Privacy Policy

Clevara LLC DBA PlanMason ("PlanMason," "we," "us") operates the planmason.com website and service. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password. Your password is cryptographically hashed by our authentication provider (Supabase) and is never stored in plain text.

Plan Data

We collect the answers you provide during the business plan interview, financial data you enter (startup costs, revenue projections, expenses), and the resulting plan content built from those inputs. This is the core data you create through using the service.

Usage Data

We track which features you use, pages you visit within the app, your last active timestamp, and event data such as plan generation and export actions. This helps us understand how the product is used and where to improve.

Technical Data

Our hosting provider (Vercel) automatically collects standard technical data including your IP address, browser type, device type, and operating system. This data is used for security, performance monitoring, and aggregated analytics.

Payment Data

Payments are processed by Stripe. We never store your full credit card number, expiration date, or CVV on our servers. Stripe handles payment information in compliance with PCI DSS standards. We receive only a partial card number (last 4 digits) and transaction status for record-keeping.

2. How We Use Your Data

• Providing the service: Your interview answers and financial data are processed to generate your business plan and financial projections.
• AI processing: Your answers are sent to Anthropic's Claude API for analysis and plan generation. Anthropic does not use API data to train its models. Your data is processed in accordance with Anthropic's API usage policy.
• Transactional emails: We send emails when your plan is generated, exports are ready, and for payment confirmations and receipts.
• Marketing emails: We send a welcome email sequence (onboarding, product tips, and feature highlights). You can unsubscribe from marketing emails at any time using the link in each email.
• Email tracking: We track email opens and link clicks through our email provider (Resend) to measure the effectiveness of our communications and improve our messaging.
• Product improvement: We analyze anonymized, aggregated usage patterns to understand which features are most valuable and where the product needs improvement.

3. Cookies

Authentication Cookies

PlanMason uses cookies set by Supabase (our authentication provider) to keep you signed in. These cookies are essential for the service to function and cannot be disabled while using an authenticated session.

Analytics

We use Vercel Analytics, which is privacy-focused and does not use cookies or collect personal data. It provides aggregated page view and performance metrics only.

No Advertising Cookies

We do not use third-party advertising cookies or tracking pixels. We do not participate in ad networks or sell data for advertising purposes.

You can manage your cookie preferences through the consent banner displayed when you first visit the site. Your preference is stored locally in your browser.

4. Data Storage and Security

Your data is stored in Supabase, a cloud database platform with row-level security policies that ensure users can only access their own data. The application is hosted on Vercel with US-based servers. All data is transmitted over HTTPS (TLS 1.2+).

We implement industry-standard security measures including input validation, rate limiting, authentication on all API routes, and security headers (HSTS, CSP, X-Frame-Options). While no system is perfectly secure, we take reasonable measures to protect your data from unauthorized access, alteration, or destruction.

5. Data Sharing

We do not sell your personal data. Period.

We share data with the following service providers solely to operate the service:

• Supabase: Authentication and database hosting
• Vercel: Application hosting and edge network
• Anthropic: AI processing (Claude API) for plan generation and coaching
• Resend: Transactional and marketing email delivery
• Stripe: Payment processing

We may also disclose your information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of PlanMason, our users, or the public.

6. Your Rights

Regardless of where you are located, you have the following rights:

• Access: You can request a copy of all data we hold about you.
• Deletion: You can request deletion of your account and all associated data by contacting support@planmason.com.
• Opt-out: You can unsubscribe from marketing emails at any time. Transactional emails (related to your account or purchases) will continue.
• Portability: You can export your business plan (DOCX) and financial data (XLSX) at any time through the app.

California Residents (CCPA)

We do not sell personal information as defined by the California Consumer Privacy Act. You have the right to know what data we collect, request deletion, and opt out of any future sale of personal information (though we do not sell it). We will not discriminate against you for exercising your rights.

European Residents (GDPR)

Our legal basis for processing your data is contract performance (providing the service you signed up for) and legitimate interest (improving the product and communicating with users). You have additional rights including the right to rectification, restriction of processing, and the right to lodge a complaint with your local data protection authority.

7. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
• Plan data: Retained while your account is active. Permanently deleted when your account is deleted.
• Email logs: Retained for 90 days for troubleshooting and deliverability monitoring.
• Aggregated analytics: Anonymized, aggregated data (with no personal identifiers) may be retained indefinitely for product improvement.

8. Children's Privacy

PlanMason is not intended for users under the age of 18. We do not knowingly collect data from minors. If we learn that we have collected personal information from a user under 18, we will delete that data promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes (such as new data collection practices or new third-party providers), we will notify you by email. Minor changes (such as clarifications or formatting updates) will be posted here with an updated effective date. Your continued use of PlanMason after changes take effect constitutes your acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy or wish to exercise any of your data rights, contact us at support@planmason.com.