Effective: March 16, 2026
Prody ("Company", "we", "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our B2B product analytics service ("Service").
When you sign up, we collect your name, email address, company name, and password (stored as a bcrypt hash - we never store plaintext passwords).
When you integrate Prody's SDK into your product, Prody collects event data from your end users on your behalf. This may include:
The SDK may also deliver in-app content to your end users on your behalf, including product guides (tooltips, modals, slideout panels) and nudge messages. This content is authored and controlled by you - Prody renders it in your product using a sandboxed Shadow DOM. Interaction data (views, completions, dismissals) is collected and reported back to your Prody dashboard.
You are the data controller for your end users' data. We are the data processor, acting on your instructions to provide analytics and in-app content delivery.
We collect basic analytics about how you use Prody itself (pages visited, features used) to improve the Service.
We use your information to:
We do not sell your data. We do not use your data for advertising.
Prody uses Anthropic's Claude API to power AI features (Prody Signals explanations, Ask Prody chat, Adaptive Intelligence). When you use these features, relevant data is sent to Anthropic for processing. Anthropic does not use your data to train their models. See Anthropic's privacy policy for details.
Prody uses a single strictly necessary cookie (prody_session) for authentication. This cookie is:
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
The Prody SDK uses browser localStorage on your end users' devices to store functional state: user identity for session continuity, cross-page guide tour progress (expires after 30 minutes of inactivity), and nudge display frequency tracking. No personal data beyond the user identifier you provide via prody.identify() is stored in localStorage.
Your data is stored in PostgreSQL databases hosted by Railway (US data centers). Data is encrypted in transit (TLS 1.2+) and at rest via infrastructure-level encryption. Each tenant's data is isolated - queries are always scoped by tenant ID.
We implement security measures including rate limiting, input validation, XSS protection, CSRF protection (SameSite cookies), and security headers (Helmet.js).
Event data is retained according to your configured retention policy (30-365 days, or unlimited). You can configure this in Admin > Settings. When data exceeds the retention period, it is permanently deleted by a nightly cleanup job.
Account data (your login, settings, tenant configuration) is retained for as long as your account exists.
We use the following third-party services to provide the Service:
When you enable the Slack integration, signal titles, severity levels, and account or user names referenced in signals are transmitted to Slack's API for delivery to your configured channel.
When you configure generic webhooks, Prody transmits signal metadata to HTTPS endpoints of your choosing. You are responsible for data handling at your webhook destinations.
We do not share your data with any third parties beyond those listed above and any integrations you explicitly configure.
You have the right to:
For GDPR data subject requests concerning your end users, use the Privacy Center tools in Admin > Privacy, or contact us at [email protected].
If you are in the European Economic Area, we process your data based on:
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at [email protected].
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 15 days before they take effect.
For privacy-related questions, contact us at [email protected].
For security concerns, contact [email protected].
For general support, contact [email protected].