Back to home

Privacy Policy

Last updated: February 9, 2026

1. Introduction

Preloom (“we”, “our”, or “us”) operates the preloom.ai website and platform. Preloom is a product discovery platform that ingests customer feedback data, analyzes it using artificial intelligence, and generates implementation-ready specifications.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our service. Because Preloom processes potentially sensitive customer feedback data — including support tickets, interview transcripts, survey responses, and sales call notes — we take data privacy and security extremely seriously.

By using Preloom, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address (via your authentication provider, e.g. Google)
  • Profile picture (if provided by your authentication provider)
  • Organization name and details you provide during onboarding
  • Role and team membership within your organization

2.2 Customer Feedback Data

The core of Preloom’s functionality involves processing customer feedback data that you upload or connect. This may include:

  • Customer support tickets and conversations
  • Customer interview transcripts (text, audio, or video)
  • NPS, CSAT, and other survey responses
  • Feature requests and product feedback
  • Sales call notes and recordings
  • Community feedback from forums, Slack, or Discord
  • CSV, JSON, PDF, Word, and plain text file uploads

Important: This data may contain personally identifiable information (PII) about your customers, including names, email addresses, company names, and other details present in the original feedback. You are responsible for ensuring you have the right to share this data with Preloom and that doing so complies with your own privacy obligations to your customers.

2.3 AI-Generated Data

Preloom generates derived data from your uploads, including theme clusters, opportunity scores, evidence chains, and implementation specifications. This derived data is associated with your organization and treated with the same security as your uploaded data.

2.4 Usage Data

We automatically collect information about how you interact with our platform:

  • Pages visited, features used, and actions taken
  • Browser type, operating system, and device information
  • IP address and approximate geographic location
  • Referring URLs and search terms
  • Session duration and interaction patterns

2.5 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We receive your subscription status, plan details, and billing period from Stripe but never store your full credit card number, CVC, or bank account details on our servers.

3. How We Use Your Information

  • Core service delivery: Analyzing your uploaded feedback data to generate themes, opportunity scores, and implementation specs
  • Natural language queries: Processing your questions about your feedback data and returning cited answers
  • Export and integration: Formatting and delivering specs to your coding agents and project management tools
  • Account management: Authentication, authorization, team management, and billing
  • Product improvement: Understanding usage patterns to improve features and fix bugs (using aggregated, anonymized data only)
  • Security: Detecting and preventing fraud, abuse, and unauthorized access
  • Communications: Sending transactional emails about your account (e.g. billing receipts, security alerts)

We do not use your customer feedback data for advertising, sell it to third parties, or use it to train general-purpose AI models.

4. AI Processing and Third-Party Providers

Preloom uses third-party AI providers to analyze your feedback data and generate insights. This is a core part of how our product works, and we want to be transparent about it.

4.1 AI Providers

We currently use the following AI providers:

  • Anthropic (Claude): Primary language model for feedback analysis, theme clustering, and spec generation
  • OpenAI: Fallback language model and embedding generation for semantic search
  • Deepgram: Audio and video transcription for uploaded recordings

4.2 Data Sent to AI Providers

When processing your data, we send the following to AI providers:

  • Feedback item content (the text of support tickets, interview quotes, etc.)
  • Metadata such as source type, user segment, and date ranges
  • Contextual prompts necessary for analysis

4.3 AI Provider Data Commitments

We use API agreements with all AI providers that include the following commitments:

  • No training on your data: Your feedback data is not used to train, fine-tune, or improve the provider’s general models
  • No data retention beyond processing: Providers do not retain your data after completing the API request (subject to provider-specific short-term logging policies, typically 30 days or less)
  • No human review: Your data is not reviewed by provider employees except in cases of abuse detection or legal obligation

5. Data Sharing

We do not sell, rent, or trade your personal information or customer feedback data. We share data only in the following circumstances:

  • AI service providers: As described in Section 4, to provide core analysis functionality
  • Infrastructure providers: Cloud hosting (Vercel), database (Supabase), file storage, and authentication (Clerk) providers that process data on our behalf under data processing agreements
  • Payment processing: Stripe, for subscription billing
  • Your configured integrations: When you explicitly export specs or push tasks to third-party tools (e.g. Linear, Jira), data is shared with those services at your direction
  • Shared links: When you create a share link for a report or evidence board, that content becomes accessible to anyone with the link
  • Legal requirements: When required by law, subpoena, court order, or to protect our rights, property, or safety
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before this occurs

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Encryption at rest: All stored data, including your uploaded feedback, is encrypted at rest using AES-256
  • Authentication: We use Clerk for secure authentication with support for OAuth providers (Google) and session management
  • Access controls: Role-based access control (RBAC) ensures team members only see data they are authorized to access
  • Infrastructure security: Our application runs on Vercel’s secured infrastructure with automatic security patching
  • Database security: PostgreSQL database hosted on Supabase with network isolation, connection pooling, and encrypted connections

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any breach that may affect your data.

7. Data Retention and Deletion

  • Account data: Retained for as long as your account is active. Deleted within 30 days of account closure
  • Customer feedback data: Retained until you delete it or close your account. You can delete individual items, themes, or opportunities at any time
  • AI-generated data: Specs, themes, and opportunity scores are deleted when you delete the underlying data or close your account
  • Usage logs: Retained for up to 90 days for debugging and security purposes, then automatically purged
  • Backups: Database backups are retained for up to 30 days and are automatically deleted thereafter

You can request complete deletion of all your data at any time by contacting us at privacy@preloom.ai. We will process deletion requests within 30 days.

8. Organization Data and Multi-Tenancy

Preloom is a multi-tenant platform where each organization’s data is logically isolated:

  • All data is scoped to your organization. Members of other organizations cannot access your feedback data, themes, opportunities, or specs
  • Organization administrators can invite and remove team members, and control access via roles (Admin, Editor, Viewer)
  • When a team member is removed from your organization, they immediately lose access to all organization data
  • Shared links you create are the only way data can be accessed outside your organization, and these can be revoked at any time

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 For All Users

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and all associated organization data
  • Data portability: Receive your data in a structured, machine-readable format (JSON export)
  • Withdraw consent: Withdraw consent for data processing at any time by closing your account

9.2 Additional Rights Under GDPR (EEA/UK Users)

  • Right to restrict processing of your personal data
  • Right to object to processing based on legitimate interests
  • Right not to be subject to automated decision-making
  • Right to lodge a complaint with your local data protection authority

9.3 Additional Rights Under CCPA (California Residents)

  • Right to know what personal information is collected, used, and shared
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@preloom.ai. We will respond within 30 days (or sooner if required by applicable law).

10. International Data Transfers

Preloom’s infrastructure is hosted in the United States and European Union. Your data may be processed in either region depending on the service:

  • Application hosting: United States (Vercel)
  • Database: European Union — Ireland (Supabase/AWS eu-west-1)
  • AI processing: United States (Anthropic, OpenAI)
  • Authentication: United States (Clerk)

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by applicable data protection laws.

11. Cookies and Tracking

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled
  • Preference cookies: Store your settings such as theme preference (light/dark mode)
  • Analytics: We may use privacy-focused analytics to understand aggregate usage patterns. We do not use invasive tracking pixels or share analytics data with advertisers

We do not use third-party advertising cookies or participate in ad networks. You can control cookies through your browser settings.

12. Your Responsibilities

When you upload customer feedback data to Preloom, you represent and warrant that:

  • You have the legal right to share the data with us, and doing so does not violate any agreements with your customers or applicable laws
  • You have appropriate privacy policies and notices in place with your own customers regarding how their feedback may be processed
  • You will not upload data that you know to contain sensitive personal information (e.g. health records, financial account numbers, government ID numbers) unless you have explicit consent and a lawful basis to do so
  • You are responsible for managing access to your Preloom organization and ensuring team members have appropriate permissions

13. Children’s Privacy

Preloom is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@preloom.ai.

14. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

  • We will update the “Last updated” date at the top of this page
  • For significant changes, we will notify you via email or an in-app notification
  • Your continued use of Preloom after changes take effect constitutes acceptance of the updated policy

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Preloom

Email: privacy@preloom.ai

General inquiries: contact@preloom.ai

We aim to respond to all privacy-related inquiries within 5 business days.