Product Discovery Platform
Get started free

Privacy Policy

Last Updated: February 11, 2026

Introduction

Welcome to Requirement Incubator ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This Privacy Policy applies to all information collected through our website and services. By using our service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our service:

  • Account Information: Email address, username, and password
  • Profile Information: Name, profile picture (optional)
  • Project Data: Requirements descriptions, generated documents, and related content
  • Communication Data: Messages you send through our contact forms or support channels

1.2 Automatically Collected Information

When you access our service, we automatically collect certain information:

  • Device Information: Device type, operating system, browser type and version
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Log Data: IP address, access times, referring URLs
  • Cookies and Similar Technologies: See our Cookie Policy below

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our AI-powered requirement analysis service
  • Account Management: To create and manage your account
  • Communication: To send service-related notifications, updates, and respond to inquiries
  • Personalization: To customize your experience and provide relevant content
  • Analytics: To analyze usage patterns and improve our service
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Legal Compliance: To comply with legal obligations and enforce our terms

3. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

  • Contract Performance: Processing necessary to provide our service
  • Consent: You have given explicit consent for specific purposes
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Legal Obligation: Processing required to comply with legal requirements

4. Data Sharing and Disclosure

4.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf:

  • Cloud Infrastructure: Supabase (database hosting)
  • AI Services: AI model providers for document generation
  • Analytics: Usage analytics and monitoring services

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Emergency situations involving potential harm

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.4 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Privacy Shield certification (where applicable)
  • Other legally approved transfer mechanisms

6. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data in transit is encrypted using HTTPS/TLS
  • Access Controls: Strict access controls and authentication mechanisms
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Employee Training: Staff trained on data protection practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Account Data: Retained while your account is active
  • Project Data: Retained until you delete it or close your account
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Backup Data: Data in backups is deleted according to our backup retention schedule

8. Your Privacy Rights

8.1 Rights for EEA Residents (GDPR)

If you are in the EEA, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Lodge a Complaint: File a complaint with your local data protection authority

8.2 Rights for California Residents (CCPA)

If you are a California resident, you have the following rights:

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights, please:

  • Use the "Contact Us" page on our website
  • Access your account settings to update or delete information
  • We will respond to your request within 30 days (GDPR) or 45 days (CCPA)

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Necessary for service functionality (authentication, security)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how you use our service

You can control cookies through your browser settings. Note that disabling certain cookies may affect service functionality.

10. Children's Privacy

Our service is not intended for children under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an email notification (for significant changes)
  • Displaying a prominent notice on our service

Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us through the "Contact Us" page on our website.

For GDPR-related inquiries, you may also contact your local data protection authority.

13. Additional Information for Specific Regions

13.1 European Economic Area (EEA)

Data Controller: Requirement Incubator
Legal Basis: As described in Section 3
Data Protection Officer: Available upon request

13.2 California

Categories of Personal Information Collected: As described in Section 1
Business Purpose: As described in Section 2
Categories of Third Parties: As described in Section 4.1