Privacy Policy

Productiviti is operated by A2E Group Pty Ltd (Australia). When this policy refers to "we", "us", or "Productiviti", that is who we mean. You can reach us at privacy@productiviti.net.

• Account data: name, email, and whatever identity you sign in with (Google, Apple, or magic link). We never see or store passwords.
• Business context: your business name, location, website, and anything else you tell Productiviti during onboarding. We use this to configure your agents.
• Agent artefacts: the drafts, outputs, and intermediate results your agents produce on your behalf. These are your data.
• Public information we discover about your business: Google Business Profile, your website, your public social media. We never log into anything private on your behalf without explicit OAuth consent.
• Technical data: IP, user agent, device, timestamps of your actions. Used for security, fraud prevention, and debugging.

• We never sell your data to anyone.
• We never train our underlying AI models on your content.
• We never read or share data across customer tenants.
• We never use your data for anything except running Productiviti for you.

• Database: Supabase (AWS Seoul region). Every row is scoped to your tenant via row-level security. An outage would be our problem; a cross-tenant leak is architecturally impossible.
• OAuth tokens: encrypted at rest (AES-256-GCM, application layer). Supabase never sees them in plaintext.
• Retention: we keep your data as long as your account is active. Close your account and we delete everything within 30 days, except where we are legally required to keep it.

We rely on third parties to run Productiviti. Each is chosen for security posture and bound by a data-processing agreement.

• Supabase (database, storage) — US / Singapore
• Clerk (authentication) — US
• Vercel (web hosting) — global edge
• Railway (API hosting) — global
• Anthropic (LLM) — US
• OpenAI (LLM fallback, image generation) — US
• Resend (transactional email) — US
• Sentry (error tracking) — US / EU
• Inngest (scheduled execution) — US
• Stripe (payments, once enabled) — US / Ireland

We publish a current list here; changes take effect 30 days after posting. You can object to new sub-processors — if we can't resolve the objection, you can close your account with a pro-rata refund.

Whether you're in the EU, California, Australia, or anywhere else, you always have the right to:

• Access the data we hold about you
• Correct anything that's wrong
• Delete your data (we delete within 30 days)
• Export your data in a portable format
• Object to our processing or withdraw consent
• Lodge a complaint with your local data protection authority

Email privacy@productiviti.net to exercise any of these. We respond within 14 days.

We use session cookies for authentication (Clerk) and a handful of first-party analytics cookies to understand which features are used. We never set third-party advertising cookies. You can clear our cookies at any time; you'll just be signed out.

Privacy policy revisions are versioned. When we make material changes, we email account holders at least 14 days before the changes take effect. Prior versions are kept in our public repo.

Privacy questions: privacy@productiviti.net.
Postal: A2E Group Pty Ltd, Melbourne, Australia.