Effective date: June 20, 2026
Hayloft Advisors LLC ("Hayloft," "we," "us") operates the Hayloft Strategy Simulator at simulator.hayloftadvisors.com (the "Service"). This policy describes how we collect, use, store, and share your information when you use the Service.
For questions about this policy, contact us at legalnotice@hayloftadvisors.com.
| Category | Details |
|---|---|
| Account information | Email address, display name, and authentication provider (Google, Microsoft, or email). If you sign in via OAuth, we receive only your email and basic profile from the provider — never your password. |
| Session inputs | Topics, discussion guides, context briefs, and any text you submit to run a simulation. |
| Uploaded documents | Documents you upload for revision or analysis (such as .docx files). We extract text content, comments, and tracked changes for AI processing. The original file is deleted after processing; only the extracted text is retained as part of the session record. |
| Session outputs | All AI-generated responses, debate transcripts, synthesis documents, and polished memos produced during your sessions. |
| Usage metadata | Timestamps, template selections, session duration, credit transactions, and general usage patterns. |
| Technical data | IP address, browser type and version, and device information transmitted by your browser in standard HTTP requests. |
We do not collect sensitive personal information such as government IDs, financial account numbers, health data, biometric data, or precise geolocation.
We use the information above for these purposes: delivering and operating the Service, including authenticating your account and processing credit transactions; parsing uploaded documents to extract text, comments, and revision history for use as AI simulation inputs; improving the quality of AI-generated outputs, prompts, and persona configurations; diagnosing errors and debugging session failures; communicating with you about your account, sessions, or service updates; and complying with legal obligations.
We do not use your information for targeted advertising. We do not sell your personal data.
To operate the Service, your data is processed by the following providers. Each provider handles data under its own privacy policy and applicable data processing terms.
| Provider | Role | Data accessed |
|---|---|---|
| Supabase (Supabase Inc.) | Database, authentication, storage | Account info, session data, credit records |
| Google Cloud Platform | Compute infrastructure | All data in transit and at rest on our servers |
| Anthropic | AI model provider (Claude) | Session inputs and AI-generated content during processing |
| Perplexity AI | AI model and web search provider | Session inputs and AI-generated content during processing |
| Stripe | Payment processing | Email address and payment instrument (we never see your full card number) |
| Twilio / SendGrid | Email delivery | Email address, message content for login links and session reports |
| Google, Microsoft | OAuth authentication | Email and basic profile during sign-in only |
The Service uses only functional cookies and browser local storage required for authentication (session tokens) and remembering your interface preferences. We do not use advertising cookies, tracking pixels, or third-party analytics services.
Account information is retained for as long as your account remains active. Session data (inputs, transcripts, and memos) is retained indefinitely for product improvement and service delivery unless you request deletion. Original uploaded document files are deleted immediately after processing; only the extracted text content is retained as part of the session record. Credit transaction records are retained for accounting and tax compliance purposes. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, email legalnotice@hayloftadvisors.com. We will respond within 30 days.
We protect your data using HTTPS encryption in transit, encrypted storage at rest via our infrastructure providers, and role-based access controls. No system is completely secure, and we cannot guarantee absolute security, but we take reasonable technical and organizational measures to protect your information.
Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. The effective date at the top reflects when the current version took effect. If we make material changes, we will notify you by email or by posting a notice on the Service. Continued use after such notice constitutes acceptance of the updated policy.
For privacy-related questions or to exercise your data rights, contact: legalnotice@hayloftadvisors.com
For general legal inquiries, see our Terms of Service.