Privacy Policy
Effective as of September 1, 2025
Quick Summary
What this is: A clear explanation of how we collect, use, and protect your data while you use Purposive during our beta phase.
The essentials:
- We collect only what we need to make Purposive work
- Your data stays in the EU (Germany) and we never sell it
- You control your data and can export or delete it anytime
- We're GDPR compliant and transparent about our practices
- Beta means we're still improving our privacy practices too
1. Welcome to Our Privacy Journey
1.1 Who We Are
We're UrknallAI Services UG (limited liability), the company behind Purposive.app. We're based in Bamberg, Germany, and we take your privacy as seriously as we take building great OKR software.
Our Details:
Company: UrknallAI Services UG (haftungsbeschränkt)
Address: Tocklergasse 23-29, 96052 Bamberg, Germany
Email: [email protected]
1.2 What This Policy Covers
This Privacy Policy explains how we handle your personal data when you:
- Visit our website (purposive.app)
- Use our beta platform
- Contact us for support
- Subscribe to our newsletters
1.3 Our Privacy Promise
We promise to:
- ✅ Keep your data secure in the EU
- ✅ Never sell your personal information
- ✅ Only collect what we need
- ✅ Give you full control over your data
- ✅ Be transparent about our practices
- ✅ Respond quickly to your privacy requests
2. What We Collect and Why
2.1 Account Information
What we collect:
- Email address (required for login and communication)
- Full name (for personalization and support)
- Password (encrypted and never stored in plain text)
- Organization name and your role (optional, helps with features)
Why we need it: We need this basic information to create your account, personalize your experience, and provide support when you need it.
Legal basis: Contract performance (GDPR Article 6(1)(b)) - we need this to provide the service you signed up for.
2.2 Billing Information
What we collect:
- Billing name and address
- Payment details (processed securely by Paddle)
- VAT number (if applicable for EU businesses)
- Invoice history and payment records
Important: Your credit card details go directly to Paddle and never touch our servers. We only store the last 4 digits for account management.
2.3 Your OKR Content
What we collect:
- Objectives and key results you create
- Progress updates and comments
- Team member information you add
- Files and attachments you upload
- AI interaction data (your queries and our responses)
About AI data: Our AI learns from aggregate patterns across all users to improve suggestions, but never uses your specific data to train models visible to other users.
3. How We Use Your Data
3.1 Providing Purposive
We use your data to:
- Create and maintain your account
- Display your OKRs and track progress
- Enable team collaboration
- Process payments and send invoices
- Provide AI-powered suggestions
- Send important service updates
3.2 Improving Our Service
We analyze usage patterns (in aggregate) to:
- Fix bugs and improve performance
- Develop new features based on popular requests
- Optimize the user interface
- Train our AI to provide better suggestions
Privacy protection: We use aggregated, anonymized data for improvements. Your specific OKRs aren't used to train AI models for other users.
4. Who We Share Data With
4.1 Our Service Providers
We work with trusted partners who help us operate Purposive:
Essential Services:
- Heroku (hosting) - keeps Purposive running
- Paddle (payments) - processes your subscriptions securely
- Mailgun (emails) - sends important notifications
- Sentry (monitoring) - tracks errors and performance issues
- AppSignal (monitoring) - monitors application performance
All providers:
- Are bound by strict data processing agreements
- Can only use your data to provide their specific service
- Must meet our security and privacy standards
- Are located in the EU or have EU adequacy decisions
4.2 We Never Share Data For
- ❌ Advertising or marketing by third parties
- ❌ Selling to data brokers
- ❌ Training AI models for other companies
- ❌ Any purpose not directly related to providing Purposive
5. Your Data Rights
5.1 Access and Control
You can always:
- View all your data in your account settings
- Export your OKRs and progress data
- Correct inaccurate information
- Delete specific content
- Close your account entirely
5.2 Your GDPR Rights
Under EU law, you have the right to:
- Access (Article 15): Get a copy of all data we have about you
- Rectification (Article 16): Correct any wrong information
- Erasure (Article 17): Delete your data (with some legal exceptions)
- Restriction (Article 18): Limit how we process your data
- Portability (Article 20): Take your data to another service
- Object (Article 21): Stop processing based on legitimate interests
- Withdraw consent: For any consent-based processing
6. Data Security
6.1 How We Protect Your Data
Technical measures:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Regular security audits and penetration testing
- Multi-factor authentication for our team
- Automated backup systems with encryption
- Network security monitoring
6.2 Data Location
Where your data lives:
- Primary servers: European Union (EU)
- Backups: European Union (EU)
7. Data Retention
7.1 While You're Using Purposive
We keep your data as long as:
- Your account is active
- It's needed to provide the service
- Required by law (like payment records)
7.2 After You Leave
When you cancel:
- Immediate: Account becomes inaccessible
- 30 days: Full data export available on request
- 60 days: All content permanently deleted
- Legal requirements: Financial records kept for 7 years (tax law)
9. Children's Privacy
Purposive is not intended for children:
- Minimum age: 16 years (GDPR requirement)
- Ages 16-17: Need parental consent
- Under 16: Cannot use Purposive
10. International Transfers
Primary principle: Keep data in the EU whenever possible.
When we transfer outside the EU:
- Only to countries with EU adequacy decisions
- Or with Standard Contractual Clauses
- Limited to essential service providers
- With your explicit consent when required
11. AI and Automated Processing
11.1 How Our AI Works
AI suggestions for OKRs:
- Based on aggregate patterns from all users
- Your specific data isn't used to train models for others
- All suggestions are optional - you're always in control
- No automated decisions with legal effects
11.2 Your AI Rights
You have the right to:
- Know when AI affects you
- Understand the logic behind AI suggestions
- Object to automated processing
- Request human review of AI decisions
12. Changes to This Policy
As Purposive evolves, this policy might need updates:
- Minor changes: Updated policy with change log
- Significant changes: 30 days advance notice by email
- Your options: Continue using or export data and leave
How we'll notify you: Email to your account address, notice in the Purposive app, and update announcement on our blog.
13. Contact and Support
For privacy matters:
Email: [email protected]
Response time: Within 5 business days
For other questions:
Support: [email protected]
General: [email protected]
Security issues: [email protected]
Quick Reference Guide
✅ What We Do
- Keep your data secure in Germany
- Give you full control over your information
- Use data only to make Purposive better
- Respond quickly to privacy requests
- Fight unreasonable legal demands
❌ What We Don't Do
- Sell your data to anyone
- Use your OKRs to train AI for others
- Track you across other websites
- Share data for advertising
- Keep data longer than necessary
🔧 What You Can Do
- Export your data anytime
- Delete your account instantly
- Control cookie preferences
- Object to processing
- File complaints with authorities