Privacy Policy

1. Introduction

Welcome to Conservatory, an AI-powered website analysis platform operated by Symphony UI, LLC ("Company," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website, API, software, and related services (collectively, the "Service"). By using Conservatory, you consent to the data practices described in this policy.

If you do not agree with this Privacy Policy, please do not use the Service.

2. Definitions

For purposes of this Privacy Policy:

• "Personal Data" or "Personal Information" means any information that identifies or can be used to identify an individual, directly or indirectly.
• "Customer Data" means data you submit, upload, or analyze through the Service, including website URLs and analysis results.
• "Usage Data" means data collected automatically when you use the Service, such as IP address, browser type, and interaction patterns.
• "Cookies" means small data files stored on your device to track activity and preferences.
• "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• "Controller" means Symphony UI, LLC, which determines the purposes and means of Processing Personal Data.
• "Processor" means a third party that Processes Personal Data on behalf of the Controller.

3. Data Controller

Symphony UI, LLC is the data controller responsible for your Personal Data.

Contact Information:

Symphony UI, LLC
1000 5th Street
Suite 200-N4
FL 33139, USA
Email: Contact Us

4. Information We Collect

We collect different types of information to provide and improve the Service.

4.1 Personal Data You Provide Directly

When you create an Account or use the Service, you may provide:

• Identity Data: Full name, username, job title
• Contact Data: Email address, phone number (optional), organization name
• Account Data: Password (encrypted), account preferences, subscription plan
• Financial Data: Payment card details (processed by third-party payment providers; we do not store full card numbers)
• Transaction Data: Purchase history, billing information, invoices
• Communication Data: Messages you send to our support team, feedback, or survey responses
• Professional Data: Company name, industry, team size, role

4.2 Data Collected Automatically

When you use the Service, we automatically collect:

• Technical Data: IP address, browser type and version, device type, operating system, screen resolution
• Usage Data: Pages visited, features used, time spent, click patterns, analysis history
• Location Data: Approximate geographic location based on IP address
• Log Data: Access times, error messages, API call logs
• Performance Data: Load times, system performance metrics

4.3 Customer Data

You retain ownership of all Customer Data you submit through the Service, including:

• Website URLs you analyze
• Analysis results generated by Conservatory
• Reports you create and export
• Code snippets analyzed via GitHub integration
• Configuration settings and custom rules

4.4 Data from Third Parties

We may receive information from:

• OAuth Providers (Google, GitHub): Name, email, profile picture when you sign up via OAuth
• Payment Processors (Stripe): Transaction confirmation, billing status
• Analytics Services (Google Analytics): Aggregated usage statistics
• GitHub: Repository data, commit history, code structure (only for repositories you authorize)

4.5 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for Service functionality (authentication, security)
• Performance Cookies: Track usage patterns to improve the Service
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

5. How We Use Your Personal Data

We Process your Personal Data for the following purposes:

5.1 Providing the Service

• Create and manage your Account
• Authenticate your identity
• Process website analyses and generate reports
• Enable features (GitHub integration, API access, exports)
• Store your analysis history and preferences
• Provide customer support and respond to inquiries

5.2 Billing and Payment Processing

• Process subscription payments
• Send invoices and billing notifications
• Manage refunds and cancellations
• Detect and prevent payment fraud

5.3 Service Improvement and Development

• Analyze usage patterns to improve features
• Develop new functionality based on user behavior
• Conduct A/B testing and product experiments
• Train and improve our AI analysis algorithms
• Fix bugs and optimize performance

5.4 Communications

• Send transactional emails (account confirmations, password resets, billing notifications)
• Provide product updates and feature announcements
• Send marketing communications (with your consent; you can opt out anytime)
• Request feedback and conduct user surveys

5.5 Security and Legal Compliance

• Detect and prevent fraud, abuse, or security threats
• Enforce our Terms of Service
• Comply with legal obligations and respond to lawful requests
• Protect our rights, property, and safety
• Conduct security audits and vulnerability assessments

5.6 Aggregated and Anonymized Data

We may aggregate and anonymize your data to create statistical insights that do not identify you personally. We use this data for:

• Industry benchmarking and research
• Marketing and promotional materials
• Sharing trends and insights publicly

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we Process your Personal Data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing the Service)
• Legitimate Interests: We have legitimate business interests (fraud prevention, service improvement, security)
• Consent: You have given explicit consent for specific purposes (e.g., marketing emails)
• Legal Obligation: Processing is required by law (e.g., tax compliance, data breach notifications)

7. How We Share Your Personal Data

We do not sell your Personal Data to third parties. We share your data only in the following circumstances:

7.1 Service Providers and Processors

We share data with trusted third-party vendors who provide services on our behalf:

• Hosting Providers: AWS, Google Cloud (infrastructure and data storage)
• Payment Processors: Stripe (payment processing)
• Email Services: SendGrid, Mailgun (transactional and marketing emails)
• Analytics Services: Google Analytics, Mixpanel (usage analytics)
• Support Tools: Intercom, Zendesk (customer support)
• Security Services: Cloudflare (DDoS protection, CDN)
• AI Services: OpenAI, Anthropic (AI-powered analysis)

These service providers have access to your Personal Data only to perform tasks on our behalf and are obligated to protect it.

7.2 Legal Requirements

We may disclose your Personal Data if required by law or in response to:

• Court orders, subpoenas, or legal processes
• Government or regulatory requests
• Requests to protect our legal rights or property
• Emergency situations involving public safety

7.3 Business Transfers

If Symphony UI, LLC undergoes a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred to the acquiring entity. We will notify you of any such change.

7.4 With Your Consent

We may share your data with third parties when you explicitly consent (e.g., connecting third-party integrations).

8. International Data Transfers

Conservatory is based in the United States. Your Personal Data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For EEA, UK, and Swiss users: We comply with applicable data transfer regulations by using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy Decisions where the destination country is recognized as providing adequate protection
• Binding Corporate Rules where applicable

By using the Service, you consent to the transfer of your data to countries with different data protection standards than your jurisdiction.

9. Data Security

We implement industry-standard security measures to protect your Personal Data:

9.1 Technical Safeguards

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based access with multi-factor authentication (MFA)
• Firewalls: Network segmentation and intrusion detection systems
• Regular Audits: Security assessments and penetration testing
• Monitoring: 24/7 security monitoring and incident response

9.2 Organizational Safeguards

• Employee Training: Security awareness and data protection training
• Access Restrictions: Employees access data only as needed for their role
• Confidentiality Agreements: All employees sign data confidentiality agreements
• Vendor Management: Third-party vendors undergo security reviews

9.3 Compliance and Certifications

• SOC 2 Type II: Annual independent security audits (Enterprise plans)
• GDPR Compliance: Full compliance with EU data protection regulations
• CCPA Compliance: Adherence to California privacy laws

No system is 100% secure. While we strive to protect your Personal Data, we cannot guarantee absolute security. You use the Service at your own risk.

10. Data Retention

We retain your Personal Data only as long as necessary for the purposes outlined in this Privacy Policy:

• Active Accounts: Data retained while your Account is active
• Terminated Accounts: Data deleted within 90 days of termination (unless legal retention required)
• Backup Copies: May persist up to 90 days in backups
• Financial Records: Retained for 7 years for tax and accounting purposes
• Legal Holds: Data retained longer if subject to litigation or regulatory investigation

After the retention period, we securely delete or anonymize your Personal Data.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

11.1 Rights for All Users

• Access: Request a copy of your Personal Data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your Personal Data (subject to legal exceptions)
• Export: Download your data in JSON/Markdown format
• Opt-Out: Unsubscribe from marketing emails

11.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights:

• Right to Rectification: Correct inaccurate Personal Data
• Right to Erasure ("Right to be Forgotten"): Request deletion under certain conditions
• Right to Restriction of Processing: Limit how we Process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to Processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for consent-based Processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

11.3 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of Personal Data collected, used, shared, or sold
• Right to Delete: Request deletion of your Personal Data (with exceptions)
• Right to Opt-Out: Opt out of sale of Personal Data (note: we do not sell Personal Data)
• Right to Non-Discrimination: Exercise rights without discrimination in service or pricing
• Right to Correct: Request correction of inaccurate Personal Data

11.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: Contact Us
• Account Settings: Manage preferences directly in your Account

We will respond to your request within 30 days (45 days under CCPA). We may ask for verification of your identity to process your request.

12. Children's Privacy

Conservatory is not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from children under 18.

If we learn that we have collected Personal Data from a child under 18, we will delete it immediately. If you believe we have collected data from a child, contact us.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Our Service does not currently respond to DNT signals because there is no industry standard for interpreting them. We will update this policy if standards are established.

14. Third-Party Links and Services

The Service may contain links to third-party websites, integrations, or services that are not controlled by Symphony UI, LLC. This Privacy Policy does not apply to third-party sites.

We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing Personal Data.

Third-party services we integrate with:

• Google (Lighthouse, Analytics, OAuth): Google Privacy Policy
• GitHub: GitHub Privacy Statement
• Stripe: Stripe Privacy Policy
• OpenAI: OpenAI Privacy Policy

15. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of Personal Data to third parties for direct marketing purposes.

We do not share Personal Data with third parties for their direct marketing purposes. If you have questions, contact us.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

Notice of Changes: We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email to your registered email address
• Displaying a prominent notice on our website
• In-app notification

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Symphony UI, LLC
Privacy Team
1000 5th Street
Suite 200-N4
FL 33139, USA
Email: Contact Us