Privacy Policy

Infinidatum LLC ("we," "our," or "us") operates the website infinidatum.com and the Infinidatum AI Strategy Lab platform (collectively, the "Service"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service, whether as a free tool user, registered account holder, or paid subscriber.

We are committed to protecting your privacy and ensuring transparency about how we handle your information. We do not sell your personal information.

1. Information You Provide Directly

• Account Information: Email address, name, and a cryptographically hashed password. Passwords are never stored in plain text.
• Consultant Profile Data: Company name, logo URL, brand colors, website, tagline, and contact email you provide when configuring white-label branding.
• Client Workspace Data: Client names, company names, industry, and notes you enter when managing client engagements within the consultant portal.
• Report Input Data: Business parameters, financial figures, assessment answers, vendor scores, and other data you provide when generating reports through our tools.
• Purchase & Subscription Information: Our payment processor (Stripe) collects payment information. We store order and subscription records (product, amount, date, billing period) but never store credit card details on our servers.
• Feedback & Communications: Name, email, and content of any feedback, support requests, or communications you send us.
• Newsletter Signup: Email address, processed through our email marketing provider (MailerLite).

2. Information Collected Automatically

• Usage Data: IP address, browser type, device information, pages visited, time spent, referring URLs, and interaction patterns.
• Cookies & Tracking: We use cookies and similar technologies for authentication, preferences, and analytics. See the Cookies section below.
• Analytics: We use Google Analytics to understand how visitors interact with our website. This data is anonymized and aggregated.

3. Information We Do NOT Collect

• Credit card numbers, bank account details, or financial credentials (handled entirely by Stripe)
• Social Security numbers or government identifiers
• Health, biometric, or genetic data
• Data from your end clients (consultant subscribers' clients do not interact with our platform directly)

• To provide, operate, and maintain the Service, including generating reports and managing subscriptions
• To process your transactions and manage account entitlements
• To store and retrieve your consultant profile, client workspaces, and generated reports
• To track subscription usage (reports generated per billing period) against plan limits
• To send transactional emails (sign-in links, password resets, receipts, subscription notifications)
• To respond to your inquiries, feedback, or support requests
• To improve and enhance our tools, calculations, and benchmark data using anonymized, aggregated patterns
• To monitor and analyze usage patterns for service improvement and capacity planning
• To detect, prevent, and address technical issues, abuse, or security incidents
• To send marketing communications (only if you opt in; you may unsubscribe at any time)

We do not sell, trade, or rent your personal information to third parties. We share information only in these limited circumstances:

• Service Providers: Third-party companies that facilitate our Service, including:
  • Vercel (hosting and deployment)
  • Stripe (payment processing — PCI DSS compliant)
  • Resend (transactional email delivery)
  • MailerLite (newsletter and marketing emails)
  • Google Analytics (anonymized website analytics)
  • PostgreSQL database provider (encrypted data storage)
  These providers access your information only to perform specific tasks on our behalf and are contractually obligated not to disclose or use it for other purposes.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
• Aggregated & Anonymized Data: We may share aggregated, de-identified data (e.g., tool usage statistics, industry trend analysis) for research and improvement purposes. This data cannot be used to identify individual users or organizations.

This section applies specifically to consultant subscribers who use our white-label report platform.

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
• Encryption at rest: Database contents are encrypted at rest using AES-256.
• Password security: Passwords are hashed using bcrypt with appropriate work factors. We never store plain-text passwords.
• Payment security: Payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We never store card data.
• Access controls: Internal access to production data is restricted to essential personnel with role-based permissions.
• Infrastructure: Hosted on Vercel's enterprise infrastructure with SOC 2 Type II compliance.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

We use the following categories of cookies:

You can control cookies through your browser settings. Disabling essential cookies may prevent authentication and core functionality. We do not use advertising or retargeting cookies.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal and operational requirements.
• Data Portability: Request your data in a structured, machine-readable format (JSON export).
• Opt-Out: Unsubscribe from marketing emails at any time. Opt out of analytics tracking through browser settings.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.

California residents (CCPA): You have the right to know what personal information we collect and how it is used, request deletion, and opt out of the sale of personal information. We do not sell personal information.

EU/EEA residents (GDPR): You have the rights listed above. Our lawful basis for processing is: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, security), and (c) consent (marketing emails).

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to these transfers. We ensure appropriate safeguards are in place for international transfers as required by applicable law.

Our Service is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and where appropriate, sending an email notification to active subscribers. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.