Privacy Policy

Last updated: February 19, 2026

1. Who We Are

This Privacy Policy explains how Storm of Intelligence ("we", "us", "our") collects, uses, stores, and shares personal data when you use our website, products, and services (collectively, the "Service").

2. Scope

This Policy applies to personal data processed through our Service, including account use, billing, support, and AI workflow features.

3. Data We Collect

  • Account data: name, email address, account identifiers, organization details, authentication metadata.
  • Billing data: billing name, address, tax identifiers, country, transaction IDs, subscription status, invoices, and payment event metadata.
  • Payment data: payment card or wallet details are processed by authorized third-party payment processors; we generally receive limited payment metadata and status, not full card numbers.
  • Usage and device data: IP address, browser and device details, timestamps, route-level activity, diagnostics, and security logs.
  • Content data: prompts, project descriptions, files, generated outputs, and related workflow inputs you submit through the Service.
  • Support data: communications, tickets, and issue context you send to us.

4. How We Collect Data

  • Directly from you when you create an account, use features, or contact support.
  • Automatically through logs, cookies, and technical instrumentation.
  • From service providers that support authentication, billing, fraud checks, and infrastructure.

5. Why We Use Data (Purposes and Legal Bases)

  • Service delivery (contract): provide core features, process requests, return results, and manage account functionality.
  • Billing and accounting (contract and legal obligation): process payments, maintain invoices, manage taxes, and prevent payment fraud.
  • Security and abuse prevention (legitimate interests): detect abuse, enforce limits, investigate suspicious behavior, and protect users and infrastructure.
  • Operations and improvement (legitimate interests): maintain reliability, diagnose issues, and improve product quality using aggregated or de-identified data.
  • Legal compliance (legal obligation): comply with applicable law, regulator requests, and lawful enforcement actions.
  • Communications (contract, legitimate interests, or consent): send service, billing, legal, and support notices.

6. Billing and Payment Processing

Paid features may use one or more authorized third-party payment processors. Processor identity may change over time. Payment processors handle sensitive payment credentials under their own privacy and security obligations.

  • We use billing data to manage subscriptions, invoices, taxes, and payment disputes.
  • We may process payment risk and fraud indicators to reduce abuse and chargeback fraud.
  • Billing records may be retained for audit, tax, legal, dispute, and financial reporting needs.

7. AI and Subprocessor Handling

To provide AI functionality, we may send relevant Content data to AI model providers and infrastructure subprocessors. We select providers based on operational and security needs and may change providers over time.

  • Data is shared only as needed to deliver requested functionality.
  • Provider handling is subject to their own legal terms and policies.
  • We implement contractual and technical controls where practical, but third-party systems are outside our direct control.

8. How We Share Data

We may share personal data with:

  • Authentication, hosting, storage, analytics, and communication providers.
  • Payment processors, tax and accounting providers, and fraud prevention partners.
  • AI model and infrastructure providers required for requested features.
  • Professional advisors, auditors, insurers, and legal counsel.
  • Law enforcement or regulators where required by law or legal process.
  • Counterparties in a merger, financing, acquisition, or asset transfer.

9. International Data Transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers, such as contractual protections.

10. Data Retention

We retain personal data for as long as needed for the purposes described above, including service delivery, security, legal compliance, dispute handling, and legitimate business operations.

  • Account data is retained while your account is active and for a reasonable period afterward.
  • Billing and tax records may be retained for legally required retention periods.
  • Security and audit logs may be retained to investigate abuse, fraud, and incidents.
  • Backups may persist for limited periods before secure deletion cycles complete.

11. Security Measures

We use administrative, technical, and organizational safeguards designed to protect data from unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

12. Automated Risk Controls and Account Actions

We may use automated systems and manual review for fraud and abuse detection, including payment risk scoring, unusual usage detection, and policy enforcement. These controls may result in temporary holds, throttling, or account suspension when risk is identified.

13. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing.

  • You may request access, correction, deletion, or export of personal data where applicable.
  • You may object to or request restriction of certain processing where legally available.
  • You may withdraw consent where processing is based on consent.
  • We may request verification information before fulfilling privacy-rights requests.

14. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, performance, and service analytics. Browser controls may allow you to disable some cookies, but certain features may not function correctly without them.

15. Children

The Service is not directed to children under 13 (or higher age where required by local law). If we learn that we collected personal data from a child in violation of law, we will take appropriate steps to delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted with a revised "Last updated" date. Material changes may also be communicated through the Service or account notices.

17. Contact

For privacy or data protection requests, contact us through the contact form on our website.