Privacy Policy

AskDeeper ("we", "us", "our") is an AI-powered research platform that helps teams conduct scalable, conversational interviews. We provide tools for creating surveys with AI-generated questions, conducting AI-moderated interviews with respondents, and generating research insights from responses.

Our mission is to make customer research accessible to teams of all sizes.

Website: https://askdeeper.ai

Contact: [email protected]

Your data is never used to train AI models. Interview responses and research content are processed by AI solely to provide you with insights and analysis. We do not use your data to improve or train our underlying AI systems.

AI providers we work with (Anthropic, OpenAI) process data according to their API data usage policies, which prohibit using API inputs and outputs for model training.

Account Information: When you create an account, we collect your name, email address, and profile picture provided by your authentication provider (Google or email magic link). We also store your subscription plan and billing status.

Research Content: Surveys you create, including research briefs, interview questions, settings, and metadata. This data is stored in your account and accessible only to you.

Interview Responses: Answers provided by respondents to your surveys. Respondents are not required to provide personal information (name, email, phone) unless you enable those fields.

AI-Generated Content: Insights, research briefs, and question suggestions generated by AI models based on your survey data.

Payment Information: If you subscribe to a paid plan, we collect billing details through our payment processor (Stripe). We do not store credit card numbers.

Usage Data: We collect anonymized analytics data (page views, feature usage) through PostHog to improve the platform. We also collect error reports through Sentry to fix bugs.

Device Information: Browser type, operating system, and device identifiers.

Log Data: IP address, access times, and pages viewed.

We use the information we collect to:

Provide, maintain, and improve our Services — creating and managing surveys, conducting AI interviews, generating insights.

Process and complete transactions — subscription billing through Stripe.

Send technical notices, updates, and support messages — transactional emails through Resend.

Respond to your comments, questions, and requests.

Monitor and analyze trends, usage, and activities — anonymized analytics and error monitoring.

Detect, investigate, and prevent fraudulent transactions and abuse.

Generate AI content — survey questions, interview follow-ups, and insights are generated by AI models (see Section 6).

AskDeeper provides a Model Context Protocol (MCP) server that allows AI assistants (such as Claude, ChatGPT, and other MCP-compatible clients) to interact with your surveys on your behalf.

Authentication: MCP access requires OAuth 2.1 authorization. When you connect an AI assistant, you are shown a consent screen listing the specific permissions (scopes) being requested. You must explicitly approve access.

Data Exposed via MCP: The MCP server exposes the following tools — create surveys, publish surveys, list your surveys, view survey details, read AI-generated insights, and read research briefs. All data is scoped to your account only; you cannot access other users' data.

Token Handling: OAuth access tokens are issued by our authentication provider and are short-lived. Refresh tokens can be used to obtain new access tokens. You can revoke access at any time by disconnecting the integration from your account settings.

Data Minimization: MCP tool responses return only the data necessary for the requested operation. No extraneous personal data, internal identifiers, or debug information is included in responses.

AI Providers (Anthropic, OpenAI): We use AI models to generate interview questions, conduct AI interviews, and produce insights. Survey briefs and response data are sent to these providers for processing. AI providers do not use your data to train their models when accessed via API.

Supabase: Database hosting, authentication, and file storage. Data is stored in EU-based infrastructure.

Stripe: Payment processing for subscriptions. Stripe is PCI DSS compliant and handles all payment card data.

Sentry: Error monitoring. Anonymized error data is sent to help us fix bugs. No personal survey data is included.

PostHog (EU): Product analytics. Anonymized usage events help us understand how features are used. We use the EU instance for GDPR compliance.

Resend: Transactional email delivery.

Vercel: Application hosting and CDN.

Inngest: Durable background job processing for insights generation.

We do not sell your personal information.

Service Providers: We share data only with the third-party service providers listed in Section 6, strictly for the purposes described.

Survey Creators: Survey creators can view aggregated insights and individual responses from their surveys.

Respondents: Respondent data is shared with the survey creator who published the survey. Respondents are informed of this in the survey's privacy notice.

Legal Requirements: We may disclose data if required by law, court order, or to protect our rights and safety.

Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

With Your Consent: When you explicitly authorize us to share your information.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

All data is encrypted in transit (HTTPS/TLS) and at rest.

Database access is protected by Row Level Security (RLS) — users can only access their own data.

OAuth tokens are cryptographically signed and short-lived.

API keys and secrets are stored as encrypted environment variables, never in source code.

We regularly update dependencies and monitor for security vulnerabilities.

We retain your information for as long as your account is active or as needed to provide you services.

Account data is retained for 30 days after deletion to allow recovery.

Survey data and responses are retained while the associated account is active. You can delete individual surveys at any time.

AI-generated insights are cached and regenerated as new responses arrive. Cached insights are deleted when the survey is deleted.

Analytics data is anonymized and retained for 12 months.

Error logs are retained for 30 days.

You can request deletion of your data at any time by contacting us.

Depending on your location, you may have the right to:

Access: Request a copy of all personal data we hold about you.

Correction: Update your account information at any time.

Deletion: Delete your account and all associated data. Email [email protected] to request full account deletion.

Portability: Export your survey data.

Objection: Object to or restrict certain processing of your data.

Withdraw Consent: Revoke OAuth/MCP access at any time by disconnecting integrations.

Respondents: Survey respondents can stop participating at any time. Incomplete interview sessions are not saved. Respondents can request deletion by contacting the survey creator or emailing [email protected].

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

Our primary database infrastructure is hosted in the EU (Supabase). AI processing may occur in the United States through our AI providers.

We use essential cookies for authentication sessions (Supabase auth tokens).

We use PostHog cookies for anonymized analytics (EU instance, GDPR compliant).

We do not use advertising or tracking cookies from third parties.

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top. Significant changes will be communicated via email or a notice on the platform.

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Website: https://askdeeper.ai