Legal

Privacy Policy

Last updated: March 8, 2026

PerfectLine ("we", "our", "us") operates PerfectIdeas at https://ideas.perfectline.io. This policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have. We are based in California and this policy complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

By creating an account or using PerfectIdeas, you acknowledge this policy. If you disagree, please do not use the service.

1. Information We Collect

Account information

When you create an account — either via Google, GitHub OAuth, or email magic link — we store your email address, display name, and profile image URL provided by your identity provider. We also store the date your email was verified and when your account was created.

Authentication tokens

If you sign in with Google or GitHub, we store OAuth tokens (access token, refresh token, and ID token) from those providers so we can maintain your session. These are stored in our database and are never exposed to the browser. Session tokens are stored in an HTTP-only cookie on your device.

Billing information

If you purchase a plan, we store your Stripe Customer ID and Stripe Subscription ID. We do not store your payment card details — those are held exclusively by Stripe. We store your current plan tier.

Usage and activity data

We store the following activity data linked to your account:

Bookmarks — which idea IDs you have saved and when
Match feedback — like/dislike signals you provide on matched ideas
Builder profiles — skills, interests, and preferences you configure for idea matching
Match alerts — notification preferences you configure for high-fit ideas

Information you submit for analysis

When you submit an idea for AI analysis, the text of that idea is processed through our pipeline, which includes sending it to Anthropic's Claude API. See Section 3 for details on sub-processors.

Technical and log data

Our hosting providers (Vercel, Railway) automatically collect standard server logs including IP addresses, browser type, referring URLs, and timestamps of requests. This data is used for security, debugging, and abuse prevention. We do not use third-party advertising analytics or tracking pixels.

2. How We Use Your Information

We use the information we collect only for the following purposes:

To create and maintain your account
To authenticate you and keep your session secure
To process payments and manage your subscription via Stripe
To send transactional emails — magic link sign-in codes, billing confirmations, and product updates — via Resend
To run your submitted ideas through our AI analysis pipeline
To track your bookmarks, match feedback, and saved preferences
To detect and prevent fraud or abuse
To improve the product based on aggregate usage patterns

We do not use your personal data to train AI models. We do not sell, rent, or share your personal data for advertising purposes. We do not use your data for any purpose not listed above without obtaining your consent first.

3. Third-Party Service Providers

We share personal data only with the following service providers, strictly to operate PerfectIdeas. Each provider has their own privacy policy and, where applicable, a Data Processing Agreement with us.

Stripe

Payment processing. Stripe receives your email address and billing details to create a customer record. Stripe stores your payment card — we never see or store it.

Resend

Transactional email delivery. We send Resend your email address and the content of transactional emails (e.g. magic links, billing receipts).

Anthropic (Claude API)

AI analysis of submitted ideas. When you submit an idea, its text is sent to Anthropic's API to generate scores, market analysis, and business plans. Anthropic's API usage policy prohibits using your data to train their models without consent.

Neon

Database hosting. All account, billing, and activity data described in Section 1 is stored in a Neon-hosted PostgreSQL database.

Vercel

Frontend hosting and CDN. Vercel serves the web application and may log IP addresses, request headers, and response metadata for each page load.

Railway

API and worker hosting. Our backend API and pipeline workers run on Railway, which logs standard infrastructure metrics and request logs.

Google / GitHub

OAuth identity providers. If you choose to sign in with Google or GitHub, those providers authenticate your identity and share your name, email, and profile image with us. Your use of those services is governed by their own privacy policies.

4. Cookies

We use only the cookies required to operate the service:

authjs.session-token / __Secure-authjs.session-token

HTTP-only session cookie set by AuthJS. Required to keep you logged in. Expires when you sign out or the session expires. Cannot be read by JavaScript.

We do not use advertising cookies, marketing tracking pixels, or third-party analytics cookies (e.g. Google Analytics). We do not participate in cross-site tracking.

5. Data Retention

Active accounts: All data is retained for as long as your account exists.
Deleted accounts: When you delete your account (via the dashboard or by request), your user record and all associated data — bookmarks, match feedback, builder profiles, and match alerts — are permanently deleted from our database immediately via cascading deletion.
Stripe records: Stripe retains billing transaction records for their own legal and compliance obligations regardless of account deletion. Contact Stripe directly to exercise rights over that data.
Server logs: Infrastructure logs held by Vercel and Railway are typically retained for 30–90 days per their own policies.

6. Security

We use industry-standard measures to protect your data: all data is transmitted over TLS, session cookies are HTTP-only and Secure-flagged in production, database access is restricted to application services, and OAuth tokens are stored server-side only. No system is perfectly secure; if you discover a vulnerability, please report it to hello@perfectline.io.

7. Your Privacy Rights (California)

Under the CCPA/CPRA, California residents have the following rights. To exercise any of them, use the form at the bottom of this page or email hello@perfectline.io. We will respond within 45 days.

Right to Know

You can request a copy of the personal data we hold about you, including the categories, sources, purposes, and specific pieces of information.

Right to Delete

You can delete your account and all associated data instantly from your Dashboard, or request deletion by contacting us. Deletion is permanent and immediate.

Right to Correct

You can request that we correct inaccurate personal data we hold about you.

Right to Opt Out of Sale or Sharing

We do not sell or share your personal data for cross-context behavioral advertising. There is nothing to opt out of.

Right to Limit Use of Sensitive Personal Information

We do not collect sensitive personal information as defined by CPRA (e.g. Social Security numbers, precise geolocation, financial account numbers).

Right to Non-Discrimination

We will not discriminate against you — including by denying services, charging different prices, or providing a different level of service — for exercising any of your privacy rights.

8. Children

PerfectIdeas is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact & Data Requests

For privacy questions, to access your data, or to submit a deletion request (if you prefer not to use the self-serve dashboard option), use the form below or email hello@perfectline.io. We respond within 5 business days and fulfill verified requests within 45 days.