0Signals
Confidence
Latency
— Platforms

Privacy Policy

Last updated: 2026-06-29

Effective date: 2026-06-29

1. Introduction

NeedSonar ("we", "us", or "the Platform") respects your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information, and the rights you have under applicable laws, including but not limited to the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and other relevant privacy frameworks.

By using our services, you acknowledge that you have read and understood this policy. If you do not agree with any part of this policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: email address, nickname, avatar, password hash (if using email registration).
  • Payment information: Stripe customer ID, subscription type, invoice records. We do not store your full card number.
  • User-generated content: favorite folders, search history, favorited pain points, trial requests, rating feedback, generated prototypes, and marketing plans.
  • Communications: messages sent to us via email or support channels.

2.2 Information Collected Automatically

  • Log data: IP address, browser type and version, operating system, pages visited, referrer, access times.
  • Device information: device type, screen resolution, language settings.
  • Usage data: search queries, click behavior, feature usage frequency, export activity.
  • Cookies and similar technologies: see Section 8.

2.3 Information Aggregated from Public Sources

To provide pain-point intelligence, we aggregate publicly available discussions from third-party communities and platforms such as Reddit, Hacker News, V2EX, Zhihu, and Juejin. This may include:

  • Post/comment titles and excerpts
  • Publicly displayed usernames and avatar URLs
  • Publication time, upvotes, and engagement counts
  • Public URLs

We only collect and display information that is publicly visible and do not attempt to bypass login walls or access non-public data. We use AI to summarize, classify, and score this public content to generate business insights. If you believe we have incorrectly included public content about you, please contact us using the details in Section 13 to request removal.

3. How We Use Your Information

We process your personal information on the following legal bases:

  • Performance of a contract: to provide, maintain, and improve the service; to process subscriptions and payments.
  • Legitimate interests: to analyze usage trends, prevent fraud, ensure security, and aggregate and display public discussions.
  • Your consent: to place non-essential cookies and send you marketing emails (which you can withdraw at any time).
  • Legal obligation: to comply with tax, anti-fraud, and lawful requests from law enforcement.

Specific purposes include:

  • Operating the NeedSonar platform and maintaining your account.
  • Processing subscriptions, payments, and invoices.
  • Analyzing public discussions with AI to generate pain-point scores, trends, and competitor insights.
  • Sending service notifications, security alerts, and (with your consent) marketing messages.
  • Monitoring and analyzing trends to improve product features and user experience.
  • Detecting, preventing, and addressing fraud, abuse, and security issues.

4. Data Sharing and Third-Party Recipients

We do not sell your personal information. We share data only in the following circumstances:

Recipient typePurposeExamples
Payment processorsSubscription and invoice processingStripe
Authentication servicesOAuth loginSupabase Auth, GitHub, Google, WeChat
Cloud service providersHosting, database, message queueSupabase, Vercel, RabbitMQ host
AI analysis servicesSummarization, scoring, translation, embeddingsOpenAI
Analytics servicesUnderstanding product usage (only after analytics cookie consent)Google Analytics, Plausible
Law enforcementResponding to lawful legal processCourts, regulators

All third-party processors are contractually bound to process data only according to our instructions and to implement appropriate security measures.

5. International Data Transfers

Our servers and third-party service providers may be located outside your country or region (e.g., the United States, the European Union, Singapore). When your personal information is transferred to other countries, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or equivalent mechanisms.

6. Data Retention

  • Account information: retained until 30 days after account deletion, or longer if required by tax or legal obligations.
  • Payment records: retained for 7 years as required by tax and legal obligations.
  • Search history and favorites: retained until you actively delete them or delete your account.
  • Aggregated public content: retained as core product data; if you request removal of public content about you, we will process within 30 days after verification.
  • Log and analytics data: typically retained for 90 days to 12 months, then anonymized or deleted.

7. Your Rights

Depending on applicable law, you may have the following rights regarding your personal information:

7.1 Right to Access

You have the right to obtain a copy of the personal information we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Right to Erasure ("Right to be Forgotten")

In certain circumstances, you have the right to request deletion of your personal information. Please note that deleting your account will remove your favorites, search history, and other account-related data, but aggregated public discussion content is not your personal data unless it contains additional information that identifies you.

7.4 Right to Restrict Processing

In certain circumstances, you have the right to request restriction of processing of your personal information.

7.5 Right to Data Portability

You have the right to receive the personal data you provided in a structured, commonly used, and machine-readable format, and to transmit it to a third party.

7.6 Right to Object

You have the right to object to processing based on legitimate interests and to object to direct marketing.

7.7 Right to Withdraw Consent

If you have provided consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7.8 Right Not to Be Subject to Automated Decision-Making

Our AI scoring is used for information and recommendation purposes and does not constitute solely automated decision-making that produces legal or similarly significant effects. If you have concerns, please contact us.

7.9 California Resident Rights (CCPA/CPRA)

California residents have the right to:

  • Know the categories of personal information we collect, disclose, or sell.
  • Request deletion of personal information we have collected.
  • Opt out of the "sale" of personal information (we do not sell personal information).
  • Not be discriminated against for exercising privacy rights.

8. Cookies and Similar Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device by websites to recognize your browser or store preferences.

8.2 Cookie Categories We Use

CategoryPurposeRequired
Necessary cookiesEssential functionality such as login state, language, and theme preferencesYes, cannot be disabled
Analytics cookiesHelp us understand how users interact with the site and improve the productNo, requires consent
Functional cookiesRemember your preferences to provide enhanced featuresNo, requires consent
Marketing cookiesUsed for personalized advertising and marketing campaignsNo, requires consent

8.3 How to Manage Cookies

We display a cookie consent banner on your first visit. You can change your choices at any time via the "Cookie Settings" link in the footer. You can also clear or block cookies through your browser settings, though this may affect some features.

9. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption in transit (HTTPS/TLS)
  • Database access controls and audit logs
  • Password hashing
  • Regular security reviews and least-privilege access

However, no method of transmission over the internet or electronic storage is 100% secure.

10. Children's Privacy

Our services are not directed to children under 16. If we discover that we have collected personal information from a child, we will delete it as soon as possible.

11. Third-Party Links

Our services may contain links to third-party websites or community posts. We are not responsible for the privacy practices of those third-party sites.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by:

  • Posting the updated policy on this page and updating the "Last updated" date
  • Sending email notice to registered users
  • Displaying a prominent notice on the website

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Users in the European Union also have the right to lodge a complaint with their local data protection supervisory authority.