Privacy Policy

1. Introduction

Welcome to PIP ("Platform"). This Privacy Policy explains how Use Passionfruit Limited (UK) and Use Passionfruit Inc (US) (collectively "Passionfruit," "we," "us," or "our") collect, use, secure, and share your personal data when you use our AI-powered analytics and workspace platform.

This policy specifically covers the AI Platform. If you are a user of our Freelance Marketplace/Specialist Platform, please refer to the separate Marketplace Privacy Policy.

2. Data Controller Details

For the purposes of the UK GDPR, EU GDPR, and other applicable data protection laws, the Data Controllers are:

• Use Passionfruit Limited
  
  • Company Number: 13237931
  • Registered Office: Camburgh House, 27 New Dover Road, Canterbury, Kent, United Kingdom, CT1 3DN
  • Contact: privacy@usepassionfruit.com
• Use Passionfruit Inc
  
  • Address: 18 West 18th Street, 6th Floor, New York, NY, 10011, USA

3. Google User Data & Integration Policy (Limited Use Disclosure)

Important: This section explicitly addresses our integration with Google Services to ensure transparency regarding how we handle data received from Google APIs.

2. Google Analytics Integration

A. Google Sign-In (Authentication)

• OAuth Scope: https://www.googleapis.com/auth/adwords
• Data Accessed: Campaign spend, impressions, clicks, campaign names/status, and account metadata (name, currency, timezone).
• Purpose: To display advertising performance metrics and generate AI-driven insights within your dashboard.

We use Google Sign-In to allow you to log in to our Platform easily.

1. Google Ads Integration

• Data Accessed: Email address, First Name, Last Name, Profile Picture.
• Purpose: Identity verification and account creation only.
• Separation: Using Google Sign-In does not grant us access to your Google Ads, Analytics, or Drive data unless you explicitly connect those specific integrations in your Platform Settings.

You may voluntarily choose to connect specific Google services to the Platform to generate AI insights. These integrations areread-only. We cannot create, modify, or delete your ad campaigns or analytics configurations.

B. Optional Google Integrations

• OAuth Scope: https://www.googleapis.com/auth/analytics.readonly
• Data Accessed: Website traffic, user behavior, traffic sources, campaign performance, and conversion data.
• Purpose: To provide website performance analysis alongside your business metrics.

C. Google Data Compliance & Security

• Limited Use Policy: Passionfruit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
• Encryption: All OAuth tokens and data retrieved from Google are encrypted at rest using AES-256-GCM encryption and in transit via TLS 1.2+.
• Revocation: You may revoke Passionfruit’s access to your Google data at any time via your Platform Settings or your Google Account security settings. Upon revocation, we immediately cease data collection and delete the associated access tokens.

4. Other Data We Collect

A. Account & Company Information

• User Data: Email address, first/last name, hashed password (secured via Bcrypt), and profile pictures.
• Company Data: Business domain, company name, description, logo, business goals, target audience details, and custom constraints defined during onboarding.

B. User Content (AI Inputs)

To provide our AI services, we process content you upload or input:

• Uploaded Documents: PDFs, DOCs, text files (from which we extract text for analysis).
• Conversational Data: Chat logs, prompts, and instructions you send to our AI assistant.
• Workflows: Automation rules and custom metrics you define.
• Knowledge Base: We generate vector embeddings of your company context to allow the AI to search and retrieve relevant information for your queries.

C. Other Third-Party Integrations (Optional)

If you connect other services, we access data based on the permissions you grant:

• Google Drive: Read-access to specific spreadsheets/docs you select.
• Meta (Facebook) Ads: Read-access to ad insights and performance data.
• HubSpot: Read/Write access for contact management (via API).
• Database Connections: Data retrieved from your connected SQL databases (PostgreSQL, SQL Server) based on your custom queries.

5. How We Use Your Data

We use your data for the following specific purposes:

1. Service Provision: Providing the AI dashboard, authenticating users, and managing sessions (14-day token expiration).
2. AI Analysis & Insight Generation: Processing your uploaded documents and metrics to generate summaries, strategic advice, and answers to your questions.
3. Search & Retrieval: Using vector embeddings to find relevant context from your uploaded knowledge base when you ask the AI a question.
4. Communication: Sending system updates or responding to support requests (via HubSpot).

6. AI Sub-Processors & Data Sharing

A. AI Providers

To provide intelligent analysis, summaries, and conversational responses, we transmit specific user content (such as text extracted from documents, chat prompts, and relevant company context) to third-party Artificial Intelligence providers.

Providers We Use:

• Anthropic (Claude)
• Perplexity AI
• OpenAI (GPT Models)

Purpose: To generate the text responses and analysis you see in the Platform.

‍No Model Training (Privacy Guarantee): We access these services via their commercial APIs (Enterprise/Business tiers).We contractually prohibit these providers from using your data (including uploaded documents, Google integration data, and chat logs) to train their foundation models.Your data is processed solely to generate the response for your specific request and is not used to improve their public AI services.

B. Infrastructure Providers

• AWS (Amazon Web Services): Used for secure data storage (S3) and hosting.
• HubSpot: Used for email communications and CRM.

C. Legal & Business Transfers

We may disclose data if required by law, legal process, or to protect the safety of any person. In the event of a merger or acquisition, user data may be transferred as a business asset.

7. Data Security

We implement enterprise-grade security measures to protect your data:

• Encryption: Data at rest is encrypted (AES-256). Data in transit is encrypted (TLS).
• Access Control: Strict role-based access control for our internal employees.
• Hashing: Passwords are hashed using Bcrypt.
• Tokens: API tokens for third-party integrations are stored encrypted.

8. International Data Transfers

Your data may be processed in the United Kingdom, the European Economic Area (EEA), and the United States.

• UK/EEA to US: When we transfer data to the US (e.g., to Use Passionfruit Inc, AWS, or Anthropic), we rely on appropriate safeguards such as the UK/EU Standard Contractual Clauses (SCCs) or the Data Privacy Framework (where applicable).

9. Your Rights

Under the UK GDPR and applicable laws, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data (e.g., "Right to be Forgotten").
• Restriction: Restrict how we process your data.
• Portability: Receive your data in a structured, commonly used format.

10. Data Retention

We retain your personal data and uploaded content only as long as your account is active or as needed to provide you with our services.

• Integration Data: If you disconnect a third-party integration (e.g., Google Ads), we stop updating that data and remove the access tokens immediately.
• Deletion: You may request full account deletion by contacting support. We will delete your account data within 30 days of the request, subject to legal retention obligations.

11. Contact

UsIf you have questions about this policy or our privacy practices:

• Email: privacy@usepassionfruit.com
• Address: Use Passionfruit Limited, Camburgh House, 27 New Dover Road, Canterbury, Kent, CT1 3DN, UK.