Privacy Notice

SBMC.ai — Version 2026-05-23

This notice explains what personal data we collect, why, how it is processed, and the rights you have over it. It applies to anyone who uses SBMC.ai (the "Service") via the web app or the API.

1. Who we are

SBMC.ai is operated by the SBMC project. If you have questions about this notice or your data, contact drjeffcooke@gmail.com.

2. What we collect

Account data: name, email, country/city (if you supply it), authentication codes, login timestamps.
Canvas data: the Social Business Model Canvas projects you create — their structure, content, and any text you type into them.
AI usage records: token counts, cost, status, model name, and request type for every AI call you make.
AI request and response text: the prompt you send and the response we return are stored (each truncated to 2 000 characters) for up to 90 days. We use this for abuse detection (an automated classifier checks whether prompts are related to building a Social Business Model Canvas) and for human review of any flagged requests. Prompts are not used to train AI models. After 90 days the text is automatically removed and only the aggregate counts remain.
Billing data: Stripe customer id, invoice records, billing address, VAT identifiers (where applicable). Card numbers never touch our servers — Stripe holds them.
Operational logs: server logs (IP, user agent, status codes) retained for up to 30 days for debugging and abuse prevention.

3. Why we process it (lawful basis)

Purpose	Lawful basis (UK / EU GDPR Art. 6)
Provide the service to you	Contract
Bill you for paid plans	Contract / legal obligation (VAT records)
Send security and account emails	Legitimate interest
Improve the service in aggregate	Legitimate interest
Detect abuse and protect the service	Legitimate interest

4. Who else sees your data (sub-processors)

We use a small number of trusted sub-processors. The current list lives at docs/SUB_PROCESSORS.md and is summarised here:

Sub-processor	Purpose	Data region
Anthropic	AI model inference (Claude)	US / EU per Anthropic's enterprise terms
Stripe	Payment processing and invoicing	Ireland (EU primary), US replica
Brevo (Sendinblue)	Transactional email delivery	EU
Render	Application hosting and PostgreSQL database	See SUB_PROCESSORS.md for the configured region

5. AI-specific notes

When you use AI features, the canvas text you send is forwarded to Anthropic for inference. Per Anthropic's published policy, your prompts and outputs are not used to train Anthropic's models.

To detect off-topic usage, we keep a copy of the prompt and the response (each truncated to 2 000 characters) for up to 90 days and run a lightweight automated classifier on a sampled fraction of requests. If the classifier flags a request, an administrator may review it. Repeated off-topic flags can result in a warning or suspension, but no action is ever taken automatically — a human reviews every decision.

6. Retention

Account and canvas data are kept while your account is active.
AI usage records (tokens, cost, model) are retained for up to 24 months for billing reconciliation.
AI prompt and response text is retained for up to 90 days, then automatically scrubbed.
Stripe invoice records are retained for 7 years after issuance (UK HMRC requirement) even if you delete your account.
Operational logs are kept up to 30 days.

7. Your rights

Access / portability: click "Download my data" in Settings to receive a JSON export of your account, projects, and AI usage rows.
Erasure: click "Delete my account" in Settings. We hold the request for a 7-day grace window (you can cancel it). After that, your account, canvas data, and AI usage records are hard-deleted. Stripe invoices are preserved as noted above.
Rectification: update your profile fields in Settings, or email us.
Object / restrict: email us; we will pause non-essential processing.
Complain: you may complain to the UK ICO or your local data protection authority.

8. International transfers

Where data leaves the UK / EEA (for example, to Anthropic in the US), it is covered by Standard Contractual Clauses or equivalent transfer mechanisms agreed with each sub-processor.

9. Security

We use TLS in transit, encrypted Postgres at rest, server-managed API keys (your AI API key is never stored in your browser or sent to a third party other than Anthropic), and role-based admin access. Detailed practices are in our internal security documentation.

10. Changes

If we materially change this notice, the version string at the top will change and we will ask you to re-accept the next time you log in.