Privacy Policy
Last updated: April 5, 2026
- We only collect what we need: account info, uploaded documents, and usage data.
- Your simulation data is isolated per organisation — no one else can see it.
- We never sell your data, use it for advertising, or train AI models with it.
- You can export or delete all your data at any time, in standard formats.
- We use encryption in transit (TLS 1.3) and at rest (AES-256) to protect everything.
- We respect Do Not Track signals and require explicit consent for non-essential cookies.
1. Introduction
Foretide World, operated by Maistik Studio ("we", "our", "us"), provides the foretide.world website and prediction platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information. By using the Service, you agree to these practices.
2. Information we collect
We collect: (a) Account information — name, email, password (hashed), organisation name, and role. (b) Uploaded content — documents (PDF, Markdown, TXT) you provide for simulations. (c) Simulation data — agent profiles, knowledge graphs, reports, and interaction logs generated by the Service. (d) Usage data — pages visited, features used, credit consumption, session duration, browser type, and IP address. When you sign in via Google or GitHub, we receive only your email, name, and profile picture. We do not access your contacts, files, or other account data.
3. Legal basis for processing (GDPR Article 6)
Our processing is based on: (a) Contract — processing necessary to provide the Service (Art. 6(1)(b)). (b) Legitimate interests — security, fraud prevention, and platform improvement (Art. 6(1)(f)). (c) Consent — for non-essential analytics and marketing communications (Art. 6(1)(a)). (d) Legal obligation — compliance with applicable laws (Art. 6(1)(c)). We do not knowingly process special category data (Art. 9) unless you explicitly include it in uploaded documents, in which case you are responsible for ensuring a lawful basis.
4. How we use your information
We use your data to: provide, maintain, and improve the Service; process documents into knowledge graphs and run simulations; communicate about your account and support requests; analyse usage patterns to improve features and reliability; detect, prevent, and address fraud, abuse, or technical issues; comply with legal obligations. We do NOT use your data to: train or improve AI models; sell to third parties; serve advertisements; build profiles for marketing to third parties.
5. Data storage and security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Credentials are encrypted with Fernet symmetric encryption. Access to production systems requires multi-factor authentication and is logged. Organisation data is logically isolated using row-level security in a multi-tenant architecture. Isolation controls are tested quarterly by internal security and annually by independent penetration testers. Any confirmed isolation breach is treated as a critical incident and reported within 4 hours.
6. Third-party services and AI processing
We use third-party services for: authentication (Google, GitHub), payment processing (Stripe), and AI model inference. AI providers process your data only to generate simulation outputs — they do NOT use your documents to train or improve their models. All third-party providers are bound by data processing agreements and receive only the minimum data necessary. Third-party cookies may be set by auth providers and Stripe during checkout. We do not use advertising networks or cross-site tracking.
7. Data retention and deletion
Retention by data type: Account information — retained while account is active, deleted within 30 days of closure. Uploaded documents — deleted within 30 days of deletion or account closure. Simulation data — deleted within 30 days of project deletion or account closure. Usage logs — retained 90 days for debugging, then deleted. Security/audit logs — retained 1 year. Payment records — retained 7 years per Spanish tax law. Backups — retained up to 60 days; data in backups is inaccessible but may exist until backup rotation. Data may be retained longer if required by law, litigation hold, or regulatory investigation.
8. Data export
You may export your data at any time in standard formats: original documents (PDF, Markdown, TXT), simulation data (JSON), reports (PDF), and account data (CSV). Exports are generated within 7 business days and available for 30 days. For exports exceeding 1 GB, contact us for alternative delivery arrangements.
9. Your rights (GDPR Articles 15-22)
You have the right to: (a) Access — request a copy of your personal data. (b) Rectification — correct inaccurate or incomplete data. (c) Erasure — request deletion, subject to legal retention requirements. (d) Portability — receive data in a structured, machine-readable format. (e) Restriction — limit processing in certain circumstances. (f) Objection — object to processing based on legitimate interests (Art. 21). We will cease processing within 30 days unless we have compelling grounds. (g) Automated decision-making — Foretide does not make automated decisions about you. If YOU use Foretide outputs for automated decisions affecting individuals, you must comply with Art. 22 GDPR. Contact privacy@foretide.world to exercise these rights. We respond within 30 days.
10. International data transfers
By default, all personal data is stored within the European Union. If transfers outside the EEA become necessary, we ensure safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission and Transfer Impact Assessments as required by the EDPB. You will be notified before any new non-EEA transfers. You have the right to object.
11. Children's privacy
The Service is not intended for users under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we discover we have collected data from a child under 16, we will delete it promptly. Contact privacy@foretide.world if you believe a child's data has been collected.
12. Marketing communications
We may send emails about Foretide updates, features, and educational content only with your explicit consent. You may opt out at any time via the unsubscribe link in any email or in Settings > Communications. We never share your email with third parties for marketing.
13. Do Not Track
If your browser sends a Do Not Track (DNT) signal, we respect it by not setting analytics cookies. Essential cookies required for authentication are set regardless of DNT.
14. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes are notified via email at least 30 days before taking effect. Continued use after the effective date constitutes acceptance.
15. Contact
For questions about this Privacy Policy or to exercise your rights:
privacy@foretide.world