Privacy Policy

Prior.Run (“we,” “us,” “our”) provides an pre-launch design validation platform. This Privacy Policy explains how we collect, use, and protect your information when you use our website and services at prior.run.

Account Information

• Email address (at signup or Google OAuth)
• Authentication credentials managed by Supabase Auth

Uploaded Content

• Design screenshots you upload for analysis (PNG, JPG)
• Audience descriptions and analysis parameters you provide

Payment Information

• Payment details are processed by Stripe. We never store your full card number, CVC, or bank details on our servers.

Usage Data

• Google Analytics collects anonymized usage data (page views, session duration, device type)
• We log API usage for rate limiting and abuse prevention

• Provide the service: Your uploaded designs are sent to our analysis engine for processing. The analysis results are stored and returned to you.
• Account management: Your email is used for authentication, account recovery, and service notifications.
• Payment processing: Stripe handles billing for Pro subscriptions.
• Service improvement: Anonymized, aggregated usage data helps us improve the product.

• Designs are processed by our analysis engine solely for generating your results. Under our data processing policies, inputs are not used to train or improve any models.
• We re-encode uploaded images through Pillow before processing. Raw uploads are never served or accessible.

• Data is stored in Supabase with encryption at rest.
• All data in transit is encrypted via HTTPS/TLS.
• Authentication is handled via Supabase Auth with JWT-based sessions and Google OAuth support.
• Access to production systems is restricted to authorized personnel only.

We use the following third-party services, each with their own privacy policies:

• Analysis Engine— Design analysis and processing
• Supabase— Authentication, database, and file storage
• Stripe— Payment processing
• Google Analytics— Anonymized usage analytics
• Render— Application hosting

• Analysis results: Retained as long as your account is active or until you request deletion.
• Account data: Retained until account deletion is requested.

If you are in the European Economic Area (EEA) or other jurisdictions with similar protections, you have the right to:

• Access— Request a copy of the personal data we hold about you.
• Rectification— Request correction of inaccurate data.
• Deletion— Request deletion of your personal data and uploaded content.
• Export— Request a machine-readable export of your data.
• Restriction— Request that we limit how we process your data.
• Objection— Object to processing based on legitimate interests.

To exercise any of these rights, contact us at hello@prior.run. We will respond within 30 days.

• Essential cookies: Used for authentication session management (Supabase).
• Analytics cookies: Google Analytics uses cookies to collect anonymized usage data. You can opt out via your browser settings or the Google Analytics opt-out extension.

Prior.Run is not directed to children under 16. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance.

If you have questions about this Privacy Policy, contact us at:

hello@prior.run