Data Protection

Privacy Policy

Last updated: May 10, 2026

1

Information We Collect

We collect the following categories of information when you use TeamDynamics:

Account Information

  • Name, email address, and password (hashed with bcrypt)
  • Google profile data (name, email, avatar) if you sign in via Google OAuth 2.0
  • Account role and simulation credit balance

Simulation Data

  • Company profiles and crisis scenarios you configure
  • Custom agent configurations (names, roles, personality traits)
  • Simulation messages, agent responses, and state data
  • AI-generated reports and analysis outputs

Uploaded Documents

  • Files uploaded for AI document analysis (PDF, DOCX, TXT, CSV, XLSX)
  • Extracted text content used solely for analysis purposes

Usage Data

  • Browser type, operating system, and device information
  • Pages visited, features used, and interaction patterns
  • Error logs and performance data (via Sentry)

Payment Information

  • Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers
  • We receive transaction confirmations and credit package identifiers from Stripe
2

How We Use Your Information

We use the information we collect to:

  • Provide the Service — Create and manage your account, run simulations, generate reports
  • Process Payments — Manage credit purchases and transaction records
  • Improve the Service — Analyze usage patterns to enhance features and fix bugs
  • Communicate — Send service updates, onboarding emails, and respond to support inquiries
  • Ensure Security — Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance — Meet applicable legal and regulatory obligations
3

AI & LLM Data Processing

TeamDynamics uses third-party Large Language Model (LLM) providers to power agent simulations and report generation. Here is how your data is handled:

  • Data sent to LLM providers: Simulation prompts include company profiles, crisis scenarios, agent personality configurations, and conversation history. We do not include your personal account information (email, password, payment data) in LLM prompts
  • Providers used: OpenAI, Google Gemini, and OpenRouter (which may route to various model providers). Each provider has its own data handling policies
  • We do not use your simulation data to train or fine-tune any AI models
  • LLM responses are generated in real-time and stored as simulation messages in our database for your continued access
4

Data Sharing & Third Parties

We share data with the following third-party services, strictly as required to operate the platform:

  • Stripe — Payment processing. Stripe receives your payment details directly and is subject to the Stripe Privacy Policy
  • Google — OAuth authentication. If you sign in with Google, we receive basic profile data per Google's Privacy Policy
  • LLM Providers (OpenAI, Google Gemini, OpenRouter) — Simulation prompt data as described in the AI & LLM Data Processing section above
  • Sentry — Error tracking and performance monitoring. May receive anonymized error data and user identifiers for debugging purposes
  • Resend — Transactional email delivery for onboarding and notifications

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

5

Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Authentication: JWT-based token authentication with 7-day expiry
  • Password Security: All passwords are hashed using bcrypt with automatic salting — we never store plaintext passwords
  • Transport Encryption: All data in transit is encrypted via HTTPS/TLS
  • Access Control: CORS restrictions, rate limiting, and role-based access controls
  • File Uploads: Size limits (10MB) and extension whitelisting to prevent malicious uploads

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6

Data Retention

We retain your data as follows:

  • Account Data: Retained for as long as your account is active. Deleted upon account deletion request
  • Simulation Data: Retained for your continued access to simulation history, reports, and replays. Deleted upon account deletion request
  • Uploaded Documents: Processed in-memory for analysis and not permanently stored after processing
  • Payment Records: Retained as required by financial regulations and Stripe's data retention policies
  • Error Logs: Retained in Sentry for up to 90 days for debugging purposes
7

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and associated data
  • Export: Request an export of your simulation data in a machine-readable format
  • Opt-Out: Unsubscribe from non-essential email communications at any time
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at privacy@teamdynamics.dev. We will respond to your request within 30 days.

8

Cookies & Local Storage

TeamDynamics uses minimal cookies and browser storage:

  • Authentication Token:A JWT token stored in your browser's local storage to maintain your login session
  • Theme Preference: Your dark/light mode preference is stored locally

We do not use third-party tracking cookies, advertising pixels, or behavioral tracking technologies.

9

Children's Privacy

TeamDynamics is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@teamdynamics.dev.

10

International Data Transfers

Your data may be processed and stored in jurisdictions outside your country of residence, including the United States, where our service providers (Stripe, OpenAI, Google, Sentry) operate. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your country. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

11

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Service or via email to registered users. The "Last updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12

Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights:

For more information about our service terms, please see our Terms of Service.