Privacy Policy

Last Updated: March 2, 2026 • Compliance: GDPR (EU) 2016/679

1. Background and Scope

SilentCritique ("we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data across the public website, account dashboard, session workflows, marketplace participation, integrations, analytics, billing, and platform security operations.

SilentCritique acts as a data controller for the account, session, wallet, analytics, and operational data described in this policy.

2. Data We Collect

Depending on how you use the platform, we may collect and process the following categories of data:

  • Identity Data: Name, display name, account identifiers, and participant tokens.
  • Contact Data: Email address and optional recovery or operational contact details.
  • Wallet and Transaction Data: Wallet balances, credit classifications, ledger entries, Stripe checkout metadata, session fees, and reward or slashing records.
  • Session Data: Critique notes, links, briefs, reports, facilitator settings, participant metadata, marketplace settings, and synthesis outputs.
  • Security and Trust Data: Security audit logs, trust score events, abuse-prevention signals, API key metadata, and access validation results.
  • Analytics Data: Funnel events, CTA interactions, campaign attribution fields, and coarse geolocation derived from trusted request headers.
  • Technical Data: IP address, browser and device metadata, login data, and request metadata required for service reliability and abuse prevention.
  • Integration Data: Connection settings and outbound payload history for integrations you enable, such as Notion, Slack, HubSpot, Salesforce, or similar services.

Direct Governance: We do not sell, rent, or lease personal data. We use it to operate the service, secure the platform, process payments, provide analytics, and deliver the workflows and outputs you choose to run.

3. Legal Basis for Processing

We rely on one or more of the following legal bases for processing personal data:

  • Contractual Necessity: To provide SilentCritique sessions, account functions, wallet-backed features, reports, and integrations.
  • Legal Obligation: To comply with legal, tax, accounting, security, and regulatory obligations.
  • Legitimate Interests: To prevent fraud and abuse, maintain service reliability, protect treasury health, measure funnel performance, and improve the platform.
  • Consent: Where you have given clear permission for a specific purpose, including certain communications or optional integrations.

4. How We Use and Share Data

We use personal data to authenticate users, operate sessions, run AI synthesis, process wallet and Stripe activity, enforce trust and abuse controls, support marketplace participation, measure product performance, and maintain platform health.

We may share data with service providers acting on our behalf, including payment processors, cloud infrastructure providers, authentication providers, AI vendors, email providers, and integration destinations you explicitly enable. Data shared is limited to what is reasonably required to provide the relevant service.

When you connect a third-party integration, data sent to that destination is also governed by that provider's own policies and terms.

5. Your Rights Under GDPR

Subject to applicable law, you may have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate or incomplete personal data.
  • Request erasure of personal data, subject to legal, billing, security, and audit retention requirements.
  • Object to processing based on legitimate interests.
  • Request restriction of certain processing.
  • Request transfer of personal data to another party where applicable.
  • Withdraw consent where consent is the basis for processing.

Execution Tools: We operate internal tooling for access, deletion, and export handling. Some records may be retained where required for billing, anti-abuse investigation, legal compliance, or platform security.

6. Data Security

We implement administrative, technical, and organizational measures designed to reduce the risk of unauthorized access, accidental loss, misuse, or disclosure of personal data. Access is restricted to people and systems with a legitimate operational need.

We also maintain platform controls for trust scoring, abuse detection, rate limiting, wallet and treasury protection, and restricted session or marketplace participation when required.

7. Retention, Deletion, and Exceptions

We retain data only for as long as necessary to provide the service, meet legal obligations, resolve disputes, protect the platform, or maintain required financial and security records.

  • Operational deletion: Session content may be deleted from primary product surfaces when you remove a session or request erasure.
  • Billing and audit exceptions: Transaction ledger entries, security records, and certain operational logs may be retained where required for accounting, fraud prevention, or compliance.
  • Integration copies: Data already sent to third-party tools may remain subject to those providers' own retention policies until you remove it there as well.

8. Contact Us

If you have questions about this Privacy Policy, your rights under GDPR, or our handling of personal data, contact:

hello@proper.am