Privacy Policy
Effective Date: November 20, 2025
Effective Date
This Privacy Policy is effective as of November 20, 2025. It explains how PersistQ collects, uses, shares and protects personal data when you use our Service.
Controller
PersistQ (the operator of persistq.dev) is the data controller for personal data collected in connection with this Service unless otherwise specified. Contact: support@persistq.dev.
What We Collect
We may collect: (a) Account information (email, name); (b) Usage data (API call logs, timestamps, IP addresses, request metadata); (c) Content you upload ("Memories"); (d) Payment information via our payment processor (we do not store full card numbers); (e) Cookies and similar tracking for the dashboard experience.
How We Use Personal Data
We use data to: provide and operate the Service; authenticate and manage accounts; bill and process payments; detect abuse and enforce policies; improve and develop features; provide customer support; and comply with legal obligations.
Legal Bases (for EU / GDPR)
If you are in the EEA, our legal bases for processing include: (a) performance of a contract (to provide the Service); (b) legitimate interests (fraud prevention, service improvement); (c) consent where applicable; and (d) compliance with legal obligations.
Data Processors and Third Parties
We use subprocessors to operate the Service: Neon (PostgreSQL + pgvector), Upstash (Redis), Clerk (auth), Vercel/Render (hosting), Highlight.io (monitoring), Stripe or chosen payment processor, and other vendors. We require subprocessors to protect data in line with this Policy. We generate embeddings locally (Transformers.js) and do not send content to third-party AI providers.
Data Retention and Deletion
We retain account and content data for as long as your account exists and as necessary to provide the Service. Upon account deletion we will delete your primary data and cascade-delete memories; backups may be retained for a limited period. You may export your data via the export endpoint. Data retention schedules and exact durations may be provided upon request.
Your Rights (EEA)
EU/EEA residents have rights including access, rectification, deletion (right to be forgotten), restriction, data portability, and objection. To exercise these rights, contact support@persistq.dev. We will respond within legal timeframes.
Security Measures
We use reasonable administrative, technical, and physical safeguards, including encrypted connections (HTTPS), hashed API keys (bcrypt), rate limiting, and access controls. However no system is perfectly secure; promptly report suspected breaches to support@persistq.dev. We will notify affected users and authorities as required by law.
Cookies and Tracking
We use minimal cookies for authentication and session management. We may use analytics and monitoring tools (Vercel analytics, Highlight.io). To manage cookies, use browser settings or the dashboard controls where available.
Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from children. If we learn we collected data from a child under 16, we will delete it promptly.
International Transfers
We operate infrastructure in various jurisdictions. Personal data may be transferred to and processed in countries outside your jurisdiction (including the USA and EU). Where required, we use appropriate safeguards for transfers (e.g., SCCs).
Data Breach Response
We maintain an incident response plan. In the event of a material data breach we will notify affected users and relevant authorities within applicable timeframes and provide remediation steps.
Changes to this Policy
We may update this Privacy Policy; we will post the revised policy with an updated effective date and notify users in the dashboard or by email as appropriate.
Contact & DPO
For privacy inquiries or to exercise rights, contact: support@persistq.dev. If you are an EU data subject and want to escalate, specify 'Data Subject Request' in the subject line.