ProtoVibing

Legal

Privacy Policy

Effective date: April 15, 2026  ·  Last updated: April 7, 2026

Plain-language summary: We only collect what we need to run ProtoVibing for you. Your ideas, documents, and interview notes are yours. We do not sell your data. We do not train AI models on your content. Voice recordings never leave your device. You can export or delete your data at any time.

This Privacy Policy explains how Pathfinder Foundry, LLC (“ProtoVibing,” “we,” “our,” or “us”) collects, uses, and protects information when you use protovibing.ai, alpha.protovibing.ai, and related services (the “Service”). By using the Service, you agree to this policy.

1. Who we are

ProtoVibing is operated by Pathfinder Foundry, LLC, a limited liability company organized under the laws of the State of Washington, with its registered address at 522 W Riverside Ave, Ste N, Spokane, WA 99201. If you have questions about this policy or how your data is handled, contact us.

2. What we collect

We try to collect as little as possible. Here is everything:

2.1 Account information

ProtoVibing offers two ways to sign in:

GitHub sign-in (required for Project Owners). When you sign in with GitHub, we receive your GitHub username, display name, email address, and profile picture, plus a GitHub access token used only to create and update project repositories on your behalf. We do not receive or store your GitHub password.

Magic link email sign-in (Reviewers, Editors, Viewers, and anyone else). When you sign in with a magic link, we receive only your email address and the fact that you clicked a verification link. No password, no third-party identity provider.

In either case we also record the fact that you signed in and when.

2.2 Content you create

Anything you produce inside ProtoVibing:

  • Project names, loop and phase data, canvas node positions
  • Documents, artifacts, interview notes, hypotheses, prototype content, synthesis reports
  • Comments and sign-off decisions
  • Uploaded files and images

This content belongs to you. We store it in our database to make the Service work and to display it back to you and your invited collaborators.

2.3 Agent conversation data

When you interact with an AI agent inside ProtoVibing, we store:

  • The messages you send and the agent’s responses
  • Metadata about the run (model used, timestamps, status)
  • Any artifacts the agent proposes and you confirm

We use this only to power your project and preserve your working history.

2.4 Voice input

If you use the microphone to dictate to an agent:

  • Audio is transcribed on your own device using a speech-to-text model that runs in your browser. Your voice recording never leaves your device in this default mode.
  • If your device cannot run the local model, audio is temporarily streamed through our servers to a third-party transcription provider (currently Groq), which processes it in memory and returns the transcript. No audio recording is saved to disk by us or by the provider in the normal flow.
  • Only the resulting transcript text is stored. We never save raw audio recordings.
  • You can disable voice input entirely in your settings.

2.5 Technical and usage data

Like most web apps, we automatically collect:

  • Your IP address, browser type, and operating system
  • Pages you visit and actions you take inside the Service
  • Error logs and performance metrics
  • Cookies and similar technologies (see Section 8)

We use this to keep the Service running, fix bugs, and improve performance.

2.6 Billing information

If you upgrade to a paid plan, our payment processor (Stripe) collects your payment details directly. We receive only a customer ID, your plan, and your subscription status. We never see or store your full card number.

2.7 BYOK API keys

If you provide your own API key for an AI provider (bring-your-own-key), we store it encrypted at rest using Supabase Vault. We use it only to run agents on your behalf and never share it with anyone else.

3. What we do not collect

  • We do not collect biometric identifiers, government IDs, or financial account numbers.
  • We do not track you across other websites.
  • We do not buy data about you from data brokers.
  • We do not collect data from children under 13. ProtoVibing is not intended for anyone under 18.

4. How we use your information

We use the information we collect to:

  • Provide the Service: authenticate you, render your projects, run AI agents, deliver notifications
  • Communicate with you about your account, important changes, and support requests
  • Improve the Service: fix bugs, measure performance, understand which features help founders succeed
  • Enforce our Terms of Service and protect the Service from abuse
  • Comply with legal obligations

What we do not do with your information:

  • We do not sell your personal information.
  • We do not share your project content with other users except the collaborators you invite.
  • We do not use your content to train AI models. Not ours, not anyone else’s.
  • We do not use your data for advertising.

5. How we share your information

We share information only in these limited cases:

5.1 Service providers

We use a small set of trusted vendors to run ProtoVibing. They only get the minimum needed to do their job, and they are contractually required to protect your information:

VendorWhat they handle
VercelHosts the web application and runs server code
SupabaseStores your account, projects, and content in a managed Postgres database
GitHubAuthenticates your login and stores committed project artifacts in repositories on your account
Anthropic, OpenAI, Groq, and other AI providersProcess AI agent requests (messages, transcriptions) when you use their models
InngestRuns background jobs for long-running agent workflows
ResendSends transactional emails (notifications, invites, important updates)
StripeProcesses payments if you subscribe to a paid plan

5.2 Collaborators you invite

Anyone you invite to a project as an Owner, Reviewer, Editor, or Viewer can see the project content appropriate to their role. This is a feature, not a leak.

5.3 Legal requirements

We may disclose information if required by law, subpoena, or court order, or to protect the rights, property, or safety of ProtoVibing, our users, or the public.

5.4 Business transfers

If ProtoVibing is acquired, merged, or sells its assets, your information may transfer to the new owner. We will notify you before that happens and give you the opportunity to delete your data.

6. Where your data is stored

Your data is stored on servers operated by Supabase and Vercel, primarily in the United States. By using the Service, you consent to the transfer and storage of your data in the United States regardless of where you live.

7. How long we keep your data

  • Account and project data: as long as your account is active, plus up to 30 days after you delete it
  • Agent conversation history: as long as the related project exists
  • Technical logs: typically 30 to 90 days
  • Billing records: as required by tax and accounting law (usually 7 years)

When you delete a project or your account, we remove the associated data from our live systems within 30 days. Backups may retain copies for up to 90 additional days before being overwritten.

8. Cookies and similar technologies

We use cookies for:

  • Keeping you signed in
  • Remembering your preferences (theme, layout)
  • Basic analytics to understand how the Service is used

We do not use third-party advertising cookies or cross-site tracking.

You can disable cookies in your browser, but parts of the Service may not work.

9. Your rights and choices

Regardless of where you live, you can:

  • Access your data by logging in and viewing your projects
  • Export your data from settings (coming soon; available on request in the meantime via our contact form)
  • Correct your account information from settings
  • Delete your account and associated data from settings or through our contact form
  • Opt out of non-essential emails from the notification preferences page

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under GDPR, UK GDPR, and CCPA, including the right to object to processing and the right to lodge a complaint with your local data protection authority. Use our contact form to exercise any of these rights and we will respond within 30 days.

10. Security

We take security seriously:

  • All traffic is encrypted with TLS
  • Passwords are handled by GitHub (we never see them)
  • API keys and other secrets are encrypted at rest
  • Access to production systems is limited and logged
  • We follow industry-standard practices for vulnerability management

No system is perfectly secure. If you believe your account has been compromised, report it immediately through our security contact form.

11. Children’s privacy

ProtoVibing is not intended for anyone under 18. We do not knowingly collect information from children under 13. If we learn we have, we will delete it. Parents or guardians who believe their child has provided information to us should contact us.

12. Changes to this policy

We may update this policy from time to time. If the changes are significant, we will notify you by email or through the Service before they take effect. The “Last updated” date at the top always reflects the current version.

13. Contact us

Questions, concerns, or requests:

  • Contact us: Contact form — use the topic dropdown to select Privacy, Security, or General.
  • Mailing address: Pathfinder Foundry, LLC, 522 W Riverside Ave, Ste N, Spokane, WA 99201

This policy is written in plain language and is not a substitute for legal advice. If you need formal legal documentation, consult a licensed attorney.