Privacy Policy

Effective April 16, 2026·Updated April 16, 2026

1. Who we are

Prsona is operated by Open Venture Group, LLC, a Delaware limited liability company (“Prsona,” “we,” “us”). Our principal place of business is the United States.

This Privacy Policy applies to the Prsona website (prsona.io), dashboard, and Chrome extension (together, the “Service”). It describes what data we collect, why we collect it, how we use and share it, and the rights you have over your data.

If you have questions or want to exercise any of the rights described below, contact us at info@prsona.io.

2. The short version

  • We collect the minimum data needed to run the Service: your email, name, workspace details, and the prospect content you explicitly ask our AI to analyze.
  • We never sell your data.
  • We use a small list of sub-processors (Supabase, Anthropic, Upstash, Sentry, PostHog, Resend, Stripe, Railway) — all named in Section 9.
  • You can export your data, delete your account, or ask us what we have about you at any time — see Section 10.
  • We comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

3. What we collect

3.1 Account data

  • Email address (used as your login)
  • Full name
  • Password (hashed — we never see or store your plaintext password)
  • Organization name (the workspace you create or are invited into)
  • Your role within your organization (owner, admin, or member)
  • Date/time of account creation and last sign-in

3.2 Usage data

  • Number of AI analyses and email drafts you run each billing period
  • Which AI model was used for each analysis (for audit purposes — see Section 6)
  • Your plan (free, starter, growth, or enterprise) and billing state
  • IP address and browser user-agent when you sign in (for security lockouts)
  • Product analytics events (button clicks, feature usage) via PostHog
  • Error and performance traces via Sentry (may include IP address and technical metadata)

3.3 Prospect content (data you send us)

When you click “Analyze” on the Prsona Chrome extension, the visible text of the webpage you are currently viewing is sent to our servers and then to our AI provider (Anthropic) for analysis. The most common origin is a LinkedIn profile or company page, though the extension works on any public webpage with prospect information (Crunchbase, company “About” pages, personal sites, etc.). Captured data may include:

  • Public information about the person or company on that page (name, role, company, bio, public posts)
  • The URL you were viewing
  • The result of the analysis (extracted contact details, conversation hooks, score)

We do not have a partnership with LinkedIn or other source sites. Prsona reads only the page you have already loaded in your browser; we do not scrape, log into, or access content behind any login on your behalf.

You control this.The extension only captures content when you explicitly click Analyze. We do not observe your browsing otherwise. We never access tabs you haven't analyzed.

3.4 Brand voice settings (optional)

If you are on a paid plan, you may enter tone, product context, ICP, and custom rules in the Brand Voice settings. This text is used to personalize AI-generated drafts and is stored in our database.

3.5 Billing data

When you subscribe to a paid plan, Stripe collects and processes your payment information (credit card number, billing address). We never see or store your card details. Stripe sends us only your subscription status and plan.

3.6 Data we do NOT collect

  • We do not read emails from your inbox.
  • We do not watch tabs you have not explicitly analyzed.
  • We do not collect biometric data.
  • We do not collect data from or about children under 16.
  • We do not use facial recognition.

4. Why we collect it (purposes + legal bases)

Under the GDPR, we must have a “lawful basis” for every use of your data. Here is what we use your data for and the lawful basis under Article 6 of the GDPR:

PurposeData usedLegal basis (GDPR Art. 6)
Provide the Service (accounts, analyses, drafts)Account, prospect, usage dataPerformance of a contract (Art. 6(1)(b))
Bill you for paid plansBilling data, planContract (Art. 6(1)(b))
Security (brute-force, abuse detection)IP, user-agent, login attemptsLegitimate interests (Art. 6(1)(f))
Billing gate integrity monitoringPlan, usage, model auditLegitimate interests (Art. 6(1)(f))
Product analytics (PostHog)Feature clicks, funnel eventsConsent via onboarding / Legitimate interest (Art. 6(1)(a)/(f))
Error monitoring (Sentry)Exception traces, technical metadataLegitimate interests (Art. 6(1)(f))
Transactional email (invites, receipts)Email, nameContract (Art. 6(1)(b))
Marketing email (only if you opt in)Email, nameConsent (Art. 6(1)(a))
Legal/tax complianceBilling recordsLegal obligation (Art. 6(1)(c))

5. How long we keep it

  • Account data: for as long as your account is active, plus 30 days after deletion to complete any pending billing.
  • Prospect content (analyses, drafts): for as long as you keep them in your workspace. Deleting them is immediate and permanent (after a 30-day database backup retention window).
  • Brand voice settings: for as long as your account is active.
  • Usage metrics: aggregated indefinitely; tied to your account for 12 months.
  • Billing records: 7 years to comply with US tax regulations.
  • Security logs (IP, user-agent): 90 days.
  • Analytics events (PostHog): 12 months.
  • Error traces (Sentry): 90 days.

When you delete your account (Section 10), we remove all data associated with your personal identity within 30 days, except billing records we are legally required to retain.

6. AI processing and automated decisions

Prsona uses third-party AI models from Anthropic (Claude) to analyze prospect content and generate email drafts. When you click Analyze:

  1. The page content you send is transmitted to Anthropic over TLS.
  2. Anthropic processes it per their Privacy Policy.
  3. Anthropic does not use content sent via their commercial API to train their models.
  4. We store the AI's output in our database under your workspace.

Prsona does notmake automated decisions that have legal or similarly significant effects on you (GDPR Article 22). The AI generates recommendations (a “score” and a draft email) that a human on your team decides whether to act on.

7. Chrome extension specific disclosures

Prsona is published on the Chrome Web Store as a browser extension (“the Extension”). This section discloses, in the format the Chrome Web Store requires, exactly what data the Extension collects, how it is handled, and why each Chrome permission is needed. It supplements the categories above with extension-specific detail.

7.0 Single purpose

The Extension has a single, clearly-described purpose: to help a signed-in B2B sales user analyze a prospect’s public profile or company page (on LinkedIn or X / Twitter) and generate a personalized cold-outreach email in their team’s brand voice. Every piece of data the Extension collects is collected exclusively in direct support of that single purpose. The Extension does not perform unrelated tracking, advertising, analytics-for-sale, browser fingerprinting, or background data collection.

7.1 Prominent disclosure & affirmative consent

Data collection by the Extension is gated by the user’s explicit, affirmative actions. The Extension does not collect any data from a webpage until the user takes a specific in-product action that makes the collection intent unambiguous:

  • To use the Extension at all, the user must first sign up for a Prsona account at www.prsona.io. Account creation displays this Privacy Policy and the Terms of Service, and creating the account constitutes affirmative consent to the data flow described in Sections 7.2 – 7.4 below.
  • To capture page data,the user must click the Prsona toolbar icon (which opens the side panel) AND click the “Analyze This Page” button on a supported profile page. Clicking that button is the user’s affirmative consent for the Extension to read the visible content of the current tab and transmit it to Prsona’s backend for analysis. The Extension does not analyze any page automatically and does not run analysis in the background.
  • To save a contact or generate a draft,the user must click an additional explicit button (Save Contact / Generate Email). No prospect data is persisted to the user’s organization account without that second click.
  • The Extension does not run on any URL outside of LinkedIn and X / Twitter (declared in host_permissions), so it cannot — structurally cannot — observe a user’s broader browsing activity. It also has no background-page entry point that runs without user interaction.

Users can withdraw consent at any time by signing out of the Extension (which immediately revokes the auth session and stops all data collection), uninstalling the Extension from chrome://extensions, and/or deleting their Prsona account from the dashboard (which removes all stored data — see Section 7.6).

7.2 Permissions the Extension requests, and why

  • activeTab— Lets the Extension read the content of the tab the user is actively viewing only when the user clicks the Prsona toolbar icon. We use this to extract the visible text of the LinkedIn or X/Twitter profile the user is on so the Service can analyze it. We do not read tabs the user has not opened the Extension on.
  • sidePanel— Lets the Extension render its UI in Chrome’s side panel rather than a popup. This is the primary surface the user interacts with.
  • storage— Lets the Extension store the user’s authentication session locally in the browser, so the user does not have to sign in every time the side panel is opened. Only auth tokens and minimal session metadata are stored. No prospect content is stored in chrome.storage.
  • scripting— Lets the Extension inject a content script into the active tab when the user clicks “Analyze.” The content script reads the visible DOM (text + structured fields) and returns it to the side panel for the user’s analysis request.
  • host_permissions for linkedin.com, x.com, and twitter.com— The content script runs only on these domains. The Extension does not access any other website. The host list is scoped narrowly to the public B2B prospect surfaces the Service is designed to read.
  • host_permissions for our own backend (sjpjhvyabnkhkulundvx.supabase.co),www.prsona.io, and our error-tracking endpoint (o4511179290968064.ingest.us.sentry.io) — lets the Extension call our own API to authenticate, run analysis, generate drafts, and report errors. No third-party advertising networks or analytics services are reached by the Extension.

7.3 What user data the Extension collects

When the user clicks “Analyze” on a supported page, the Extension transmits the following to our backend:

  • Personally identifiable information about the prospect— name, role, company, public bio, public posts as they appear on the page the user is viewing. This is data theuser chooses to research, not data about the user themselves.
  • Authentication information— the user’s Supabase session token, used to authorize each request to our backend. Stored in chrome.storage.localon the user’s machine.
  • Web history— only the URL of the page the user is actively viewing when they click Analyze. We do not track the user’s browsing history, do not log every page they visit, and do not run in the background.
  • User activity— which Analyze / Generate-Draft buttons the user clicks, with timestamps. Used for usage limits and abuse prevention.

The Extension does not collect: financial / payment information, health information, location data, authentication credentials for any third-party site, personal communications (emails, chats), or photos / videos / audio.

7.4 How the Extension uses, stores, and shares user data

  • Use:data is used solely to provide the Service to the user who is signed in — analyzing the prospect, generating an email draft in the team’s brand voice, and saving the contact / draft to the user’s own organization account. Data is never used for advertising, never sold, and never used to train AI models.
  • Storage: data is stored in our Supabase database (US-East), encrypted at rest and in transit. Access is scoped per organization via Postgres Row Level Security so other customers physically cannot read it. Authentication tokens stored in chrome.storage.localnever leave the user’s machine.
  • Sharing: the Extension shares data only with the sub-processors listed in Section 9 (Supabase for storage, Anthropic for the LLM call, Stripe for billing, Sentry for error tracking). It does not share data with advertisers, data brokers, or any third party not strictly required to deliver the Service.
  • Retention: see Section 5. Users can delete their account at any time, which removes all associated data.

7.5 Limited Use disclosure (Chrome Web Store User Data Policy)

Prsona’s use and transfer of information received from Google APIs (and equivalent user data accessed through the Extension) adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:

  • We use the data only to provide and improve user-facing features of the Extension that are visible from the requesting Extension user’s interface.
  • We do not transfer the data to others except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • We do not use or transfer the data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not use or transfer the data to determine creditworthiness or for lending purposes.
  • We do not allow humans to read the data unless we have the user’s affirmative agreement for specific data, it is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations and the data has been de-identified.

7.6 How users can review, export, or delete their data

From the dashboard at https://www.prsona.io, a signed-in user can: export every contact and draft they have saved as CSV, delete individual records at any time, and permanently delete their account (which deletes all of their data, including auth tokens stored locally by the Extension on next launch). To request a copy of all data we have on a specific user, email info@prsona.io and we will respond within 30 days.

8. Who we share data with

We do not sell your data. We share data only with the sub-processors listed in Section 9, and only to the extent needed to run the Service.

We may disclose your data if required by law (subpoena, court order, etc.) — and will notify you unless legally prohibited.

9. Sub-processors

The following service providers process your data on our behalf. All have signed standard data-processing agreements with us or operate under their public DPAs.

ProviderPurposeRegion
SupabaseDatabase, authentication, file storageUS-East
AnthropicAI model for prospect analysis and draft generationUS
UpstashRate limiting + analysis caching (Redis)US
SentryError monitoring and alertingUS
PostHogProduct analyticsUS
ResendTransactional email deliveryUS
StripePayment processingUS / global
RailwayWebsite and dashboard hostingUS

We will update this list when we add or remove sub-processors. Material changes are announced 30 days in advance by email.

10. Your rights

10.1 Everyone (US + EU)

  • Access — ask us for a copy of the personal data we hold about you
  • Correct — fix inaccurate data via your account settings or by emailing us
  • Delete — remove your account and all associated data (see Section 10.4)
  • Export — download your workspace contacts, drafts, and settings in CSV / JSON format
  • Opt out of marketing — unsubscribe link in every marketing email

10.2 EU / UK residents (GDPR)

You also have the right to:

  • Restriction of processing — ask us to pause certain uses of your data (GDPR Art. 18)
  • Object — object to processing based on legitimate interests (Art. 21)
  • Data portability — receive your data in a structured, machine-readable format (Art. 20)
  • Withdraw consent — for any processing based on your consent (Art. 7(3))
  • Lodge a complaint — with your local data protection authority. A list is available at EDPB members.

10.3 California residents (CCPA/CPRA)

In addition to the rights above, California residents may:

  • Request the categories and specific pieces of personal information we have collected about you
  • Request deletion of personal information (with some exceptions for legal retention)
  • Opt out of any “sale” or “sharing” of personal information — we do neither, so there is nothing to opt out of today
  • Not receive discriminatory treatment for exercising these rights

10.4 How to exercise your rights

Email info@prsona.iowith “Data Rights Request” in the subject line. We will verify your identity (usually by confirming the email associated with your account) and respond within 30 days — faster where required by law.

To delete your account directly, email info@prsona.iowith subject “Delete Account” and we will permanently delete your account and all associated data within 30 days.

11. International data transfers

Prsona is operated from the United States. If you are in the EU, UK, Switzerland, or another country with data-transfer restrictions, your data will be transferred to the US and processed by our US-based sub-processors.

We rely on the European Commission's Standard Contractual Clauses (2021/914) for transfers of EU personal data to our US sub-processors. Where applicable, we also rely on the UK International Data Transfer Addendum and the Swiss-US Data Privacy Framework.

12. Security

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256, provided by Supabase).
  • Passwords are hashed with bcrypt; we never store plaintext.
  • Database-level Row-Level Security isolates every organization's data; no cross-tenant access is possible.
  • Billing state and subscription changes are locked to our Stripe webhook pathway; no user-facing action can elevate a plan without payment.
  • We run automated integrity checks every 15 minutes against our billing and access controls, with alerts paging us immediately on any deviation.
  • Account sessions use HttpOnly, Secure, SameSite cookies.

13. Cookies and tracking

Prsona uses a small number of cookies, all strictly necessary or for first-party analytics:

  • Authentication cookies (HttpOnly) — keep you signed in
  • CSRF protection cookies — security
  • PostHog analytics cookie — anonymous product usage measurement. You may disable this in your browser; the Service still works fully.

We do not use third-party advertising cookies or retargeting pixels.

14. Changes to this policy

We may update this policy as our Service evolves. Material changes will be announced by email to active users at least 14 days before the new version takes effect. Minor clarifications take effect on publication. The “Last updated” date at the top of this page always reflects the current version.

15. Contact

Questions, complaints, or data-rights requests:

Email: info@prsona.io
Subject line:“Privacy” or “Data Rights Request”

Postal address:
Open Venture Group, LLC
c/o United States Corporation Agents, Inc. (Registered Agent)
131 Continental Drive, Suite 305
Newark, DE 19713
United States

Note: the postal address above is our registered agent for service of process. For faster responses to privacy or data-rights requests, please email us first at info@prsona.io.