This Policy explains what information the Strategic Alignment Engine ("the Service") collects from pilot users at Turnkey Solutions and how that information is used.
1. Data We Collect
- Account data: name, work email, hashed password.
- Organization data: agency name, logo, optional strategic-plan URL, document tone preference.
- Agenda content: the intake fields you submit — title, background, justification, financials, attachments metadata, and any responses to AI pushback questions.
- AI-generated artifacts: alignment scores, executive summaries, resolutions, and Q&A prep stored against each agenda item.
- Operational telemetry: login events, error logs, and timing metrics used to keep the Service running.
2. How AI Uses Your Content
Intake content is sent to large-language-model providers (Google Gemini, OpenAI GPT) via the Lovable AI Gateway to generate analyses and documents. We instruct providers not to retain content for training. Do not submit classified material, sealed records, or personally identifiable information about residents that exceeds what an agenda item requires.
3. Where Data Is Stored
Account and agenda data are stored in Lovable Cloud (Supabase) with row-level security so each user can only access their own organization's data. Logos are stored in object storage with public read URLs by design (they're meant for printed board materials).
4. Sharing
We do not sell or rent your data. We share it only with infrastructure providers strictly necessary to run the Service (database hosting, AI inference, email delivery). We may disclose data when required by lawful subpoena or court order.
5. Retention
Agenda items remain in your account until you delete them. If you delete your account, your personal profile and agenda content are removed within 30 days. Aggregate, de-identified usage statistics may be retained for product improvement.
6. Your Rights
You may view, edit, export, or delete your agenda items and account data at any time from Settings. Public-records laws in your jurisdiction may also apply to material that becomes part of an official agenda packet.
7. Security
Passwords are hashed by Supabase. Common breached passwords are blocked at sign-up and password change via the Have I Been Pwned API. Sessions use rotating JWTs delivered over HTTPS.
8. Contact
Privacy questions? Contact your pilot administrator at Turnkey Solutions.