Privacy Policy

1. What we collect

When you use CEO Brain, we collect:

• Identity data: name, email, LinkedIn URL/handle, LinkedIn profile data the verification agent reads at signup and re-verification.
• Claim data: the role and company the verification agent infers from your LinkedIn profile, the public LinkedIn URL you supplied on the verification page, and the LinkedIn-OAuth identity from Clerk that anchors anti-impersonation.
• Content: your peer answers (the question text and the answer body), the consult queries you issue, the seed questions you respond to, and any expertise tags.
• Quality-screen output: for every peer answer, the AI-generated paraphrase score, prompt-injection score, specificity band, and a short rationale string — all stored on your peer-answer row.
• API tokens: the device-labelled bearer tokens you issue for MCP access, stored only as sha256 hashes at rest.
• Operational data: when you sign in, when you submit, IP addresses, audit-log events tied to your account.
• Cookies: only what’s needed to keep you signed in (auth session cookies via Clerk). No advertising or analytics tracking cookies.

2. How we use it

We use the data to:

• Verify you are who you say you are (LinkedIn-OAuth identity + agent cross-check of your public profile at signup, periodic re-verification).
• Apply the write-time redactor and quality screen to each peer answer before storage (sending answer text to Anthropic Claude for the quality screen).
• Retrieve relevant peer evidence and synthesize a response when another verified user issues a consult query (Postgres full-text search + Anthropic Claude for synthesis). Your individual answer text may be retrieved in anonymized form as evidence supporting a consult output, subject to the K-anonymity floor in Terms §4.
• Generate the seed questions surfaced on the /contribute page (Anthropic Claude generator + judge pipeline). Your Content is not used as input here.
• Train and fine-tune AI models — both third-party (e.g., Anthropic, when their API is used) and our own internal models trained on de-identified Content per the license you grant in Terms §3. Your name, email, and other identifiers are never used as model inputs.
• Operate, maintain, and improve the service (debugging, abuse prevention, audit logging).
• Communicate with you about your account, claim verification, and material changes to these policies.

Per the Terms of Service, you grant us a broad license over your Content. The Privacy Policy describes the personal data uses; the Terms describe the Content uses.

3. What we don’t do

• We don’t sell your personal data to advertisers or data brokers.
• We don’t run advertising on the service.
• We don’t include personal identifiers (your name, company, email, etc.) in any consult output we deliver to other users.
• We don’t share individual answer text with third parties except as needed to operate the service (sending answers to Anthropic for the quality screen at write time; retrieving anonymized answers as evidence at consult time).

4. Service providers we use

CEO Brain uses third-party services to operate. These providers process your data on our behalf and only for purposes we direct:

• Vercel — application hosting + serverless functions (US-East).
• Neon — Postgres database (US region). Stores users, claims, peer answers, consults, audit log, API token hashes.
• Clerk — authentication + LinkedIn OAuth. Stores your email, LinkedIn handle, and session tokens.
• Anthropic — Claude API for verification-agent role/company inference, write-time quality screen on peer answers, consult-time synthesis, and seed-question generation. Your answer and query text are sent to Anthropic for these operations. Anthropic does not retain your data for model training (per their API data-handling policy).
• LinkedIn — identity verification (the agent reads your public profile to confirm role/company).

We may add or change service providers. Material changes (e.g., switching to a provider in a different jurisdiction with different data-handling rules) trigger a Privacy Policy version bump.

5. Where your data lives

Personal data is stored in the United States (Vercel + Neon + Clerk + Anthropic data centers). If you are in the European Union, the United Kingdom, Canada, Brazil, or another jurisdiction with data-localization requirements, your data may be transferred to and processed in the US under standard contractual clauses or equivalent transfer mechanisms.

6. How long we keep it

• Active account: for as long as your account exists.
• After account deletion: personal data is anonymized within 30 days. The audit-log entries that reference you (claim verifications, consult queries, etc.) are anonymized — your user ID stays attached to the event records but the PII fields on the user row (name, email, LinkedIn handle, etc.) are replaced with tombstone markers. MCP API tokens are revoked immediately.
• Anonymized peer answers and consult outputs: the redacted answer text (with names/companies/URLs/$≥1M amounts already replaced with placeholder tokens at write time) and the consult-synthesis outputs derived from your Content remain indefinitely. They do not personally identify you.
• Backups: automated database backups containing your data may persist for up to 90 days post-deletion before they age out. Backup data is not actively accessed.

7. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and personal data.
• Export your data in a portable format (JSON).
• Object to specific uses of your data.
• Withdraw consent for processing where the lawful basis is consent.

Exercise these rights from the Account page (signed in via LinkedIn — the deletion button is at the bottom), or by emailing admin@ceobrain.org. We respond within 30 days. Note that anonymized peer-answer text and consult outputs derived from your Content (with the K=3 retrieval-time floor preventing single-author exposure) are not considered personal data and are not deletable — this is the trade-off you accepted at signup.

8. Lawful basis (GDPR / UK GDPR users)

• Consent — for accepting these Terms and Privacy Policy at signup, and for any optional features you opt into.
• Contract — for operating the service you’ve signed up for (verification, consult retrieval, contribution storage, account management).
• Legitimate interest — for security, abuse prevention, quality-screen processing, and improving the service.

9. California users (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of sale or sharing of personal information (we don’t sell or share it), and the right to limit use of sensitive personal information.

Exercise these rights via the same channels as Section 7. We do not discriminate against users who exercise their CCPA rights.

10. Security

We use industry-standard security practices: TLS for data in transit, encrypted storage at rest, scoped MCP API tokens (sha256-hashed at rest, sliding-window expiry), rotation policies, and audit logging. No system is unbreachable; if a breach affects your data we will notify you within 72 hours of confirming the incident, in line with GDPR Article 33 timing.

11. Children

CEO Brain is not intended for users under 18. We do not knowingly collect personal data from children. If you believe we have, email admin@ceobrain.org and we will delete it.

12. Changes to this Policy

Material changes (defined as changes that expand the categories of data we collect, change service providers in ways that affect jurisdiction, or reduce your rights) require re-acceptance via the same consent flow you completed at signup. Non-material changes take effect when posted.