Carlo Privacy Policy

1. Information We Collect

We collect the following types of personal information when you use our Services:

• Email Address: Provided during account creation, used for account management and communication.
• Name: Collected during sign-up for personalization.
• Outdoor Gear Inventory: Information about your hiking and outdoor equipment that you choose to add to your profile.
• Trip Information: Details about your outdoor trips and activities that you choose to track.
• Food & Nutrition Data: Information about meal planning and nutrition for outdoor activities.
• User Preferences: Settings and preferences for personalized recommendations.
• IP Address: Automatically collected to enhance security and personalize services.
• Analytical Data: Usage patterns, features accessed, and interaction data to improve user experience.

2. How We Collect Data

• User Input: When you provide information during sign-up or while using features of our Services.
• Automatic Data Collection: Through your use of our Services via cookies and server logs.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance functionality and understand usage.

3. Use of Your Data

We use the information we collect for the following purposes:

• Account Creation and Management: To set up and maintain your account.
• Service Delivery: To provide personalized outdoor gear advice based on your inventory and trips.
• Service Improvement: To enhance our Services and develop new features.
• Billing and Payment Processing: To process payments securely via Stripe.
• Analytics: To analyze usage patterns and improve user experience.
• Communication: To send updates, notifications, and information related to your account.

4. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds:

• Consent: When you provide your information and agree to our terms.
• Contractual Necessity: To fulfill our obligations in providing Services to you.
• Legitimate Interests: For improving our Services and ensuring security.

5. Cookies & Tracking Technologies

We use cookies on our website to enhance your experience and analyze usage. These include:

• Session Cookies: To keep you logged in during your session.
• Preference Cookies: To remember your choices and settings.
• Analytics Cookies: To gather usage data and improve our Services.

Managing Your Preferences

You can manage or disable cookies through your browser settings. However, disabling cookies may affect the functionality of our website.

6. Third-Party Sharing

We share user data with the following third parties:

• Clerk: For authentication and user management.
• Supabase: For data storage and security.
• Stripe: For payment processing.
• Anthropic: For providing AI-based outdoor advisory services.
• Perplexity AI: For web scraping and product data extraction.

Data Shared:

• Clerk: Manages authentication and user accounts.
• Supabase: Stores your gear, trip, and account data securely.
• Stripe: Processes payment information securely.
• Anthropic: Provides AI services. Your gear and trip data is sent to Anthropic’s Claude API to generate personalized recommendations. This data is processed according to Anthropic’s privacy policy and is not used to train their models.
• Perplexity AI: Processes product URLs you provide for the smart-fill feature to extract product information from websites.

We do not sell user data to third parties.

7. Data Storage & Security

Your data is stored securely using Supabase. We employ encryption, secure servers, and strict access controls to protect your data from unauthorized access or disclosure.

Security Measures Include:

• Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
• Access Controls: Restricted access to personal data to authorized personnel only.
• Regular Audits: We conduct regular security assessments to maintain high security standards.

8. User Rights

Under the General Data Protection Regulation (GDPR), you have the following rights concerning your personal data:

• Right to Access: You can request a copy of the data we hold about you.
• Right to Rectification: You can request correction of inaccuracies in your data.
• Right to Erasure: You can request the deletion of your data.
• Right to Restrict Processing: You can request that we limit the processing of your data.
• Right to Data Portability: You can request to receive your data in a structured, commonly used format.
• Right to Object: You can object to the processing of your data for certain purposes.
• Right to Withdraw Consent: You can withdraw your consent at any time.

Exercising Your Rights

To exercise any of these rights, please contact us at matt@askcarlo.ai. We will respond to your request within the timeframes established by applicable law.

9. International Data Transfers

Your data may be transferred and stored in countries outside of your own, including the United States, for data processing and storage purposes via Supabase, Clerk, Anthropic, and Perplexity AI.

Safeguards in Place

We rely on our service providers’ compliance with data protection laws and implement appropriate safeguards, such as Standard Contractual Clauses, to ensure your data is protected during international transfers.

10. Compliance with Regulations

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

11. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal data from a minor, we will take steps to delete such information promptly.

12. Payments

All payments for our Services are processed securely via Stripe. We do not handle or store payment information directly.

Stripe Privacy Policy: https://stripe.com/privacy

13. Third-Party Services

We use third-party services, including:

• Clerk: For authentication and user management.
• Supabase: For data storage and security.
• Stripe: For payment processing.
• Anthropic (Claude API): To provide AI-based outdoor gear recommendations.
• Perplexity AI: To extract product information from URLs for the smart-fill feature.
• Vercel: For website hosting and infrastructure.

These services handle your data securely and in accordance with their own privacy policies.

14. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law.

Criteria for Retention Periods:

• Active Accounts: We retain data for the duration your account is active.
• Legal Obligations: We may retain data to comply with legal obligations.
• At User’s Request: Data will be deleted upon request, subject to legal and contractual restrictions.

Data Deletion

To request deletion of your data, please contact us at matt@askcarlo.ai.

15. Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Notification of Changes:

• Significant Changes: We will notify you via email and/or a prominent notice on our Services.
• Effective Date: The “Last Updated” date at the top of this policy will indicate when it was last revised.

16. Contact Us

For any privacy-related inquiries or to exercise your rights, please contact us:

Email: matt@askcarlo.ai

17. Use of Artificial Intelligence Technologies

We utilize AI technologies to enhance our Services:

Anthropic Claude API: Used for generating personalized outdoor gear recommendations and advice. When you ask Carlo a question, we send your query along with relevant context from your gear inventory, trips, and preferences to Anthropic’s Claude API. The AI generates responses based on this information to provide you with tailored advice. According to Anthropic’s privacy policy, your data sent through the API is not used to train their models.

Perplexity AI: Used for extracting product information from websites when you use the smart-fill feature. When you provide a product URL, we use Perplexity’s service to fetch and parse the webpage content, then send relevant product details to Anthropic’s Claude API for structured extraction. According to Perplexity’s privacy policy, your data is processed to provide the service and is not used to train their models.

18. Analytical Data Collection

We collect analytical data about user activity on our Services to improve user experience. This includes:

• Usage Behavior: Pages visited, time spent, features used.
• Interaction Data: Clicks, navigation paths, form submissions.
• Device Information: Browser type, operating system, screen size.

We use this data to:

• Enhance Functionality: Improve navigation, features, and performance.
• Personalize Content: Provide tailored recommendations.
• Track Conversions: Monitor user interactions and key events.

19. Managing Your Preferences

You may manage your communication preferences (e.g., for marketing emails) by following the unsubscribe instructions provided in emails or by contacting us at matt@askcarlo.ai.

20. Links to Other Websites

Our Services may contain links to other websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.