Privacy Policy — ProdMoh

info 1. Introduction

Welcome to ProdMoh ("we," "us," "our"). ProdMoh provides AI-powered product management tools, including our web platform, Chrome extension (ProdMoh Assist), and governance configuration services (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. By using ProdMoh, you consent to the practices described in this policy.

        Our Privacy Commitment
        We are committed to transparency and user control. We collect only what's necessary, we don't sell your data,
        and we give you tools to manage your information.
      

menu_book 2. Definitions

Term	Definition
Personal Data	Information that identifies or can identify an individual (e.g., name, email, IP address).
User Content	Text, documents, PRDs, user stories, or other content you create, upload, or process through our Services.
Governance Config	Generated configuration files (.cursorrules, .windsurfrules, .moh, etc.) exported from our platform.
AI Processing	The use of artificial intelligence and machine learning models to analyze, summarize, or generate content.
Third-Party AI Providers	External AI services we use to process data (e.g., Google Gemini, OpenAI).

storage 3. Information We Collect

3.1 Information You Provide

Category	Examples	Purpose
Account Information	Email address, name, profile picture (via Google Sign-In)	Authentication, account management
User Content	PRDs, user stories, tech specs, feedback you input	Providing core product functionality
Selected Text (Extension)	Text you highlight and submit for AI analysis	Generating AI-powered insights
Payment Information	Billing details (processed by Stripe/Razorpay)	Processing payments, managing subscriptions
Communications	Support emails, feedback, feature requests	Customer support, product improvement

3.2 Information Collected Automatically

Category	Examples	Purpose
Usage Data	Features used, actions taken, time spent	Product analytics, improving UX
Device Information	Browser type, OS, screen resolution	Technical support, compatibility
Log Data	IP address, access times, error logs	Security, debugging, fraud prevention
Cookies	Session identifiers, preferences	Authentication, personalization

block 4. Information We Do NOT Collect

        Privacy-First Design
        ProdMoh is intentionally designed to minimize data collection. We do NOT collect:
      

Browsing History: We do not track websites you visit outside our platform
Passwords: We never store or access your passwords (authentication via OAuth only)
Keystroke Logging: We do not log keystrokes or mouse movements
Location Data: We do not collect GPS or precise location information
Biometric Data: We do not collect fingerprints, face scans, or voice prints
Health/Financial Records: We do not request or store sensitive health or financial documents (unless you voluntarily include them in User Content)

psychology 5. AI & Data Processing

        ⚠️ Important AI Disclosure
        ProdMoh uses AI models to process your content. Please read this section carefully to understand how your data
        interacts with AI systems.
      

5.1 How AI Processes Your Data

When you use AI-powered features (e.g., PRD generation, user story creation, governance config generation), your User Content is sent to AI models for processing. This includes:

Text you input or select for analysis
Context from your PRDs, user stories, or other documents
Configuration preferences you select (architecture, security framework, etc.)

5.2 Third-Party AI Providers

We use the following third-party AI providers:

Provider	Purpose	Privacy Policy
Google (Gemini)	Content generation, analysis	Google Privacy Policy

These providers process data according to their respective privacy policies and our Data Processing Agreements (DPAs). We select providers that offer enterprise-grade security and privacy protections.

5.3 AI Model Training

        Your Content Is Not Used for Model Training
        We do NOT use your User Content to train, improve, or fine-tune AI models. Your data is processed only to
        generate the immediate response you request.
      

However, third-party AI providers may have their own policies regarding data usage. We encourage you to review their terms. Where possible, we use API configurations that disable data retention by the provider.

5.4 AI Output Accuracy Disclaimer

        ⚠️ No Guarantee of Accuracy
        AI-generated content may contain errors, inaccuracies, or outdated information. ProdMoh provides AI outputs "as
        is" without warranty. You are solely responsible for reviewing, validating, and using AI-generated content. Do
        not rely on AI outputs for critical decisions without human verification.
      

shield 6. Governance Configuration Files

ProdMoh allows you to generate and export Governance Configuration files (.cursorrules, .windsurfrules, copilot-instructions.md, .moh files). These files contain:

Your selected architectural patterns and coding standards
Security framework requirements you chose
Context from your PRDs or user stories
AI safety protocols and implementation guidelines

6.1 Your Responsibility

Once exported, Governance Config files are stored locally on your device or in your repository. You are responsible for:

Securing these files appropriately
Not including sensitive credentials or secrets in your PRD content
Reviewing the generated content before deploying it to production systems

6.2 No ProdMoh Access After Export

Downloaded configuration files are not retained on ProdMoh servers after generation. We do not have access to files after you export them.

settings 7. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and maintain Services	Contract performance
Process payments and manage subscriptions	Contract performance
Send service-related communications	Legitimate interest
Respond to support requests	Contract performance
Improve product functionality	Legitimate interest
Detect and prevent fraud or abuse	Legitimate interest
Comply with legal obligations	Legal obligation
Marketing communications (with consent)	Consent

We do NOT:

Sell your Personal Data to third parties
Use your User Content for advertising or profiling
Share your data for third-party marketing without consent

gavel 8. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data based on the following legal grounds:

Consent: Where you have given explicit consent (e.g., marketing emails)
Contract Performance: To provide Services you have requested
Legitimate Interests: For product improvement, security, fraud prevention
Legal Obligation: To comply with applicable laws

We may share your information with:

9.1 Service Providers

Provider	Purpose	Data Shared
Google Cloud / Firebase	Hosting, database, authentication	Account data, User Content
Stripe / Razorpay	Payment processing	Billing information (we don't store card details)
Google Gemini	AI processing	User Content submitted for AI analysis
Analytics providers	Product analytics	Anonymized usage data

9.2 Legal Requirements

We may disclose data if required by law, court order, or government request, or to:

Protect the rights, property, or safety of ProdMoh, our users, or others
Investigate fraud, security issues, or Terms of Service violations
Respond to legal process or law enforcement requests

9.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before such transfer.

lock 10. Data Security

We implement industry-standard security measures including:

Encryption in Transit: All data is transmitted over HTTPS/TLS 1.3
Encryption at Rest: Sensitive data is encrypted using AES-256
Access Controls: Role-based access with multi-factor authentication for employees
Security Audits: Regular vulnerability assessments and penetration testing
Incident Response: Documented procedures for security incidents

        No System Is 100% Secure
        While we take extensive measures to protect your data, no method of transmission or storage is completely
        secure. You use our Services at your own risk.
      

schedule 11. Data Retention

Data Type	Retention Period
Account Information	Until account deletion + 30 days
User Content (PRDs, Stories)	Until you delete or account deletion
AI Processing Logs	Ephemeral (not retained after response)
Payment Records	7 years (legal/tax requirements)
Server Logs	90 days (security purposes)
Support Communications	3 years for reference

verified_user 12. Your Privacy Rights

Depending on your location, you may have the following rights:

12.1 All Users

Access: Request a copy of your Personal Data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and data
Export: Download your User Content in standard formats

12.2 EEA/UK/Swiss Residents (GDPR)

Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

12.3 California Residents (CCPA/CPRA)

Right to know what Personal Information we collect
Right to delete Personal Information
Right to opt-out of "sales" (we do not sell your data)
Right to non-discrimination for exercising privacy rights

To exercise your rights: Email privacy@prodmoh.com with your request. We will respond within 30 days (or sooner as required by law).

public 13. International Data Transfers

ProdMoh is operated from India. Your data may be transferred to and processed in countries outside your residence, including:

India (primary operations)
United States (cloud infrastructure, AI providers)

For EEA/UK transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other lawful transfer mechanisms.

cookie 14. Cookies & Tracking Technologies

Type	Purpose	Duration
Essential Cookies	Authentication, session management	Session
Preference Cookies	Remember your settings	1 year
Analytics Cookies	Understand product usage	2 years

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

child_care 15. Children's Privacy

ProdMoh is not intended for users under 16 years of age. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, contact us at privacy@prodmoh.com and we will delete it promptly.

update 16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:

We will update the "Last Updated" date at the top
We may notify you via email or in-product notification
Continued use after changes constitutes acceptance

We encourage you to review this policy periodically.

cancel 17. Cancellation & Refund Policy

ProdMoh provides AI-powered digital services on a prepaid, non-refundable basis:

No Refunds: All purchases (credits, subscriptions) are final once completed
Subscription Cancellation: Cancel anytime via dashboard; stops future renewals but does not refund prior charges
Free Trial: New users receive free credits to evaluate the product before purchasing
Digital Service: No physical goods; no shipping involved

email 18. Contact Us

Privacy Inquiries

Email: privacy@prodmoh.com

General Support: info@prodmoh.com

Website: https://prodmoh.com

Response time: Within 30 days for privacy requests

        Summary
        ProdMoh collects only what's necessary to provide our Services. We don't sell your data. Your AI-processed
        content is not used for model training. You have control over your data with access, correction, and deletion
        rights.
      