Assumption Mapper

Privacy Policy

Last updated: February 23, 2026

Assumption Mapper ("we", "us", "our") is operated by The Motion Bridge, based in the European Union. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at assumption-mapper.com (the "Service").

1. Information We Collect

Information you provide

  • Account information: email address and display name when you sign up.
  • Content: assumptions, evidence, decisions, tags, and any other data you enter into the Service.
  • Communications: messages you send to us via email at hi@assumption-mapper.com.

Information collected automatically

  • Usage data: pages visited, features used, timestamps, and interaction patterns. We use PostHog for product analytics.
  • Error data: crash reports and performance data via Sentry to maintain service quality.
  • Device data: browser type, operating system, and screen resolution.

Information we do NOT collect

  • We do not use third-party advertising trackers.
  • We do not sell your personal data to anyone.
  • We do not collect payment information directly — payments are processed by our payment provider.

2. How We Use Your Information

  • To provide and maintain the Service.
  • To authenticate your account and manage access.
  • To send transactional emails (account verification, password resets, team invitations).
  • To send product update emails, which you can unsubscribe from at any time.
  • To improve the Service based on usage patterns.
  • To detect and prevent fraud or abuse.

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

  • Contract performance: processing necessary to provide the Service you signed up for.
  • Legitimate interests: analytics to improve the Service, security monitoring.
  • Consent: marketing emails (you can withdraw consent at any time).

4. Data Storage and Security

  • Your data is stored on servers managed by Supabase (cloud infrastructure).
  • All data is encrypted in transit (TLS) and at rest.
  • We implement access controls and follow security best practices.
  • We retain your data for as long as your account is active. If you delete your account, we remove your data within 30 days.

5. Data Sharing

We share your data only with the following service providers, strictly for operating the Service:

  • Supabase: database and authentication.
  • Vercel: hosting and deployment.
  • PostHog: product analytics.
  • Sentry: error tracking.
  • Resend: transactional emails.
  • Anthropic: AI-powered document processing (only when you use the transcript feature).

We do not sell, rent, or trade your personal data.

6. Your Rights

Under GDPR (EU/EEA residents)

You have the right to:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Restriction: restrict processing of your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interests.
  • Withdraw consent: for any processing based on consent.

Under CCPA (California residents)

You have the right to:

  • Know what personal information is collected and how it is used.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information (we do not sell your data).
  • Non-discrimination for exercising your rights.

To exercise any of these rights, email us at hi@assumption-mapper.com.

7. Cookies

We use essential cookies for authentication and session management. PostHog may set analytics cookies to understand usage patterns. You can control cookies through your browser settings.

8. International Data Transfers

Some of our service providers may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with GDPR requirements.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use after changes constitutes acceptance.

11. Contact Us

For questions about this Privacy Policy or to exercise your data rights: