CompetitiveOS

Privacy Policy

Last updated: February 15, 2026

1. Overview

CompetitiveOS ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data when you use our competitive intelligence platform.

2. Data Controller

The data controller for the purposes of GDPR is the operator identified on our Imprint page.

3. Data We Collect

We collect the following data:

  • Account data: Email address and password (hashed) when you register
  • Analysis data: Competitive analyses, data points, sources, insights, and changelog entries you or your AI agents create
  • Usage data: Log data including IP addresses, browser type, and access timestamps for security and debugging purposes

4. How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your identity
  • To enforce access control (workspace-based permissions)
  • To debug errors and improve the Service
  • To communicate service updates (if you opt in)

5. Data Storage and Hosting

All data is stored in Supabase (PostgreSQL), hosted in the EU (eu-west-1 region, Ireland). Your data does not leave the European Union. Authentication is handled by Supabase Auth with JWT tokens.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with:

  • Supabase: Database and authentication provider (data processor)
  • Vercel: Frontend hosting provider
  • Railway: MCP server hosting provider

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict processing of your data
  • Data portability
  • Object to processing

To exercise any of these rights, contact us through the information on our Imprint page.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, your personal data will be removed within 30 days. Anonymized usage data may be retained for analytics.

9. Security

We use industry-standard security measures including:

  • Encrypted connections (HTTPS/TLS)
  • Row-Level Security (RLS) at the database level
  • JWT-based authentication with ES256 algorithm
  • Hashed passwords (via Supabase Auth)

10. Cookies

We use essential cookies for authentication session management. We do not use tracking cookies or third-party analytics cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email.

12. Contact

For privacy-related questions, contact us through the information on our Imprint page.