Privacy Policy

Last Updated: November 2, 2025

1. Who we are

This Privacy Policy explains how unquestion (www.unquestion.ai) collects, uses, and protects your information when you use our AI-powered conversations service.

Contact: support@unquestion.ai

2. Roles (Controller vs. Processor)

  • For your account/ops data (e.g., email, authentication, usage necessary to operate your account): we are the controller.
  • For end‑user responses you collect through published conversations: you are the controller and we act as your processor, processing that data only to provide the Service and per your documented instructions.

Responsibilities for published conversations include informing respondents, obtaining required consents, and complying with applicable privacy laws.

3. What we collect

Account Information

Required:

  • Email address

Optional:

  • First name and last name

Content You Create

  • Conversation Dialogues
  • System prompts and AI instructions
  • Any text or content you input

Conversation Data

When someone fills out a conversational form:

  • All text responses and inputs
  • Interaction choices and conversation flow
  • Conversation metadata (timestamps, completion status)

Technical Information

We automatically collect:

  • IP addresses (for security and rate limiting)
  • Browser and device information
  • Usage analytics
  • Error logs and diagnostic data

Prohibited Data Collection (for published conversations)

Do not use our service to collect:

  • Protected health information (HIPAA)
  • Payment card information (PCI-DSS)
  • Social Security numbers or government IDs
  • Information from children under 13 without parental consent
  • Any data you are not legally authorized to collect

4. How we use data

We use your information to:

Provide the Service:

  • Process conversations through AI
  • Generate AI-powered responses
  • Store and display your conversations
  • Manage your account

Improve the Service:

  • Analyze usage patterns
  • Monitor and improve performance
  • Fix bugs and technical issues
  • Develop new features

Security and Compliance:

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Rate limiting to prevent service abuse
  • Comply with legal obligations

Communication:

  • Send service-related notifications
  • Respond to support requests
  • Provide customer service

5. Legal bases (EEA/UK)

Where applicable, we rely on: (i) Contract, (ii) Legitimate Interests (e.g., improving and securing the Service), (iii) Consent where required (e.g., certain analytics), and (iv) Legal Obligation.

Consent statement (informational): By using unquestion, you consent to the collection and use of information as described in this Privacy Policy, processing of data through AI services, international data transfers to the United States, and our data retention practices.

6. Subprocessors

We use the following services to operate our platform:

Clerk (Authentication and Account Management):

  • Email address and name
  • Account security and login management

PostHog (Analytics):

  • Product analytics in cookieless mode
  • Email address
  • Usage tracking and error monitoring

Langfuse (AI Performance Monitoring):

  • AI model performance tracking
  • Conversation metadata and usage metrics

Upstash (Rate Limiting):

  • IP addresses for rate limiting
  • Request timing and frequency

We maintain our current subprocessors list within this Privacy Policy (see providers listed above). We will provide at least 15 days' notice of material additions (for example, via updates to this Policy or in‑app notice) before they take effect so customers may object where applicable. Our service and third-party providers process data in the United States and, where providers operate globally, in other countries.

7. International transfers

Our service and third-party providers process data in the United States and, where providers operate globally, in other countries. If you access our service from outside the US, your information will be transferred to and processed in the United States.

8. AI model providers

All conversation responses are processed through AI model providers such as OpenAI, Anthropic, and Google. This means:

  • All user inputs to conversational forms are sent to these providers for inference
  • These providers process the data to generate AI responses
  • Data may be transferred internationally for AI processing

AI providers publish their own policies about API data use and retention. Review provider policies directly. We may add or change AI service providers in the future and will reflect material changes in this Privacy Policy.

As of November 2, 2025, OpenAI's official policy states that inputs/outputs sent via the API are not used to train OpenAI models by default; organizations are opted out unless they explicitly opt in. Provider policies may change, and we will update this Policy accordingly. (See: OpenAI Data Usage Policy)

As of November 2, 2025, Anthropic gives consumer users (Free/Pro/Max) a choice to allow chat/code data for training; API/commercial use is not included in consumer training and is handled under separate enterprise terms. (See: Claude Code Data Usage)

As of November 2, 2025, Google Cloud states customer data in Vertex AI is not used to train foundation models without the customer's prior permission or instruction. (See: Google Cloud Trusted AI)

9. Cookies & local storage

What We Use

  • Session storage: Essential for authentication (required for service functionality)
  • Cookieless analytics: PostHog operates in cookieless mode

What We Don't Use

We do not use:

  • Advertising cookies
  • Third-party tracking pixels
  • Cross-site behavioral tracking

10. Retention

Active Accounts

We retain all account information, forms, and conversations while your account is active.

After Account Deletion

  • Account information (email, name, preferences): Deleted immediately
  • Conversation data and responses: Deleted within 90 days
  • Aggregated analytics: May be retained indefinitely in anonymized form

Additional retention:

  • Backups and logs may persist up to 180 days.
  • Billing/transaction records are retained as required by law (often 7 years).
  • We also retain data as needed to resolve disputes, enforce agreements, comply with legal obligations, and protect our service.

We aim to delete data as quickly as technically feasible, within the stated timeframes.

11. Security & incidents

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for data in transit
  • Secure authentication services
  • Access controls
  • Regular security monitoring
  • Webhook signature verification

No security system is completely secure. While we implement reasonable measures to protect your data, we cannot guarantee absolute security.

Security incidents: In the event of a data breach affecting your information, we will notify you and relevant authorities without undue delay and as required by law.

12. Your rights

You can:

  • Access your data: Request a copy of your personal information
  • Correct your data: Update or correct inaccurate information
  • Delete your account: Delete your account and data at any time
  • Export your data: Export your conversations data
  • Object to processing: Contact us with concerns about how we process your data

To exercise any of these rights, email support@unquestion.ai. We will respond within 30 days. For verification purposes, we may request additional information to confirm your identity.

California (CCPA/CPRA) notice: We do not sell or share personal information as defined by CPRA and do not use/disclose Sensitive Personal Information to infer characteristics. California residents may request to know, delete, or correct personal information and may not be discriminated against for exercising these rights. Submit requests at support@unquestion.ai.

13. Children

Our service is not intended for children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, contact us immediately at support@unquestion.ai and we will delete the information.

14. Changes

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date
  • Continued use of the service after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically.

Service Discontinuation: We reserve the right to discontinue the service at any time. If we permanently discontinue the service, we will provide reasonable notice (at least 30 days when possible), allow you to export your data, and delete all personal information in accordance with this Privacy Policy.

Privacy - unquestion