Privacy Policy

1. Who We Are

Priowise is an AI-powered strategy execution and prioritization platform that helps businesses define objectives, align strategic decisions, and build impactful roadmaps.

Priowise is operated by Priowise Limited ("Priowise", "we", "us", or "our"), a company registered in England and Wales under company number 17056240, with its registered office at:

We are committed to protecting your privacy and this policy explains how we collect, use, store, and protect data you provide to us, and outlines your rights and choices under the UK GDPR, EU GDPR, and CCPA.

1.1 Roles: Data Controller and Data Processor

Priowise Limited operates in two capacities depending on information type:

Data Controller — For information collected directly in connection with operating the platform: account details, contact information, usage data, and billing-related information.

Data Processor — For business content uploaded into the platform where the customer acts as Data Controller: strategic plans, OKRs, features, and roadmap data. We process such data solely per your documented instructions. Our Data Processing Addendum provides additional detail on processor obligations.

2. What Information We Collect

Account Information

When registering, we collect your full name, email address, and password (stored securely using hashing). Third-party authentication (e.g., Google) provides only identity verification information.

Business Content

You may voluntarily submit business-related data including company name, strategic statements, goals, objectives, key results (OKRs), product or feature descriptions, roadmap items, and related notes. This information is central to service delivery and treated with confidentiality.

Usage Data

We automatically collect technical data including device type, browser, operating system, IP address, pages viewed, and features used. This supports platform performance, reliability, and user experience improvements.

Payment Data

Payments are securely processed by third-party providers (Stripe). We do not store full payment information, such as complete credit card numbers, on our servers.

Profile Photos

If you sign in with Google or Microsoft, your profile photo may be retrieved from your OAuth provider and displayed within the application. Profile photos are hosted by Clerk and are not stored on Priowise servers.

Referral Programme Data

When you participate in our referral programme, we store the email addresses of people you invite in order to track referral status and award credits. Invitation data is deleted if the invitation expires without acceptance.

3. How We Use Your Information

Service Delivery

We use collected information to operate the Priowise platform, generate AI-powered strategy assessments, and maintain your account.

Personalization and Support

We tailor your experience to your business context and respond to support requests.

Improvements and Development

We analyze usage patterns to improve platform performance, reliability, and relevance.

Account and Subscription Management

We manage subscriptions, billing, invoicing, and administrative communications.

Newsletter Communications

If you sign up for our newsletter via the website, your email address is added to our newsletter contact list managed by Brevo. This is separate from transactional emails related to your account. You may unsubscribe at any time via the link in any newsletter.

Legal and Security Obligations

We use information to comply with legal requirements, enforce our Terms of Service, and maintain system security and integrity.

We do not use business content for advertising and do not sell data to third parties.

AI Processing

Some outputs are generated through an agentic AI system powered by Claude (Anthropic) as the primary AI model provider. Agents analyse different data components — objective validation, feature scoring, competitor insights, and research enrichment — to deliver precise, context-aware outputs.

Anthropic processes data under a Data Processing Agreement with Priowise. Data submitted to AI models is used solely to generate your requested outputs and is not used to train Anthropic's models under our enterprise agreement.

Where applicable, web search and market intelligence via Tavily and OpenAI may be used for enrichment tasks, each operating under equivalent data protection agreements.

4. Cookies and Tracking Technologies

We take a minimal and privacy-conscious approach to cookies, using essential cookies and local storage only, strictly required for platform operation.

These technologies support authenticated sessions, secure login, account access, and platform stability and performance.

Infrastructure and analytics providers may set the following categories of cookies:

• Vercel — hosting and content delivery
• Clerk — user authentication and subscription management
• Supabase — database and backend services
• PostHog — product analytics and usage tracking (EU servers)

These cookies are strictly functional. They do not involve advertising, behavioural profiling, or cross-site tracking. Disabling cookies may prevent login or core platform functionality.

Browser Local Storage

We use browser localStorage to store your active product workspace preference and UI preferences such as dismissed banners. This data remains on your device and is not transmitted to our servers.

5. Data Ownership and Use of Subprocessors

You retain full ownership of all business data submitted to Priowise, including strategic plans, objectives, key results, and roadmap details. Priowise will never sell or disclose business data for advertising, profiling, or competitive analysis.

Trusted subprocessors operate under strict data processing agreements:

• Anthropic — AI model execution (Claude)
• OpenAI — AI model execution (supplementary)
• Tavily — web search and market intelligence retrieval
• Vercel — hosting and content delivery
• Clerk — authentication and subscription management
• Supabase — application database
• Inngest — background job processing
• PostHog — product analytics
• Brevo — transactional email
• Stripe — payment processing

All providers maintain GDPR-compliant data protection standards.

6. Data Retention

We retain data for as long as your account remains active.

Upon account cancellation, production data is removed within 30 days and backup copies are purged within 90 days. You may request deletion at any time. Once deleted, data cannot be recovered.

7. Data Transfers and Storage Locations

Priowise stores data on secure servers located within the European Economic Area (EEA) and United Kingdom.

Where transfers occur outside these regions (e.g., to AI providers), safeguards include EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum.

8. Your Rights (UK GDPR, EU GDPR, CCPA)

You may exercise the following rights:

• Access — Request a copy of your data
• Correction — Correct inaccurate data
• Deletion — Request removal of your data
• Objection — Object to certain processing
• Restriction — Restrict data processing
• Data Portability — Export your data

Send requests to privacy@priowise.com. We respond within 30 days where legally required.

9. Data Processing Addendum (DPA)

Priowise includes a Data Processing Addendum as part of the Terms of Service, defining rights and obligations between the Customer (Data Controller) and Priowise (Data Processor). Enterprise customers can request a signed DPA.

10. Contact Information

For privacy or data protection questions:

Email: privacy@priowise.com