Your information should serve your judgment, not someone else's business model.

IdeaSense AI is currently an independently operated software product built and run by Ethan Lu. In this notice, “IdeaSense AI”, “we”, “us”, and “the service” refer to that product and its operator.

This notice applies to the IdeaSense public site, Sample Workspace, Sample Report, account registration and login, email verification, password reset, organization invitations, staged review flows, and the backend processing directly required to support those experiences.

For privacy questions or requests, you can currently contact us at ideasenseai@gmail.com. If we later publish a different dedicated privacy channel, we will update this page.

This generally includes information you actively submit, such as account details, email address, authentication-related records, email verification and password reset records, organization invitation details, project inputs, chat/review content, stage summaries, scores, and report content.

We also generate technical and security-related data when you use the service, such as IP address, browser or device information, request logs, timestamps, error logs, rate-limit records, abuse-prevention signals, and necessary audit records.

We use this information to provide the service itself, including account creation and login, session management, email verification, password reset, organization collaboration, project persistence, staged review, scoring, report generation, and sample experiences.

Where necessary, we also use limited data for platform security, debugging, abuse prevention, rate limiting, product improvement, and legal compliance. For UK/EU-style contexts, our legal bases will generally include contract performance, legitimate interests, legal obligations, and consent where consent is the appropriate basis.

The current product uses browser local storage, session storage, and first-party cookies for certain functions. For example, sign-in state may be retained in local or session storage, language preference may be remembered through a cookie, and invitation tokens may be stored locally until they are accepted or cleared.

On higher-risk entry points such as registration, login, email verification, or password reset, we may also use hCaptcha or reCAPTCHA. When enabled, those providers may process browser and device information to help identify automated abuse.

To operate the current product, we may use infrastructure and processors such as database or hosting providers, email delivery providers, captcha providers, and one or more AI/model providers. Based on the current product configuration, these categories may include services such as Resend, OpenAI, Google Gemini, AWS Bedrock, DeepSeek, and, where research or verification features are enabled, search or research providers.

Not every provider is active in every deployment. Our goal is to expose processors only to the information reasonably necessary for the service they perform, rather than sharing full project content by default.

We do not sell your project content. Sharing should happen only where necessary to provide the service, support organization collaboration, comply with law, protect platform security, or use necessary processors.

Because some providers may operate in jurisdictions other than your own, information may also be processed outside your country or region. Where that happens, we try to rely on data minimization, access controls, and contractual safeguards to reduce risk.

We do not promise a single retention period for every category of data. In general, account data, project content, and reports may be retained while the account remains active or while retention is reasonably necessary for support, disputes, backups, legal obligations, or security review.

Captcha records, rate-limit records, security audit data, email verification/reset/invitation tokens, and related logs are typically kept for shorter operational and security windows, then allowed to expire, be deleted, or be de-identified when no longer needed.

You may request access to, correction of, export of, or deletion of portions of your data. Depending on the law that applies to you, you may also have rights to object to certain processing, restrict processing, withdraw consent, or complain to a regulator.

At a practical level, you should avoid submitting sensitive personal information or third-party information that you do not have authority to use, especially in sample or testing flows.

IdeaSense is not designed as a product for children. If laws in your jurisdiction impose stricter rules for minors, you should use the service only with appropriate authorization.

If we learn that information was submitted in a way that does not comply with applicable rules, we will try to delete it or limit further processing.

We may update this notice as the product, infrastructure, or legal requirements evolve. The date at the top of the page reflects the latest revision.

If a change would materially affect how a reasonable user understands our handling of information, we will try to provide additional notice through the site, the product, or another reasonable channel.