Privacy Policy

Last updated: May 2026

1. Data Collected

We collect the following personal data:

• Account data: Name, email address, and profile picture provided by your OAuth provider (e.g., GitHub).
• User content: Project submissions, comments, votes, and data provided to the Pre-Mortem analysis tool (project titles, context, hypotheses).
• Payment data: Managed by Stripe. We store only your Stripe Customer ID and subscription status. We do not store card numbers.
• Technical data: Session tokens, cookies necessary for authentication.

2. Use of AI Providers

When you use the Pre-Mortem analysis feature, your input (project title, context, hypothesis) is sent to Mistral AI for processing. Mistral AI is a French company headquartered in the European Union, and your data is processed in accordance with the GDPR. Mistral processes this data according to their Terms and Privacy Policy. User-visible strings translated for localization are also processed by Mistral AI. We recommend not including sensitive personal information in your analysis inputs.

3. Environmental Impact of AI

We are mindful of the environmental footprint of generative AI. We chose Mistral AI in part because they have published the first comprehensive life cycle assessment of a large language model, carried out with Carbone 4 and the French environmental agency ADEME, and because their infrastructure is hosted in the European Union, where the electricity mix is significantly less carbon-intensive than in many other regions.

Concretely, we limit our impact by:

• Caching all translations in our database so that each unique string is sent to the model only once across the lifetime of the app.
• Rate-limiting Pre-Mortem analyses per user to avoid unnecessary inference.
• Using the smallest model that fits each task (Mistral Small for translation, Mistral Large only for the Pre-Mortem analysis).

You can read Mistral AI's full environmental impact study, Our contribution to a global environmental standard for AI.

4. Payment Processing

Payments are handled by Stripe, which acts as an independent data controller for payment data. Stripe is PCI-DSS Level 1 certified.

5. Data Retention

Your data is retained as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request deletion of your data
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise these rights, contact us at contact@penguinstudio.fr.

7. Cookies

We use cookies for authentication and essential functionality. For details, see our Cookie Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS), secure database access, and authentication via OAuth.

9. Changes

We may update this policy from time to time. Material changes will be communicated via the platform.

10. Contact

Data Protection contact: contact@penguinstudio.fr.