Legal
Data Storage Policy
Last updated: July 1, 2026
This policy describes where and how Prodigent ("we", "us", or "our") stores information when you use prodigent.ai or our application at app.prodigent.ai. It supplements our Privacy Policy.
Overview
Prodigent stores customer data in secure infrastructure operated by us and by trusted service providers. We use industry-standard practices to protect data at rest and in transit. This policy explains what we store, where it lives, and the safeguards we apply.
What we store
Prodigent stores the following categories of data:
- Account data — name, email address, hashed password, profile photo, authentication identifiers, and account settings
- Workspace content — initiatives, events, decisions, snapshots, comments, reactions, links, tags, and related metadata
- Integration data — OAuth tokens and content imported from connected services such as Slack
- Billing data — subscription and customer identifiers received from Stripe; we do not store full payment card numbers
- Operational data — session tokens, application logs, AI usage metadata, and support correspondence
- Marketing site data — aggregate analytics from Google Analytics on prodigent.ai
Primary storage
Application database
Most Prodigent data — including accounts, workspaces, product content, and integration metadata — is stored in a relational database hosted on our production infrastructure in the United States.
File storage
User-uploaded files such as profile photos are stored on our application servers. Files are served over HTTPS and are accessible only to authorized users or, for public assets, as intended by the feature.
Static marketing site
The marketing site at prodigent.ai is served as static files from our production infrastructure. It does not store customer workspace content.
Geographic location
Prodigent is operated from the United States. Customer data is primarily stored and processed in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.
Third-party processors
We use trusted vendors to help operate the Service. These providers may store or process data on our behalf, subject to contractual obligations and only as needed to perform their services:
- Stripe — payment processing and subscription management
- Google — optional sign-in and marketing site analytics
- OpenAI — AI-assisted features such as snapshots and Ask (context is sent only for specific requests)
- Slack — integration when you choose to connect a workspace
- Email delivery — transactional email such as verification and account notices
Each provider processes data according to its own terms and privacy policies. We do not sell your personal information.
Security measures
We apply reasonable technical and organizational safeguards, including:
- Encryption in transit (HTTPS/TLS) for all web traffic
- Hashed storage of passwords; we do not store plaintext passwords
- Access controls limiting production data access to authorized personnel
- Workspace-based permissions so team members see only what their role allows
- Regular software updates and security patching of production systems
- Monitoring and logging to detect abuse and operational issues
No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.
Backups
We maintain periodic backups of production databases to support disaster recovery. Backups are stored in access-controlled environments and are retained on a rolling schedule. Backup data is encrypted in transit and at rest where supported by our infrastructure.
Backups are used to restore active service in the event of data loss or system failure, not to recover content you have deleted through the Service.
Data isolation
Workspace data is logically separated by workspace identifier. Authentication and authorization checks are enforced on each request to ensure users can access only the workspaces and content their account is permitted to view.
Demo workspaces, where provided, are isolated from your production workspaces and are intended for exploration only.
AI processing
When you use AI-assisted features, relevant product context is transmitted to third-party AI providers to generate the requested output. We send only the information needed for that specific request. AI-generated outputs are stored as part of your workspace content. We do not use your workspace content to train general-purpose AI models.
Your responsibilities
You are responsible for the content you and your team store in Prodigent, including ensuring you have the right to import and share content from third-party services. Use strong, unique passwords and keep your account credentials secure.
Changes to this policy
We may update this policy from time to time, including if we change hosting providers or storage architecture. When we do, we will revise the "Last updated" date at the top of this page. Material changes may also be communicated through the Service or by email where appropriate.
Related policies
For how long we keep data, see our Data Retention Policy. For how data is archived or removed, see our Data Archival and Removal Policy.
Contact
Questions about how we store data? Please reach out through our contact page.