SVEND
Privacy Policy
Last updated: February 2026
SVEND is a self-hosted decision science platform operated by Eric Wolters. This policy describes what data we collect, how we protect it, and your rights. We aim to be transparent — if something isn't covered here, ask us.
1. What We Collect
Account Data
- Email address, username, and password (hashed with PBKDF2, never stored in plaintext)
- Profile fields you optionally provide: display name, industry, role, experience level, organization size
- Subscription tier and billing status
Conversations & Analysis
- Messages you send and responses you receive
- Files you upload (datasets, documents)
- Analysis results (DSW, SPC, DOE, triage, forecasting)
- Projects, hypotheses, evidence, A3 reports, FMEA studies, RCA sessions, value stream maps, whiteboards
Diagnostic Logs
- Pipeline trace logs (input, reasoning steps, model outputs) — used for debugging and model improvement
- Low-confidence and error responses are flagged as training candidates for review
Usage Analytics
- Page views, feature usage, session events
- IP addresses are hashed (SHA-256) before storage — we do not store raw IPs
- Daily query counts and token usage
Payment Data
- Processed entirely by Stripe. We never see or store your card number, expiry, or CVV.
- We store a Stripe customer ID (encrypted) to link your account to your subscription.
2. How We Use Your Data
- Service delivery: Running your analyses, storing your projects, responding to queries
- AI improvement: Low-confidence responses may be reviewed to improve model accuracy. Reviewed data is never shared externally.
- Email: Account verification, service updates, and optional onboarding emails. You can opt out of non-essential emails at any time.
- Analytics: Understanding feature usage to improve the product. Analytics are aggregated; we don't build individual behavioral profiles.
- Rate limiting: Enforcing fair-use query limits per subscription tier
3. Data Storage & Security
Infrastructure
- SVEND runs on a private, self-hosted server — not shared cloud infrastructure
- PostgreSQL database on localhost (no external DB access)
- All traffic encrypted via HTTPS with HSTS (2-year max-age, preload)
- Content Security Policy (CSP) restricts page resource origins
Encryption at Rest
- Sensitive fields are encrypted using AES-128 (Fernet) before storage in the database: conversation content, reasoning traces, analysis results, uploaded files, Stripe customer IDs
- The encryption key is stored separately from the database and application code
- Even with direct database or disk access, sensitive data appears as ciphertext
Authentication
- Passwords hashed with PBKDF2-SHA256 (Django default, 720,000 iterations)
- Email verification tokens stored as SHA-256 hashes (one-way)
- Session cookies: secure, HttpOnly, SameSite=Lax
Backups
- Daily encrypted database backups (AES-256)
- Backups retained for 30 days, then automatically deleted
4. Data Retention
| Data |
Retention |
| Conversations & projects |
While your account is active |
| Uploaded files |
While your account is active; deleted on account deletion |
| Pipeline trace logs |
30 days |
| Training candidates (reviewed) |
30 days after export |
| Usage analytics & event logs |
90 days |
| Blog view analytics |
180 days |
| Shared conversations |
Deleted when expired or when account is deleted |
5. Third-Party Services
- Stripe — Payment processing. Stripe's privacy policy applies to payment data. We never access your card details.
- Resend (SMTP) — Transactional email delivery (verification, onboarding, service updates)
- Anthropic API — Enterprise-tier AI features (critique, escalation). Data sent to Anthropic is subject to their privacy policy. This feature is opt-in and only available on the Enterprise plan.
- Let's Encrypt — TLS certificate issuance (automated, no user data shared)
We do not use any third-party analytics services, advertising networks, or tracking pixels.
6. Your Rights
You can:
- Access your data — your conversations, projects, and analyses are visible in your account
- Delete your account and all associated data — email us and we'll process it within 7 days
- Export your data — analysis results can be downloaded as CSV/JSON from the app
- Opt out of non-essential emails via your account settings or by clicking the unsubscribe link
- Correct inaccurate information — update your profile in Settings, or contact us for other corrections
7. Cookies
We use essential cookies only:
- Session cookie (
sessionid) — keeps you logged in
- CSRF cookie (
csrftoken) — prevents cross-site request forgery
We do not use third-party tracking cookies, analytics cookies, or advertising cookies.
8. Email Communications
- Transactional: Account verification, password resets, subscription changes — cannot be opted out
- Onboarding: Welcome series and feature tips for new users — can be opted out
- Service updates: Important changes to terms, pricing, or functionality — sent rarely
9. Children
SVEND is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy as the product evolves. Significant changes will be communicated via email to active users. The "last updated" date at the top reflects when changes were last made.
Contact
Questions or requests about your privacy? Email [email protected]
← Back to SVEND