Privacy Policy

Effective: March 16, 2026

1. Introduction

Prody ("Company", "we", "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our B2B product analytics service ("Service").

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, company name, and password (stored as a bcrypt hash - we never store plaintext passwords).

Product Usage Data (Your Customers' Data)

When you integrate Prody's SDK into your product, Prody collects event data from your end users on your behalf. This may include:

• Page views and feature usage events
• User identifiers (as defined by you)
• Account identifiers and metadata
• Browser and device information
• Timestamps and session data

You are the data controller for your end users' data. We are the data processor, acting on your instructions to provide analytics.

Service Usage

We collect basic analytics about how you use Prody itself (pages visited, features used) to improve the Service.

3. How We Use Information

We use your information to:

• Provide and maintain the Service
• Generate analytics, health scores, signals, and AI-powered insights
• Send transactional emails (verification, welcome, notifications)
• Improve the Service and develop new features
• Respond to support requests

We do not sell your data. We do not use your data for advertising.

4. AI Processing

Prody uses Anthropic's Claude API to power AI features (Prody Signals explanations, Ask Prody chat, Adaptive Intelligence). When you use these features, relevant data is sent to Anthropic for processing. Anthropic does not use your data to train their models. See Anthropic's privacy policy for details.

5. Cookies

Prody uses a single strictly necessary cookie (prody_session) for authentication. This cookie is:

• httpOnly (not accessible via JavaScript)
• Secure (HTTPS only)
• SameSite=Strict (prevents cross-site requests)
• 24-hour expiration

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Storage and Security

Your data is stored in PostgreSQL databases hosted by Railway (US data centers). Data is encrypted in transit (TLS 1.2+) and at rest via infrastructure-level encryption. Each tenant's data is isolated - queries are always scoped by tenant ID.

We implement security measures including rate limiting, input validation, XSS protection, CSRF protection (SameSite cookies), and security headers (Helmet.js).

7. Data Retention

Event data is retained according to your configured retention policy (30-365 days, or unlimited). You can configure this in Admin > Settings. When data exceeds the retention period, it is permanently deleted by a nightly cleanup job.

Account data (your login, settings, tenant configuration) is retained for as long as your account exists.

8. Sub-Processors

We use the following third-party services to provide the Service:

• Anthropic (San Francisco, CA) - AI processing for Prody Signals, Ask Prody, and AI explanations
• Railway (San Francisco, CA) - Application and database hosting
• Resend (San Francisco, CA) - Transactional email delivery
• Cloudflare (San Francisco, CA) - DNS and marketing site hosting

We do not share your data with any other third parties.

9. Your Rights

You have the right to:

• Access your data via the PII Lookup tool in Admin > Privacy
• Export your data via the PII Export tool or CSV/JSON exports
• Delete your data via the PII Anonymization or full deletion tools
• Correct your data via the admin settings and user management tools
• Port your data via bulk export functionality

For GDPR data subject requests concerning your end users, use the Privacy Center tools in Admin > Privacy, or contact us at privacy@prody.com.

10. GDPR

If you are in the European Economic Area, we process your data based on:

• Contract performance - to provide the Service you signed up for
• Legitimate interest - to improve the Service and ensure security
• Consent - for optional communications (you can opt out anytime)

11. CCPA

If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

12. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@prody.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 15 days before they take effect.

14. Contact

For privacy-related questions, contact us at privacy@prody.com.

For security concerns, contact security@prody.com.

For general support, contact support@prody.com.