Privacy Policy

MarketPrior is an AI-generated competitive intelligence service operated by Interimed Company (“we”, “us”, “our”). We generate AI-assisted competitive-intelligence reports about companies and markets, synthesized from a proprietary public-record corpus and delivered through an MCP-native server and HTTP API. Our registered contact email is hello@marketprior.com.

Account data

• Email address — required for all accounts.
• OAuth identity (display name, profile picture URL, OAuth provider user ID) when you sign up or log in via Google or Microsoft.
• Billing tier (“free”, “pro”, “team”, or “enterprise”) stored in our database, updated only by our payment processor via a signed webhook.
• Stripe customer ID, linked to your account after a checkout event.

Session & authentication data

• Supabase auth session cookies (httpOnly, Secure, SameSite=Lax) stored in your browser to keep you signed in.
• HMAC-signed API keys you generate in the dashboard (we store only a SHA-256 hash of each key, never the plaintext).

Report and assessment data

MarketPrior’s core function is generating competitive-intelligence reports from our corpus. When you use the MCP server or HTTP API, we record:

• Request and session identifiers (randomly generated UUIDs — not derived from your query content).
• Report parameters you submit via the MCP tools / API: the target company or market, vertical, geography, research depth, and any structured signals or notes you provide.
• Generated report records: the synthesized competitive-landscape report and the corpus rows cited within it, tied to your account and API key.
• Deep-research job records: input parameters (vertical, geography, research depth), job status, and the resulting report. When deep_research_mode is used, report synthesis sends your query parameters to a third-party large-language-model provider (see Sub-processors below).

All report data is tied to your user account and API key. Free-tier users’ history is retained for the current calendar month; paid tiers retain history indefinitely or until deletion is requested.

Corpus data (read-only)

MarketPrior maintains a competitive-intelligence corpus sourced exclusively from public-domain and permissively-licensed records (for example SEC EDGAR, Crunchbase open CSV, Companies House, Wikidata, USAspending, and GLEIF). We do not scrape personal social-media profiles, LinkedIn, or any source that prohibits such use.

The corpus includes named individuals — principally company founders — sourced from Wikidata under its CC0 public-domain dedication. We process this information solely to attribute companies to their founders and to support competitive-intelligence reporting. If you are an individual named in the corpus and wish to be removed, you may request removal by emailing hello@marketprior.com.

Technical & usage data

• API request timestamps and rate-limit counters (stored in Upstash Redis, TTL 1 day).
• Standard HTTP server logs (IP address, user-agent, path, timestamp) retained by Cloudflare for up to 30 days under their data retention policy.

We process your data under the following bases (GDPR Article 6):

• Contract performance — account data, session tokens, API keys, and assessment events are necessary to provide the service you signed up for.
• Legitimate interests — rate-limit counters and server logs are necessary to operate, debug, and secure the service; our interests do not override your fundamental rights.
• Legal obligation — we retain billing records (Stripe invoices) for the period required by applicable tax law.

We share data only with the sub-processors below, strictly for operating the service:

We do not sell your data to any third party, and we do not use your report content to train AI models. To generate reports — including in deep_research_mode — we send your query parameters and relevant corpus context to a third-party large-language-model provider (Anthropic by default; OpenAI where configured) for synthesis. We send only what is needed to produce your report.

All primary user and assessment data is stored in Supabase on AWS us-east-1. If you are located in the EU, data transfers are covered by Supabase’s DPA and standard contractual clauses.

• Account data — retained until you delete your account.
• Assessment events & sessions — retained until you delete your account or request deletion at marketprior.com/data.
• API key hashes — deleted when you revoke the key or delete your account.
• Stripe billing records — retained for 7 years as required by tax law; deletion requests will be forwarded to Stripe.
• Rate-limit counters — automatically expire after 1 day (Upstash TTL).
• Edge logs — Cloudflare retains server-access logs for up to 30 days.

MarketPrior uses only strictly-necessary cookies — we do not use advertising or third-party tracking cookies, and we do not run third-party analytics scripts on the site.

• Supabase auth session cookies (httpOnly, Secure, SameSite=Lax) — keep you signed in. Strictly necessary.
• Rate-limit state — short-lived identifiers used to enforce API rate limits and protect the Service. Strictly necessary.

• All traffic is served over HTTPS (TLS 1.3 via Cloudflare).
• API keys are HMAC-signed tokens; we store only a SHA-256 hash — we cannot reconstruct the plaintext key.
• Billing tier is written exclusively by the Stripe webhook using the service-role key; it cannot be self-modified via the Supabase anon key.
• Row-level security (RLS) is enabled and forced on all Supabase tables.
• Supabase auth sessions use httpOnly, Secure cookies with short-lived access tokens refreshed transparently by the middleware.
• Assessment protocol definitions are Ed25519-signed and version-controlled to prevent tampering.

Depending on your location, you have the following rights regarding your personal data:

• Access — request a copy of all data we hold about you.
• Portability — export your assessment history in JSON format from the Data & Privacy page or via the dashboard.
• Rectification — correct inaccurate data (e.g., email address via account settings).
• Erasure — delete your account and all associated data from marketprior.com/data or from account settings.
• Restriction / objection — contact us to restrict processing or object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, use the self-serve tools at marketprior.com/data or email hello@marketprior.com. We respond within 30 days.

You can delete your MarketPrior account — and all associated assessment data, API keys, and tier information — at any time from marketprior.com/data or from your account settings page. Deletion is immediate and irreversible. Stripe billing records are excluded from deletion for the legally required retention period.

For any privacy question, data request, or complaint, contact us at hello@marketprior.com. If you are in the EU and are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.