Privacy Policy

1.Scope and who we are

Dodger AI, Inc. is a Delaware corporation. We are the controller of the personal data described in this policy. If you have any questions about this policy or our data practices, see Contact us below.

This policy covers our marketing site, web application at app.dodger.ai, the remote MCP server at mcp.dodger.ai, and any data you submit through them. It does not cover third-party sites we link to.

2.Information we collect

2.1 Information you provide

• Account information. Name, email address, and authentication identifiers when you sign in via WorkOS AuthKit (including SSO providers you choose to use, such as Google).
• Profile and settings. Workspace name, theme, default platform, notification preferences.
• Project inputs. The one-sentence prompts, briefs, target markets, attached files (PDF, DOCX), and configuration you submit to run a research canvas.
• Billing information. Stripe handles all payment data. We never see or store full card numbers; we receive a customer ID, plan, billing interval, and subscription status.
• Communications. Messages you send us via email, contact forms, or support channels.

2.2 Information collected automatically

• Device and log data. IP address, user agent, referrer, language, timestamps, and pages viewed. Used for security, debugging, and rate limiting.
• Usage data. Which features you use, pipeline runs, queue jobs, and aggregate counts. Used to enforce plan limits and improve the product.
• Cookies and similar. Strictly-necessary cookies for sign-in sessions; see our Cookie Policy for the full list.

2.3 Information generated by the Service

Dodger generates synthetic content — market research summaries, behavioral personas, interview transcripts, wireframes, and usability simulations — based on your inputs. This output is associated with your account and stored in our database. The synthetic personas inside a canvas are fictional and not real people; they do not represent identifiable individuals.

3.How we use information

• Provide, operate, and secure the Service, including running your research pipelines, storing outputs, and serving them back to you.
• Authenticate you and maintain your session across the web app and the MCP server.
• Process payments, manage subscriptions, calculate plan limits, and send billing receipts.
• Send transactional email — sign-in links, billing notifications, security alerts, and product updates you have opted into.
• Diagnose problems, prevent abuse, and enforce our Terms of Service.
• Improve the product through aggregate analysis of feature usage. We do not train AI models on your project inputs or outputs (see Section 6).
• Comply with legal obligations and respond to lawful requests.

4.Legal bases (GDPR)

If you are in the EEA, UK, or Switzerland, we process your personal data on the following legal bases:

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to secure the Service, prevent abuse, and improve the product, balanced against your rights.
• Consent — for optional product update emails and any non-essential cookies, where we ask first.
• Legal obligation — to comply with tax, accounting, and law-enforcement obligations.

5.How we share information

We do not sell personal data. We share it only with:

• Sub-processors who help us run the Service. The current list is in our Data Processing Addendum and includes Anthropic, Supabase, WorkOS, Stripe, Resend, Browserbase, Cloudflare, and Lago.
• Professional advisors — accountants, lawyers, auditors — under confidentiality.
• Acquirers in connection with a merger, financing, or sale of assets, subject to standard confidentiality protections.
• Authorities when required by valid legal process, where we will challenge over-broad requests where lawful.

6.AI processing and training

To run a canvas, your inputs are sent to large-language-model providers (currently Anthropic) for inference. We have contractual commitments with these providers that your inputs and outputs are not used to train their foundation models.

We also do not use your project inputs, outputs, or research artefacts to train any Dodger-owned model. Aggregate, anonymised metrics about feature usage may inform product decisions, but the underlying content of your canvases is not part of any training corpus.

The personas and interview transcripts that Dodger generates are synthetic. They are LLM-produced fictional characters, not real people. Any resemblance to a real person is coincidental, and you should not treat synthesized output as a substitute for real-world user research with consenting participants.

7.Retention

• Account data is retained while your account is active.
• Project canvases and outputs are retained until you delete them or close your account; backups are purged within 30 days of deletion.
• Billing records are retained for as long as required by tax and accounting law (typically 7 years).
• Server logs are retained for up to 90 days for security and debugging.

You can delete a workspace and its data at any time from Settings, or email us to expedite a full account deletion.

8.International transfers

Dodger is operated from the United States, and our primary database is hosted in the AWS us-east-2 region via Supabase. If you access the Service from outside the US, your data will be transferred to and processed in the US and other countries where our sub-processors operate. For transfers from the EEA, UK, or Switzerland we rely on the EU Standard Contractual Clauses and equivalent UK and Swiss safeguards, as described in our DPA.

9.Your rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data or complete incomplete data.
• Delete your data ("right to be forgotten").
• Restrict or object to certain processing.
• Receive a copy of your data in a portable format.
• Withdraw consent at any time, where we rely on it.
• Lodge a complaint with your supervisory authority.

To exercise any of these rights, email privacy@dodger.ai. We will respond within 30 days. We will not discriminate against you for exercising your rights.

10.Security

We use TLS for data in transit, encryption at rest for our databases, hashed and salted secrets for API keys, and least-privilege access controls. Authentication is handled by WorkOS AuthKit; payments by Stripe; database hosting by Supabase. No system is perfectly secure, but we work hard to protect your data and will notify you of any breach involving your personal data without undue delay, as required by law.

11.Children

Dodger is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, email privacy@dodger.ai and we will delete it.

12.Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes we will notify account holders by email or in-product notice at least 14 days before the change takes effect.

13.Contact us

If you have questions about this policy or our data practices, get in touch: