Privacy Policy

Prosperity AI Inc. (“we,” “us,” “our,” or “Prosperity AI”) operates the Prosperity AI platform (“Prosperity AI,” “the Platform,” or “the Service”), an AI-powered strategic planning and execution platform designed for organizations. Prosperity AI is accessible at prosperityai.com and app.prosperityai.com. The Service includes Plan Mode (AI-guided strategic plan creation), Execute Mode (KPI tracking, action plans, finance, AI advisor, and insights), BYOP (Bring Your Own Plan upload and extraction), and Annual Refresh (rolling strategy updates).

This Privacy Policy explains how we collect, use, share, store, and protect your personal information when you use our Platform. We believe in transparency and have written this policy in plain English so you can clearly understand our data practices.

By creating an account or using Prosperity AI, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

We collect information in several ways when you use Prosperity AI.

1.1 Information You Provide Directly

• Account Information: Your name and email address when you create an account.
• Organizational Information: Your organization’s mission, vision, programs, budgets, staff details, and other organizational data you enter during the strategic planning process.
• Uploaded Documents: Files you upload to the Platform, including PDFs, Word documents (DOCX), and spreadsheets (XLSX), for AI-powered analysis and plan generation.
• Financial Data: Budget information, revenue figures, expenses, and other financial details you provide or import.
• KPI Data: Key performance indicators, metrics, targets, and measurement data you enter or that are generated as part of your strategic plan.
• Stakeholder Information: Names, email addresses, and roles of stakeholders associated with your organization that you enter into the Platform.
• AI Conversations: Your messages, prompts, and responses exchanged during AI advisor sessions, strategic planning conversations, and document analysis interactions.
• Strategic Planning Documents: Plans, reports, and other outputs generated through the Platform.

1.2 Information Collected Automatically

• Authentication Data: Session tokens and authentication cookies managed through Firebase Authentication.
• Usage Data: How you interact with the Platform, including features used, pages visited, and actions taken within the application.
• Device and Browser Information: Browser type, operating system, and device identifiers collected through standard web technologies.
• Log Data: Server logs that may include your IP address, access times, and pages viewed.

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party authentication method (such as Google Sign-In through Firebase), we receive your name and email address from that provider.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To create and manage your account, deliver the strategic planning features of the Platform, generate AI-powered plans and reports, and enable AI advisor conversations.
• AI Processing: To send your organizational data, uploaded documents, financial information, and conversation inputs to our AI provider (Anthropic’s Claude API) for strategic plan generation, document analysis, report creation, and advisory responses.
• Platform Improvement: To understand how users interact with the Platform, identify issues, and improve our features and user experience.
• Communication: To send you service-related notices, respond to your inquiries, and provide customer support.
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not use your information for:

• Selling your personal data to third parties.
• Serving targeted advertising.
• Building user profiles for marketing purposes unrelated to the Platform.
• Training general-purpose AI models (see Section 4 for details on AI data processing).

3. Cookies and Tracking Technologies

Prosperity AI uses a minimal set of cookies and similar technologies:

• Authentication Cookies: Firebase Authentication uses session cookies to keep you signed in and to manage your authenticated session securely. These are essential cookies required for the Platform to function.
• Functional Cookies: We may use cookies to remember your preferences and settings within the Platform.

We do not use:

• Third-party advertising cookies.
• Cross-site tracking cookies.
• Analytics cookies from third-party advertising networks.

4. AI Data Processing and Disclosure

Prosperity AI uses artificial intelligence to deliver its core features. We believe it is important for you to understand exactly how your data interacts with AI systems.

4.1 What Data Is Processed by AI

When you use Prosperity AI’s planning, advisory, analysis, or reporting features, the following types of data may be sent to our AI provider for processing:

• Organizational information (mission, vision, programs, staff details)
• Financial data (budgets, revenue, expenses)
• Content from uploaded documents (PDFs, Word documents, spreadsheets)
• KPI data and metrics
• Stakeholder information
• Your messages and questions during AI advisor conversations
• Previously generated plan content (for context and continuity)

4.2 Our AI Provider

We use Anthropic’s Claude API as our AI processing provider. When your data is sent to Anthropic for processing:

• Data is transmitted securely using encryption in transit.
• Anthropic processes the data to generate responses, plans, reports, and analyses.
• Under Anthropic’s API data usage policy, data sent through the API is not used to train Anthropic’s general AI models.
• Anthropic may retain API inputs and outputs for a limited period (typically 30 days) for trust and safety purposes, such as detecting abuse.

4.3 AI-Generated Content

Strategic plans, reports, KPI suggestions, advisory responses, and other outputs generated by the AI are created based on the data you provide. These outputs are stored in your account, owned by you and your organization, and not shared with other users or organizations.

4.4 Human Review

Your AI conversations and generated content are not routinely reviewed by Prosperity AI staff. We may access your data only when necessary to provide customer support you have requested, investigate technical issues, or respond to legal requirements.

5. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

5.1 Service Providers

We use the following third-party service providers to operate the Platform:

5.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

If Prosperity AI Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Storage and Security

6.1 Where Your Data Is Stored

Your data is stored in the United States using Google Cloud infrastructure (Firestore and Cloud Run). Our frontend application is hosted on Vercel’s global network. All data at rest is stored within US-based data centers.

6.2 Security Measures

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS.
• Encryption at Rest: Data stored in Google Cloud Firestore is encrypted at rest using Google’s built-in encryption.
• Authentication Security: User authentication is managed through Firebase Authentication with industry-standard protocols.
• Access Controls: Access to production systems and data is restricted to authorized personnel only.
• Infrastructure Security: Our hosting providers maintain SOC 2, ISO 27001, and other relevant security certifications.
• Input Validation: The Platform implements SSRF protection and input validation to guard against common vulnerabilities.

6.3 Security Limitations

While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. If you suspect unauthorized access to your account, please contact us immediately at contact@prosperityai.com.

7. Data Retention and Deletion

7.1 How Long We Keep Your Data

• Account Data: Retained for the duration of your active account.
• Organizational and Planning Data: Retained for the duration of your active account, including strategic plans, uploaded documents, financial data, KPIs, and stakeholder information.
• AI Conversation Histories: Retained for the duration of your active account.
• Server Logs: Retained for up to 90 days.
• Anthropic API Data: Anthropic may retain copies for up to 30 days for trust and safety purposes.

7.2 Account Deletion

You may request deletion of your account and associated data at any time by contacting us at contact@prosperityai.com. Upon receiving a verified deletion request, we will delete or anonymize your personal information from our active systems within 30 days. Some information may persist in encrypted backups for up to 90 days.

7.3 Data Portability

You may request an export of your data by contacting us. We will provide your data in a commonly used, machine-readable format within 30 days of your request.

8. Your Privacy Rights

8.1 Rights for All Users

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate personal information.
• Deletion: You may request that we delete your personal information, subject to certain exceptions.
• Data Portability: You may request your data in a portable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, contact us at contact@prosperityai.com. We will respond within 30 days.

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA provides you with additional rights including the right to know, delete, correct, and opt out of sale or sharing. We do not sell or share your personal information for cross-context behavioral advertising.

Categories of Personal Information Collected:

• Identifiers (name, email address, IP address)
• Commercial information (organizational financial data, subscription records)
• Internet or electronic network activity (usage data, log data)
• Professional or employment-related information (organizational role, title)
• Inferences drawn from the above (AI-generated strategic insights)

California residents may submit a request by emailing contact@prosperityai.com with “California Privacy Request” in the subject line.

8.3 Michigan Privacy Considerations

As a Michigan-based company, we comply with applicable Michigan state laws regarding data protection. Michigan’s Identity Theft Protection Act requires us to notify affected individuals in the event of a data breach, and we will do so in accordance with that law.

8.4 Other State Privacy Laws

If you reside in a state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, or others), we will honor the rights provided under your state’s law. Contact us at contact@prosperityai.com to exercise any applicable rights.

9. Children’s Privacy

Prosperity AI is a business platform designed for organizations and their staff. The Platform is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13 in compliance with COPPA.

If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as possible. Users must be at least 18 years of age to create an account.

10. Organizational Data Considerations

10.1 Your Organizational Data

The organizational data you enter into Prosperity AI belongs to your organization. We process this data solely to provide the strategic planning services you have engaged.

10.2 Stakeholder Information

When you enter stakeholder names, email addresses, and roles into the Platform, you are responsible for ensuring you have the appropriate authority and any necessary consent to share that information with us and our AI processing provider.

10.3 Sensitive Individual Data

We recommend that you do not enter personally identifiable information about individual clients, donors, or beneficiaries unless it is directly relevant to your strategic planning process. The Platform is designed for organizational-level strategic planning, not for managing individual records.

10.4 Confidentiality of Plans

Your strategic plans and organizational data are kept confidential and are not shared with other organizations or users. Each organization’s data is logically separated and accessible only to authorized users within that organization’s account.

10.5 Regulatory Compliance

If your organization is subject to specific regulatory requirements (such as HIPAA or FERPA), you are responsible for evaluating whether the Platform meets those requirements. Please contact us if you have specific compliance questions.

11. Third-Party Links

The Platform may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties.

12. International Users

Prosperity AI is designed for and primarily serves US-based organizations. The Platform and all data storage infrastructure are located in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective Date” and notify you by email or through a prominent notice within the Platform before the changes take effect.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, or as otherwise required by applicable law, including Michigan’s Identity Theft Protection Act.

15. Do Not Track Signals

The Platform does not currently respond to Do Not Track (DNT) signals. However, we do not engage in cross-site tracking or targeted advertising.

16. Contact Us

If you have questions about this Privacy Policy, please contact us:

Prosperity AI Inc.
Email: contact@prosperityai.com
Website: prosperityai.com

This Privacy Policy is provided by Prosperity AI Inc., a Michigan corporation, and applies to the Prosperity AI platform and all related services.