests, run the decision-to-financial-event correlation engine, render the dashboard, deliver the SDKs, and execute features you invoke (analytics, exports, notifications).
To bill and account. To charge subscription fees, send invoices and receipts, and meet our tax and accounting obligations.
To support you. To respond to your messages and resolve issues you report.
To operate, secure, and improve the Service. To monitor performance, investigate abuse and security incidents, debug errors, run capacity planning, and measure aggregate adoption.
To communicate. To send transactional notifications you ask for or that are necessary for the Service (billing receipts, plan changes, security alerts, material policy updates) and, where you have consented, occasional product news.
To comply with the law. To respond to lawful requests from authorities, enforce our Terms of Service, and protect our rights, property, and users.

We do not sell personal data. We do not share personal data with third parties for cross-context behavioral advertising. We do not train artificial intelligence or machine learning models on Customer Data on behalf of other customers.

4. Lawful basis (GDPR Article 6 and UK GDPR)

For visitors and individuals located in the EEA, UK, or Switzerland, we rely on:

Performance of a contract — to deliver the Service to subscribed customers and respond to authorized API calls.
Legitimate interests — to operate, secure, and improve the Service, including aggregate usage analytics, abuse detection, and fraud prevention. We balance these interests against your rights and freedoms; if you believe our balancing is incorrect, you may object as described in section 9.
Consent — for newsletter subscriptions and dashboard product analytics. Consent may be withdrawn at any time without affecting the lawfulness of processing before withdrawal.
Legal obligation — to retain billing records as required by tax law and to respond to lawful demands.

For Customer Data we process on behalf of a customer, the lawful basis is the customer’s instructions under our Data Processing Agreement.

5. Sub-processors

We engage the following third parties to deliver the Service. Each is bound by a written agreement that obligates them to process personal data only on our instructions and with protections at least as strict as those in this Policy.

Sub-processor	Purpose	Data processed	Region
Fly.io	API and worker hosting	All Customer Data in transit; in-memory only	United States (IAD)
Vercel	Marketing site, dashboard, and docs hosting	Account data; dashboard request metadata	Global edge; primary US
Supabase	Postgres database	All Customer Data at rest; account data	United States (us-east-1) by default; EU and UK on Enterprise
Upstash	Redis for rate limiting, queues, and OAuth state tokens	Hashed API key prefixes; ephemeral OAuth state	United States
Cloudflare	DNS, DDoS protection, edge caching for marketing and docs	Request metadata (IP, user-agent, path)	Global edge
Stripe	Payment processing	Billing data; payment instrument tokenized at Stripe	United States; supports global payments
Resend	Transactional email delivery	Recipient email, subject line, body	United States
Sentry	Application error tracking	Stack traces with bodies and headers scrubbed	United States
PostHog	Anonymous marketing analytics; opt-in dashboard analytics	Page views; aggregated funnels; opt-in product events	United States or EU (configurable)
Intuit (QuickBooks Online)	Accounting integration — only when a customer connects QBO	OAuth refresh token; `realm_id`; financial events read on the customer’s behalf	United States

We will give customers reasonable advance notice of any new sub-processor by updating this page and, where required by our DPA, by direct email to designated billing contacts. Customers who object to a new sub-processor on reasonable data-protection grounds may terminate the affected portion of the Service as described in our Terms of Service.

6. International data transfers

Precipiq is incorporated in the United States and stores Customer Data in the United States by default. When we transfer personal data of individuals located in the EEA, UK, or Switzerland to the United States, we rely on: (a) the EU-US Data Privacy Framework and the UK Extension where the recipient is certified; or (b) the European Commission’s Standard Contractual Clauses, supplemented by the UK International Data Transfer Addendum for transfers from the UK, where they are not. We make these mechanisms available to customers under our DPA on request.

Enterprise customers may request that Customer Data be stored in our EU or UK regions instead. Contact privacy@precipiq.com to begin that process.

7. Data retention

Account data — retained for the lifetime of the organization; deleted within 30 days of an organization-deletion request, except where retention is required by law (for example, billing records subject to tax law).
Customer Data (decisions, financial events, consequence links, liability estimates) — retained for the lifetime of the organization. The cryptographic hash chain is append-only; deletion is performed by replacing rows with cryptographically neutral tombstones that preserve chain integrity while removing personal data.
Audit events — retained for ninety (90) days on a rolling window; older rows are pruned nightly.
Operational logs and Sentry error reports — retained for thirty (30) days.
Newsletter subscriptions — retained until you unsubscribe or request deletion.
Backups — we retain encrypted database backups for thirty-five (35) days. A deletion request will be honored against live data immediately and against backups as those backups age out of the retention window.

8. Data security

We implement administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, alteration, disclosure, and destruction. These include:

TLS 1.2 or higher in transit on every external endpoint.
AES-256 encryption at rest at the database layer.
API keys stored only as bcrypt hashes; secrets are shown to the user once at issuance and never again.
Tamper-evident hash chain on every decision record, with periodic Merkle checkpoints to enable efficient verification.
Per-organization rate limits, IP-bucketed authentication failure tracking, and audit logs on every privileged action.
Role-based access control inside Precipiq with the principle of least privilege.
Continuous dependency vulnerability scanning and prompt patching.
Documented incident-response procedures (see our public SECURITY.md for our coordinated disclosure policy).

No system can guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you and applicable authorities in accordance with the timelines required by law.

9. Your rights

Depending on where you live, you may have the rights described below. To exercise any right, email privacy@precipiq.com from the address associated with your account or describe enough information for us to verify your identity. We respond within 30 days for most requests; complex requests may take up to 90 days, and we will tell you if so.

Access — request a copy of the personal data we hold about you.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion. Customer-Data deletion is available self-serve via DELETE /api/v1/org/data in the API, which cascades across every tenant-scoped table; account-level deletion is handled by email.
Portability — receive your data in a structured, commonly used, machine-readable format.
Restriction and objection — request that we limit or stop processing based on legitimate interests.
Withdraw consent — for processing based on consent (newsletter, opt-in product analytics). Every newsletter email contains a one-click unsubscribe; analytics opt-out lives in your dashboard settings.
Lodge a complaint — with your local data-protection authority. For EU/EEA residents, find yours at edpb.europa.eu. For UK residents, contact the ICO.

For requests that concern Customer Data we process on behalf of a customer, please contact the customer directly. We will assist customers in responding to such requests as required by our DPA.

10. California (CCPA / CPRA) disclosures

If you are a California resident, you have the rights described below in addition to those in section 9. The categories of personal information we have collected and disclosed in the preceding twelve months are:

Identifiers — email address, organization name, IP address (in operational logs).
Commercial information — subscription tier, billing history.
Internet or other electronic network activity — request paths, response codes, page views.
Inferences — aggregate usage patterns drawn from telemetry.

We collect these categories from you directly, automatically when you use the Service, and from our integration partners when you authorize an integration. We disclose these categories to the sub-processors listed in section 5 strictly for the operational purposes described.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising as those terms are defined in the CPRA. We do not knowingly collect personal information of consumers under the age of 16. You have the right to know, delete, correct, and limit use and disclosure of sensitive personal information; submit requests to privacy@precipiq.com. You also have the right not to be discriminated against for exercising these rights. Authorized agents may submit requests on your behalf with verifiable written authorization.

11. Children

The Service is not directed to children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected personal data from a child, please contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. The “Effective date” and “Last updated” values at the top of this page reflect the most recent change. For material changes, we will provide notice by email to administrators of active organizations at least thirty (30) days before the changes take effect, and we will surface a notice in the dashboard. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact

Questions about this Policy or about how we handle personal data: privacy@precipiq.com. We respond within three business days. Security disclosures: security@precipiq.com.

Postal address for legal notices: Alerterra LLC, 2810 N Church St #481712, Wilmington, DE 19802, USA. Customers requiring an EU representative under Article 27 of the GDPR may request appointment details under their DPA.

This Policy is reviewed periodically with outside counsel. The substantive practices described above reflect our actual operations as of the effective date.