<- Back to home

Privacy Policy

Last updated: January 2025

1. Who We Are

CouncilIA is operated by CouncilIA Lda. ("we", "us", "our"). We are an EU-based company committed to GDPR compliance.

Contact: privacy@council-ia.com

2. What Data We Collect

  • Account data: Email address and name (via Google OAuth through Supabase Auth).
  • Session data: The prompts you submit, AI-generated debate transcripts, and scores.
  • Usage data: Session count, plan tier, timestamps.
  • Payment data: Processed by Stripe. We never see or store your card number.
  • Technical data: IP address (for geo-routing), browser type, anonymized analytics.

3. How We Use Your Data

  • To run AI debate sessions and generate reports.
  • To manage your account and subscription.
  • To route requests to appropriate AI providers (EU geo-routing for data sovereignty).
  • To improve the ACE Engine and debate quality.
  • We do NOT sell your data. Ever.

4. AI Providers & Data Routing

CouncilIA sends your prompts to multiple AI providers via OpenRouter and direct APIs: OpenAI (USA), Google Gemini (USA), DeepSeek (China), Qwen/Alibaba (China), Moonshot/Kimi (China), Mistral (France), Meta/Llama (USA).

EU Data Sovereignty: If you enable the EU-only toggle or if we detect sensitive data (PII, regulated content), we automatically route away from Chinese-origin models and use only EU/US providers.

5. Data Storage

  • Database: Supabase (PostgreSQL), hosted in EU (Frankfurt).
  • Auth: Supabase Auth with Google OAuth.
  • Payments: Stripe (PCI-DSS Level 1 compliant).
  • Cache: Upstash Redis (serverless, encrypted at rest).

6. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Request deletion of your account and all associated data.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing for specific purposes.

To exercise any right, email: privacy@council-ia.com

We respond within 30 days as required by GDPR.

7. Data Retention

Session transcripts are retained for as long as your account is active. Upon account deletion, all data is permanently removed within 30 days. Anonymized, aggregated analytics may be retained indefinitely.

8. Cookies

We use only essential cookies for authentication (Supabase session token). We do not use tracking cookies, advertising cookies, or third-party analytics that require cookie consent.

9. Changes

We may update this policy. Material changes will be notified via email. Continued use after notification constitutes acceptance.