prezos.ai

Privacy Policy

Effective date: May 3, 2026

1. Introduction

This Privacy Policy describes how LaunchPad Lab ("we", "us", "our") collects, uses, and protects information when you use Prezos ("the Service"). We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and profile picture through our authentication provider (Auth0).

Website and Brand Data

When you provide a website URL, we access publicly available pages to extract design elements including colors, typography, logos, and layout patterns. We may also retrieve brand information from third-party services such as Brandfetch. This analysis is limited to publicly accessible content and design-related signals.

Content You Create

We store the presentations you create, including text content, design configurations, and uploaded assets such as images.

Usage Data

We collect standard usage data including pages visited, features used, browser type, and device information to improve the Service.

Cookies

We use cookies for authentication session management and to maintain onboarding state. These are essential cookies required for the Service to function.

3. How We Use Your Information

We use collected information to:

  • Provide and operate the Service.
  • Generate design systems and presentations based on your brand.
  • Process brand data through AI services to create presentation content and layouts.
  • Manage your account and organization membership.
  • Improve the Service and develop new features.
  • Communicate with you about your account or changes to the Service.

4. AI Processing

The Service uses third-party AI providers — currently OpenAI, L.L.C. (the GPT family of models) and Anthropic, PBC (the Claude family of models) — to analyze website content and generate presentations. When you use the Service, website screenshots, brand data, presentation content, and your prompt inputs may be sent to these providers for processing.

We use these providers via their commercial APIs, which by default do not use customer inputs or outputs to train their foundation models. Where additional training opt-out controls are offered, we have enabled them. We do not transfer identifiable user account information (such as email) to AI providers as part of normal generation requests.

5. Sub-processors and Third-Party Services

We use the following sub-processors and third-party services to operate the Service. Each processes data in accordance with its own privacy practices and our agreements with it:

  • Authentication: Auth0 (Okta, Inc.) — user account management, login, and session handling.
  • AI providers: OpenAI and Anthropic — content generation, analysis, and copilot interactions.
  • Brand data: Brandfetch — brand asset retrieval (logos, colors, typography).
  • Infrastructure: Heroku (Salesforce, Inc.) for application hosting; Amazon Web Services (AWS S3, US region) for asset and file storage.
  • Analytics & monitoring: PostHog (product analytics), Sentry (error tracking), and LangSmith by LangChain (LLM call observability).
  • Email: Resend — transactional email delivery (account, billing, and invitation messages).
  • Bot protection: Cloudflare Turnstile — challenge-response on the public onboarding form to prevent automated abuse.
  • Payment processing: Stripe, Inc. processes all subscription payments. When you subscribe to a paid plan, your name, email, billing address, and payment method details are collected and stored by Stripe under their privacy practices. We do not store full payment card numbers on our servers — we only receive a reference token from Stripe, your subscription status, and invoice history. See Stripe's privacy notice at stripe.com/privacy.

We will update this list when we materially change our sub-processors. Continued use of the Service after such changes constitutes acceptance.

6. Data Sharing

We do not sell your personal information. We share data only as described in this policy: with the sub-processors listed in Section 5, when required by law or valid legal process, or with your explicit consent.

Organization access. If you join or are invited to an organization on the Service, presentations, design systems, and shared assets created within that organization may be visible to other members of that organization. Organization administrators may additionally view, edit, manage, and remove content created by any member of the organization, manage member access, and view organization-wide usage. If you create content using a work-affiliated account, your employer (acting as the organization administrator) may have access to that content.

7. Data Retention

We retain your account data and created content for as long as your account is active. Onboarding session data for unauthenticated users is automatically deleted after 7 days. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

8. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, secure authentication, and access controls. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on where you live — including the European Economic Area and United Kingdom (under the GDPR and UK GDPR), California (under the CCPA/CPRA), and certain other U.S. states — you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent for any processing based on consent (without affecting the lawfulness of prior processing).
  • Lodge a complaint with your local data protection authority (for EEA/UK residents).

California residents (CCPA/CPRA). We do not sell or share personal information for cross-context behavioral advertising. You have the right to know what personal information we collect, request deletion, request correction, and not be discriminated against for exercising your rights.

To exercise any of these rights, contact us at support@prezos.ai. We will respond within the timeframe required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests, with one extension where permitted). We may need to verify your identity before fulfilling certain requests.

10. International Data Transfers

We are based in the United States, and our sub-processors (including OpenAI, Anthropic, Auth0, Stripe, and AWS) primarily operate in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States. Where required by applicable law (including GDPR Article 46), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses to legitimize cross-border transfers.

11. Marketing Communications

We send you transactional emails relating to your account, subscription, billing, and security or service-critical updates. You cannot opt out of these messages while you have an active account, since they are necessary to operate the Service.

We do not currently send promotional or marketing emails. If we begin sending product update or marketing emails in the future, we will only do so with your explicit opt-in (or, where permitted, on an opt-out basis), and every such message will include an unsubscribe link.

12. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a revised effective date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

For questions about this Privacy Policy, contact us at support@prezos.ai.