Outturn Privacy Policy

Version 2026-05-06 · Last updated May 6, 2026

Plain-language summary (not part of the policy): We collect what we need to deliver the work you asked for and to bill you for it. We don't sell your data. We use Stripe for payments, Vercel + Neon for hosting, Anthropic for the intake AI, PostHog for product analytics, and Sentry for error tracking. You can ask us to access, correct, or delete your data — email privacy@outturn.dev.

1. Who we are

Outturn ("we", "us") operates outturn.dev and provides outcome-driven product and content development services. Outturn is a product of KSElevated Solutions, LLC, a Colorado limited liability company. We are the data controller for the personal information described below.

2. What we collect

We collect:

Contact information you provide during intake or sign-up: name, email address, company name, optional website. We use this to identify you, send transactional email, and contact you about your projects.
Project content: the brief you describe in the intake chat, files you attach, links and references you share. The chat transcript is stored in your browser's localStorage during the conversation and is cleared when you submit. The structured brief (the populated form) is stored in our database as the record of what you requested.
Connection credentials when you authorize Outturn to act on your behalf in third-party systems (e.g., Vercel, Stripe, GitHub) for project delivery. We persist only references — the actual credentials are stored in third-party secret stores (typically Stripe Secret Store) and we hold short-lived grants while a Builder is actively working.
Payment information: Stripe processes your card details and we never store them. We retain Stripe transaction IDs, amounts, and dates for accounting and audit.
Server logs and analytics: standard request logs (IP, user agent, timestamps) for security and debugging; product analytics events (e.g., request_submitted, tier_classified) via PostHog for product improvement; error reports via Sentry.
Theme preference and other UI state in browser localStorage. Not transmitted to our servers.

We do not knowingly collect data from children under 18. The service is not intended for them.

3. How we use it

We use your information to:

Deliver the project you asked for, including routing it to the assigned Builder.
Bill you and reconcile payments via Stripe.
Respond to support requests and contact you about your projects.
Improve the product based on aggregated analytics.
Detect and prevent fraud or abuse.
Comply with legal obligations (tax, accounting, court orders).

We will not use your project content to train AI models. We will not sell your personal information to anyone.

4. Third-party processors

We share data with the following processors strictly to operate the service:

| Processor | Purpose | Data shared | |-----------|---------|-------------| | Stripe | Payments, subscriptions | Email, name, payment details (Stripe-side only), transaction history | | Vercel | Hosting | Server logs, deployment data | | Neon (Postgres) | Database | Customer + project records | | Vercel Blob | File storage | Uploaded images and attachments | | Anthropic | AI inference for the intake chat | Your messages to the intake assistant | | Vercel AI Gateway | API routing for Anthropic | Same as above | | Clerk | Authentication (admin and signed-in customer surfaces) | Email, sign-in events | | PostHog | Product analytics | Event names, customer email or anonymous ID, project IDs | | Sentry | Error tracking | Stack traces, request metadata; PII is filtered out where possible | | Inngest | Background jobs | Project IDs and event payloads |

Each processor has its own privacy commitments. We choose processors that meet a baseline of GDPR/CCPA-style protections. We require Data Processing Agreements where applicable.

5. Where your data lives

Our servers and processors are based primarily in the United States. If you are accessing the service from outside the US, your information may be transferred to and processed in the US.

6. How long we keep it

Project records (requests, outcomes, payments): 7 years, for tax and audit. After that, we anonymize or delete.
Conversation drafts: cleared from your browser when you submit, and not retained server-side.
Connection grants: short-lived (minutes to hours during active delivery); access logs retained 90 days.
Server logs: 30 days.
Analytics events: per PostHog default retention (currently 7 years for events on our paid tier; we will revisit if we move tiers).
Support emails: as long as we're in an active relationship with you, then 2 years for reference.

7. Your rights

Wherever you are, you can ask us to:

Access the personal information we have about you.
Correct anything that's inaccurate.
Delete your information, subject to legal retention obligations (e.g., tax records).
Export your data in a portable format.
Withdraw consent for marketing communications at any time. Withdrawing consent does not affect the lawfulness of prior processing.

To exercise any of these, email privacy@outturn.dev. We'll respond within 30 days.

If you are in the EU/UK, you also have the right to lodge a complaint with your local supervisory authority. If you are in California, you have additional rights under the CCPA — same email address.

8. Cookies and similar technologies

We use the minimum:

Auth cookies managed by Clerk to keep you signed in.
A theme preference stored in localStorage (not a cookie, not transmitted).
Anonymous analytics identifiers stored by PostHog if it is enabled in your environment. We do not use third-party advertising or cross-site tracking cookies.

We do not currently show a cookie banner because none of the above are tracking cookies. If we add tracking that requires consent in your jurisdiction, we will add a banner.

9. Security

We follow industry-standard practices: encryption in transit (TLS) and at rest (provider-managed), least-privilege access to production data, audit logging via Sentry and our own analytics, and short-lived credential grants for third-party operations (the connections broker pattern). No system is perfectly secure; if we discover a breach affecting your data, we'll notify you as required by applicable law.

10. Updates

If we change this policy in a way that materially affects your rights, we'll email you and post the new version here with a higher version number. Significant changes may require re-acceptance.

11. Contact

Privacy questions, data requests, or complaints: privacy@outturn.dev.

Plain-language summaries in this document are illustrative; the numbered sections are what you agreed to. Questions? Email legal@outturn.dev.