Privacy Policy
Last updated: 2026-06-29
Effective date: 2026-06-29
1. Introduction
NeedSonar ("we", "us", or "the Platform") respects your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information, and the rights you have under applicable laws, including but not limited to the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and other relevant privacy frameworks.
By using our services, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please do not use our services.
2. Information We Collect
2.1 Information You Provide Directly
- Account information: email address, nickname, avatar, password hash (if using email registration).
- Payment information: Stripe customer ID, subscription type, invoice records. We do not store your full card number.
- User-generated content: favorite folders, search history, favorited pain points, trial requests, rating feedback, generated prototypes, and marketing plans.
- Communications: messages sent to us via email or support channels.
2.2 Information Collected Automatically
- Log data: IP address, browser type and version, operating system, pages visited, referrer, access times.
- Device information: device type, screen resolution, language settings.
- Usage data: search queries, click behavior, feature usage frequency, export activity.
- Cookies and similar technologies: see Section 8.
2.3 Information Aggregated from Public Sources
To provide pain-point intelligence, we aggregate publicly available discussions from third-party communities and platforms such as Reddit, Hacker News, V2EX, Zhihu, and Juejin. This may include:
- Post/comment titles and excerpts
- Publicly displayed usernames and avatar URLs
- Publication time, upvotes, and engagement counts
- Public URLs
We only collect and display information that is publicly visible and do not attempt to bypass login walls or access non-public data. We use AI to summarize, classify, and score this public content to generate business insights. If you believe we have incorrectly included public content about you, please contact us using the details in Section 13 to request removal.
3. How We Use Your Information
We process your personal information on the following legal bases:
- Performance of a contract: to provide, maintain, and improve the service; to process subscriptions and payments.
- Legitimate interests: to analyze usage trends, prevent fraud, ensure security, and aggregate and display public discussions.
- Your consent: to place non-essential cookies and send you marketing emails (which you can withdraw at any time).
- Legal obligation: to comply with tax, anti-fraud, and lawful requests from law enforcement.
Specific purposes include:
- Operating the NeedSonar platform and maintaining your account.
- Processing subscriptions, payments, and invoices.
- Analyzing public discussions with AI to generate pain-point scores, trends, and competitor insights.
- Sending service notifications, security alerts, and (with your consent) marketing messages.
- Monitoring and analyzing trends to improve product features and user experience.
- Detecting, preventing, and addressing fraud, abuse, and security issues.
4. Data Sharing and Third-Party Recipients
We do not sell your personal information. We share data only in the following circumstances:
| Recipient type | Purpose | Examples |
|---|---|---|
| Payment processors | Subscription and invoice processing | Stripe |
| Authentication services | OAuth login | Supabase Auth, GitHub, Google, WeChat |
| Cloud service providers | Hosting, database, message queue | Supabase, Vercel, RabbitMQ host |
| AI analysis services | Summarization, scoring, translation, embeddings | OpenAI |
| Analytics services | Understanding product usage (only after analytics cookie consent) | Google Analytics, Plausible |
| Law enforcement | Responding to lawful legal process | Courts, regulators |
All third-party processors are contractually bound to process data only according to our instructions and to implement appropriate security measures.
5. International Data Transfers
Our servers and third-party service providers may be located outside your country or region (e.g., the United States, the European Union, Singapore). When your personal information is transferred to other countries, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or equivalent mechanisms.
6. Data Retention
- Account information: retained until 30 days after account deletion, or longer if required by tax or legal obligations.
- Payment records: retained for 7 years as required by tax and legal obligations.
- Search history and favorites: retained until you actively delete them or delete your account.
- Aggregated public content: retained as core product data; if you request removal of public content about you, we will process within 30 days after verification.
- Log and analytics data: typically retained for 90 days to 12 months, then anonymized or deleted.
7. Your Rights
Depending on applicable law, you may have the following rights regarding your personal information:
7.1 Right to Access
You have the right to obtain a copy of the personal information we hold about you.
7.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information.
7.3 Right to Erasure ("Right to be Forgotten")
In certain circumstances, you have the right to request deletion of your personal information. Please note that deleting your account will remove your favorites, search history, and other account-related data, but aggregated public discussion content is not your personal data unless it contains additional information that identifies you.
7.4 Right to Restrict Processing
In certain circumstances, you have the right to request restriction of processing of your personal information.
7.5 Right to Data Portability
You have the right to receive the personal data you provided in a structured, commonly used, and machine-readable format, and to transmit it to a third party.
7.6 Right to Object
You have the right to object to processing based on legitimate interests and to object to direct marketing.
7.7 Right to Withdraw Consent
If you have provided consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
7.8 Right Not to Be Subject to Automated Decision-Making
Our AI scoring is used for information and recommendation purposes and does not constitute solely automated decision-making that produces legal or similarly significant effects. If you have concerns, please contact us.
7.9 California Resident Rights (CCPA/CPRA)
California residents have the right to:
- Know the categories of personal information we collect, disclose, or sell.
- Request deletion of personal information we have collected.
- Opt out of the "sale" of personal information (we do not sell personal information).
- Not be discriminated against for exercising privacy rights.
8. Cookies and Similar Technologies
8.1 What Are Cookies
Cookies are small text files stored on your device by websites to recognize your browser or store preferences.
8.2 Cookie Categories We Use
| Category | Purpose | Required |
|---|---|---|
| Necessary cookies | Essential functionality such as login state, language, and theme preferences | Yes, cannot be disabled |
| Analytics cookies | Help us understand how users interact with the site and improve the product | No, requires consent |
| Functional cookies | Remember your preferences to provide enhanced features | No, requires consent |
| Marketing cookies | Used for personalized advertising and marketing campaigns | No, requires consent |
8.3 How to Manage Cookies
We display a cookie consent banner on your first visit. You can change your choices at any time via the "Cookie Settings" link in the footer. You can also clear or block cookies through your browser settings, though this may affect some features.
9. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- Encryption in transit (HTTPS/TLS)
- Database access controls and audit logs
- Password hashing
- Regular security reviews and least-privilege access
However, no method of transmission over the internet or electronic storage is 100% secure.
10. Children's Privacy
Our services are not directed to children under 16. If we discover that we have collected personal information from a child, we will delete it as soon as possible.
11. Third-Party Links
Our services may contain links to third-party websites or community posts. We are not responsible for the privacy practices of those third-party sites.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by:
- Posting the updated policy on this page and updating the "Last updated" date
- Sending email notice to registered users
- Displaying a prominent notice on the website
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:
- Email: [email protected]
- Data Protection Officer: [email protected]
- Mailing address: [Please insert actual company registered address]
Users in the European Union also have the right to lodge a complaint with their local data protection supervisory authority.