Privacy Policy

1. Introduction

Headwinds ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our competitive intelligence platform ("Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, password, and company information
• Payment Information: Billing details processed securely through our payment provider (Polar.sh)
• User Content: Competitor names, search queries, report configurations, custom notes, and any data you input into the Service
• Communications: Messages you send to us via email, support tickets, or feedback forms

2.2 Automatically Collected Information

• Usage Data: Pages viewed, features used, time spent, report generation activity, and interaction patterns
• Device Information: Browser type, operating system, device type, IP address, and user agent
• Cookies and Tracking: Session cookies, authentication tokens, and analytics cookies
• Log Data: Server logs including timestamps, API requests, and error reports

2.3 Third-Party Information

We collect publicly available competitive intelligence data from third-party sources including news sites, company websites, press releases, and other public information as part of our Service functionality.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Create and maintain your account
• Process your requests and generate competitive intelligence reports
• Provide customer support and respond to inquiries
• Send service-related notifications and updates

3.2 Billing and Payments

• Process subscription payments and manage billing
• Enforce usage limits based on your plan
• Send billing receipts and payment-related communications

3.3 Improvement and Analytics

• Analyze usage patterns to improve the Service
• Train and improve AI models and algorithms
• Monitor and optimize performance and reliability
• Conduct research and development

3.4 Security and Compliance

• Detect, prevent, and address fraud, abuse, and security issues
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests

3.5 Marketing (with consent)

• Send promotional emails about new features or offers (you can opt out)
• Personalize your experience and show relevant content

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

• Cloud hosting (infrastructure providers)
• Payment processing (Polar.sh)
• Email delivery services
• Analytics providers
• AI and machine learning services (OpenAI)
• Data aggregation and search services

These providers are contractually obligated to protect your information and use it only for providing services to us.

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal processes, including:

• Subpoenas, court orders, or legal processes
• Government or regulatory requests
• To protect our rights, property, or safety
• To prevent fraud, security threats, or illegal activity

4.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. You will be notified of any such change.

4.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
• Usage Data: Typically retained for up to 24 months for analytics and improvement purposes
• Billing Records: Retained for 7 years for tax and accounting purposes
• Generated Reports: Retained while your account is active; you can delete reports at any time

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security audits and monitoring
• Employee training on data protection
• Restricted access to personal data on a need-to-know basis

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request a copy of your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU/EEA Users)

If you are located in the EU/EEA, you have additional rights under GDPR:

• Right to restriction of processing
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with your supervisory authority

7.3 CCPA Rights (California Residents)

California residents have the right to:

• Know what personal information we collect and how it's used
• Request deletion of personal information
• Opt-out of the "sale" of personal information (we do not sell your data)
• Non-discrimination for exercising your rights

7.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@headwinds.io. We will respond within 30 days. You may need to verify your identity before we process your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

Types of Cookies We Use:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Help us understand how users interact with the Service
• Preference Cookies: Remember your settings and preferences (e.g., theme selection)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

9. Third-Party Services and Links

The Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Key Third-Party Services:

• OpenAI: AI-powered content generation (subject to OpenAI's privacy policy)
• Polar.sh: Payment processing (subject to Polar's privacy policy)
• Data Providers: Various public data sources we aggregate for competitive intelligence

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

We take appropriate safeguards to ensure your data receives adequate protection, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers
• Compliance with applicable data transfer frameworks

11. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Because there is no common understanding of how to interpret DNT signals, our Service does not currently respond to DNT browser signals.

13. AI and Automated Decision-Making

Our Service uses AI and machine learning to generate competitive intelligence reports. While AI assists in content generation, we do not use automated decision-making for purposes that significantly affect you (such as account decisions or pricing) without human oversight.

AI-generated content may be inaccurate. You should review and verify any AI-generated information before relying on it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or prominent notice in the Service.

Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact our EU representative at eu-privacy@headwinds.io