Delfy | Narrative Simulations for Founders

## Privacy Policy **Effective Date:** March 23, 2026 **Last Updated:** March 23, 2026 This Privacy Policy explains how **Diogo Soyer, the operator of Delfy App** (“**Delfy App**,” “**we**,” “**us**,” or “**our**”) collects, uses, discloses, and otherwise processes personal information when you visit, access, or use our websites, applications, and related services (collectively, the “**Services**”). By using the Services, you acknowledge that your personal information will be processed as described in this Privacy Policy. ## 1. Scope This Privacy Policy applies to personal information we collect through the Services, including when you create an account, use Delfy App features, communicate with us, subscribe to a paid plan, or otherwise interact with us online. This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from or integrated with the Services but are not operated by us. ## 2. Personal Information We Collect We may collect the following categories of personal information. ### A. Information You Provide Directly **Account and profile information**, such as: * your name; * email address; * login credentials or authentication-related information; * profile or display name; and * other information you choose to add to your account. **Subscription and billing information**, such as: * subscription plan; * billing status; * transaction metadata; * billing contact details; and * payment-related information provided to our payment processor. We do **not** store full payment card numbers on our own systems. Payment card processing is handled by our payment processor. **User content and project information**, such as: * prompts, instructions, and inputs you submit; * project names and descriptions; * business ideas, problem statements, customer segments, value propositions, hypotheses, notes, and related content; * outputs generated through the Services; and * any files, text, or materials you upload or submit. **Communications**, such as: * messages you send to us for support or inquiries; and * information you provide when responding to surveys, beta programs, or feedback requests. ### B. Information We Collect Automatically When you use the Services, we may automatically collect certain information, including: * IP address; * device identifiers; * browser type and version; * operating system; * pages viewed and features used; * date/time stamps; * referring URLs; * session activity; * crash data, error logs, and diagnostics; and * approximate location derived from IP address. ### C. Cookies and Similar Technologies We use cookies and similar technologies to operate and improve the Services. These may include: * **strictly necessary/authentication cookies** used to keep you signed in and maintain session security; * **preference cookies** used to remember settings such as your display name or other interface preferences; and * **security, performance, and diagnostic technologies** used to help us detect errors, prevent abuse, and improve reliability. For example, we may use session cookies and a profile/display-name preference cookie that can persist for up to approximately **180 days**, unless cleared earlier by you or your browser settings. ### D. Information From Third Parties We may receive information from third parties, such as: * payment processors, including Stripe; * infrastructure, database, and authentication providers, including Supabase; * AI model and API providers, including OpenAI; * error monitoring and diagnostics providers, including Sentry; and * other vendors or service providers acting on our behalf. ## 3. How We Use Personal Information We may use personal information for the following business and commercial purposes: * to provide, operate, maintain, and improve the Services; * to create and manage user accounts; * to authenticate users and maintain account security; * to process subscriptions, billing, payments, and related records; * to provide AI-powered features, generate outputs, and respond to your prompts and project inputs; * to communicate with you about the Services, including transactional, technical, support, and administrative messages; * to respond to support requests, feedback, and inquiries; * to monitor usage, debug errors, perform analytics, and improve performance; * to detect, investigate, and prevent fraud, abuse, security incidents, and other harmful or illegal activity; * to enforce our Terms and other policies; * to comply with legal obligations; and * to establish, exercise, or defend legal claims. We may also use information in de-identified or aggregated form where permitted by law. ## 4. How We Use AI-Related Data Certain features of Delfy App use AI or machine learning technologies provided by third-party vendors, including OpenAI, to process prompts, project content, and related inputs in order to generate responses, suggestions, summaries, analyses, or other outputs. When you use these features, we may send relevant portions of your submitted content and related context to those providers as necessary to deliver the requested functionality. You should not submit highly sensitive personal information, confidential third-party data, or regulated data through AI features unless doing so is necessary and you have the legal right to do so. AI-generated outputs may be inaccurate, incomplete, or inappropriate for your intended use, and you are responsible for reviewing and validating them before relying on them. ## 5. How We Disclose Personal Information We may disclose personal information in the following circumstances: ### A. Service Providers and Contractors We disclose personal information to vendors and service providers that perform services on our behalf, such as: * hosting, infrastructure, database, and authentication providers; * billing and payment processors; * AI model and API providers; * customer support tools; * security, fraud prevention, and monitoring providers; and * analytics, logging, and diagnostics providers. ### B. Legal Compliance and Protection We may disclose personal information if we believe in good faith that disclosure is necessary to: * comply with applicable law, regulation, legal process, or government request; * enforce our agreements, policies, or Terms; * protect the rights, property, or safety of Delfy App, our users, or others; or * detect, investigate, or prevent fraud, security incidents, or illegal activity. ### C. Business Transfers We may disclose personal information in connection with an actual or proposed merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar corporate transaction. ### D. At Your Direction or With Your Consent We may disclose personal information to third parties when you direct us to do so or otherwise consent. ### E. No Sale / No Sharing for Cross-Context Behavioral Advertising **We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.** If you later add ad-tech, retargeting pixels, behavioral advertising, data enrichment, or similar third-party advertising disclosures, this statement may need to change. ## 6. Data Retention We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to: * provide and maintain the Services; * keep your account active; * process subscriptions and maintain billing and tax records; * resolve disputes; * enforce agreements; and * comply with legal obligations. Retention periods vary depending on the type of information and the reason we hold it. For example: * **account information** is generally retained while your account is active and for a reasonable period thereafter; * **project content and user submissions** are generally retained until you delete them, close your account, or ask us to delete them, subject to backup retention, legal requirements, and legitimate business needs; * **billing and transaction records** may be retained for longer as required for tax, accounting, audit, and compliance purposes; and * **logs, security records, and diagnostic data** may be retained for shorter periods, except where needed for investigations, abuse prevention, or legal compliance. Backup or archived copies may persist for a limited additional period before deletion. ## 7. Security We use reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you believe your account has been compromised. ## 8. Your Privacy Rights and Choices Depending on your location and subject to applicable law, you may have certain rights regarding your personal information. These may include the right to: * access or know the personal information we hold about you; * correct inaccurate personal information; * delete personal information; * obtain a copy of certain personal information in a portable format; * opt out of certain disclosures or processing activities where applicable; * limit certain uses of sensitive personal information where applicable; and * appeal a denial of a privacy request where applicable law provides that right. You may also have the following choices: ### A. Account Information You may access, update, or delete certain account information through your account settings, where available. ### B. Marketing and Service Communications You may opt out of non-essential marketing emails by using the unsubscribe link in those emails. You will still receive transactional or service-related communications where necessary. ### C. Cookies Most browsers allow you to manage cookies through their settings. Blocking some cookies may affect the functionality of the Services. ## 9. How to Exercise Privacy Rights To submit a privacy rights request, contact us at: **Email:** contact@delfy.app Please describe your request with enough detail for us to understand, evaluate, and respond to it. We may need to verify your identity before processing certain requests. We will only use verification information for that purpose. If applicable law grants you a right to appeal a denial of your request, you may submit an appeal by replying to our response or contacting us again at the same privacy contact. ## 10. California Privacy Disclosures This section supplements the rest of this Privacy Policy and applies to California residents to the extent required by applicable law. In the preceding 12 months, we may have collected the following categories of personal information: * **Identifiers**, such as name, email address, account identifiers, IP address, and similar identifiers. * **Customer records information**, such as billing-related details you provide to subscribe to the Services. * **Commercial information**, such as subscription plan, purchase history, and transaction information. * **Internet or other electronic network activity information**, such as usage logs, device/browser information, pages viewed, and interaction data. * **Approximate geolocation information**, such as location inferred from IP address. * **User-generated content**, such as prompts, project content, notes, uploaded materials, and communications. * **Inferences**, such as insights, summaries, suggestions, or derived information generated in connection with your use of the Services. * **Sensitive personal information**, if applicable, such as account access credentials or other information that qualifies as sensitive personal information under California law. We collect personal information from the following sources: * directly from you; * automatically from your device and your use of the Services; and * from vendors and service providers acting on our behalf. We collect and process personal information for the purposes described in the “How We Use Personal Information” section above. We disclose personal information to the categories of recipients described in the “How We Disclose Personal Information” section above, including service providers and contractors for hosting, authentication, payments, AI processing, diagnostics, and support. **Sale / Sharing:** We have not sold or shared personal information in the preceding 12 months. **Sensitive Personal Information:** We do not use or disclose sensitive personal information for purposes other than those permitted by California law and reasonably necessary to provide the Services. **Minors Under 16:** We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. California residents may have the right to request that we: * disclose the categories and specific pieces of personal information we have collected; * disclose the categories of sources of personal information; * disclose the business or commercial purposes for collection, use, disclosure, sale, or sharing; * disclose the categories of third parties to whom personal information is disclosed; * delete personal information, subject to exceptions; * correct inaccurate personal information; and * exercise applicable opt-out or limitation rights where required by law. California residents also have the right not to receive discriminatory treatment for exercising applicable privacy rights. ## 11. Other U.S. State Privacy Rights Residents of certain U.S. states may have similar rights under applicable privacy laws, such as rights to access, delete, correct, obtain a portable copy of personal information, opt out of certain processing, or appeal a decision regarding a privacy request. We will honor such rights to the extent required by applicable law. ## 12. International Data Transfers We are based in the United States and may process and store personal information in the United States and other countries where our service providers operate. If you access the Services from outside the United States, you understand that your information may be transferred to, processed in, and stored in jurisdictions that may not provide the same level of data protection as your home jurisdiction. ## 13. Children’s Privacy The Services are not directed to children under 13, and we do not knowingly collect personal information online from children under 13. If you believe a child under 13 has provided personal information to us, contact us at **contact@delfy.app**, and we will take appropriate steps to investigate and, where appropriate, delete the information. If you are between 13 and the age of majority in your jurisdiction, you may use the Services only with any consent or supervision required by applicable law. ## 14. Changes to This Privacy Policy We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date above and, where required by law, provide additional notice. Your continued use of the Services after an updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy, to the extent permitted by law. ## 15. Contact Us **Diogo Barbosa Soyer** Operator of Delfy App **Email:** contact@delfy.app