Beta v1.5.3|Methodology v2.1.0

Your Data Privacy

How SeanPropApp handles your data. Last updated May 2026.

Related: Terms of Service

How Your Data Flows

Your Browser(all your data stays here)CORS Proxy(relay only: no storage, no logs)Anthropic / OpenAI(per provider's API policy)API key + promptAI responseStored in YOUR browser• API key (AES-GCM encrypted localStorage)• Analysis outputs (IndexedDB)• Module content and company data• Uploaded documentsYou control it. Clear your browser data to erase it.Stored on our server (Supabase)• Email address (authentication)• Session metadata (device type, timestamps)• Usage telemetry (click patterns, no content)• NPS scores and feedback text• Google Drive OAuth tokens (if connected)Zero user content. Zero module outputs. Zero company names.

Our Architecture: Thin CORS Proxy

SeanPropApp uses a Bring Your Own Key (BYOK) model: your API key is stored in your browser's localStorage, encrypted with AES-GCM via the Web Crypto API. Your key is never sent to our servers for storage.

When you run an analysis, your browser assembles the full prompt locally and sends it, along with your API key, through our thin CORS proxy to Anthropic or OpenAI. The proxy exists only to handle cross-origin restrictions. It relays the request and response without logging, storing, or reading any content.

All analysis data, including module outputs, company names, documents, and user content, is stored in your browser's IndexedDB. Nothing is stored on our servers.

The CLI Bridge: Running on Your Claude Subscription

If you run SeanPropApp on your own Claude (or ChatGPT) subscription using the local CLI bridge instead of an API key, the data flow is different and, for analysis content, stronger than the BYOK proxy. The bridge runs on your own machine. Your browser sends the assembled prompt to the bridge over localhost (your browser to a process on your computer); the bridge hands it to the claude command-line tool, which calls Anthropic directly using your subscription. Your analysis content goes: browser to localhost to the claude CLI to Anthropic. It never passes through our CORS proxy and never reaches our servers on this path.

On the bridge path, Anthropic sees your content under the terms of your consumer Claude subscription, not under the Anthropic API terms. These terms can differ, including on data retention and on whether content may be used to improve or train models. You are responsible for reviewing and managing your own Claude (or ChatGPT) subscription settings and data preferences. We do not control and cannot change how your AI provider handles content under your personal subscription.

As with every other path, we never store, log, or read your analysis content. On the bridge path we relay nothing at all: the connection is between your browser, a tool on your own machine, and your AI provider.

What We Never Store (Zero Server-Side Storage)

  • Your API key: encrypted in your browser only. It transits the proxy per-request over HTTPS, is used for the AI call, and is immediately discarded. Never written to disk or logs.
  • Your documents and input files: parsed and processed entirely in your browser. Never sent to our server.
  • Module outputs and chat messages: streamed from the AI provider to your browser via the proxy. Never logged server-side.
  • Company names, initiatives, or industry: never recorded. We do not know what you are analyzing.
  • User content in server logs: our proxy does not log request or response bodies. No content appears in any server log.

What We Do Store (Supabase)

  • Your email address: for authentication and so we can reach you with product updates or feedback requests.
  • User profile: your display name, preferred currency, and preferred language. Used to personalize your experience.
  • Session metadata: device type, browser type, screen size, and session timestamps for product improvement. Sessions are created on first page visit, including for unauthenticated visitors.
  • Telemetry events: which modules you ran, re-runs, skips, chat messages sent, sidebar navigation, export format choices, file uploads, time spent per module, and token counts. This helps us improve the analysis methodology. It contains no user content, company names, or module outputs.
  • NPS scores and feedback text: scores and any free-text comments you choose to submit.
  • Google Drive credentials (if connected): when you connect Google Drive, we store your OAuth access and refresh tokens and your Google account email in our database. This allows the app to save analysis outputs to your Drive without requiring you to re-authorize each session. We do not store any Drive file names, folder paths, or file contents on our server; only opaque file IDs are tracked client-side in your browser.

Cloud Storage (Google Drive) - Optional

You can optionally connect your Google Drive to sync analysis outputs for backup and cross-device access. This is entirely opt-in.

Scope: We request the drive.file scope, which means we can only create, read, update, and delete files that this app itself created. We cannot see, list, search, or modify any of your other Google Drive files. We also request your Google account email to display which account is connected.

What we create in your Drive: A “SeanPropApp” folder containing subfolders for each analysis: inputs (documents you uploaded), analysis outputs (module results), exports (HTML, DOCX, ZIP), and archives (previous versions when you re-run modules).

What we store on our server: Your Google account email and OAuth tokens (access token, refresh token) so we can make Drive API calls on your behalf. These are stored securely in Supabase with row-level access control: only you can access your own tokens.

When you disconnect: Your OAuth tokens are revoked via Google's API and deleted from our server. Files already in your Drive remain yours and are not deleted. You can reconnect at any time.

We never copy your Drive content to our servers and never share your Google Drive data with third parties.

Analytics

We use Google Analytics 4 (GA4) for page view and event tracking. GA4 is activated only after you provide consent via our cookie banner. You can decline and the app will function normally without analytics.

Cookies

  • Authentication session: an httpOnly cookie managed by Supabase to keep you signed in. Essential for the app to function.
  • Google OAuth state: a short-lived httpOnly cookie (expires after 10 minutes) used for CSRF protection during the Google Drive connection flow. Set only when you initiate a Google Drive connection.
  • Google Analytics: GA4 cookies are set only after you provide consent via our cookie banner. You can decline and the app functions normally without them.

AI Provider Data Policies

Your prompts and inputs are sent to your chosen AI provider via their API. As of writing, the standard API policies of Anthropic and OpenAI both state that API data is not used to train their models by default. These policies are set by the AI provider, can change over time, and may also be affected by settings or agreements on your provider account.

You are responsible for reviewing your AI provider's current data policy and managing your own account-level settings (including any data-sharing or model-training preferences). SeanPropApp has no visibility into or control over these settings. See our Terms of Service for the full statement of your responsibilities.

MCP / Agent Access

If you connect SeanPropApp to an AI host (such as Claude Desktop, Cursor, or Claude Code) via MCP, two things differ from the browser app, and only these two:

  • Connection token: we store a one-way hash of your MCP token (never the token itself, and not reversible) so we can validate your requests. You can revoke it at any time.
  • Usage metadata: each module run records content-free metadata only: which module, the methodology version, your AI host name, timing, and a per-session id. We never store the company you analyze, your inputs, the assembled prompt, or any AI output. Inference happens entirely on your host; we never see it.

MCP server (Model Context Protocol) integration

SeanPropApp publishes its 18-module proposition methodology as a Model Context Protocol (MCP) server. This is a separate channel from the browser app's BYOK flow. Two MCP paths are available; both share the same privacy posture as the browser app: the SeanPropApp server never calls a large language model, never sees your AI tool's output, and never logs your content.

Remote MCP (via WorkOS). When you add SeanPropApp as a custom connector in Claude, ChatGPT, Cursor, or any MCP-capable client, the sign-in is handled by our auth partner, WorkOS. WorkOS issues a short-lived access token to your AI tool. The token includes your email and a stable identifier; your AI tool holds it (we do not). We look up the matching SeanPropApp account by email; if no account exists, one is created with free-tier defaults. WorkOS's privacy policy: workos.com/legal/privacy.

Local stdio MCP. When you install the @seanpropapp/mcp npm package, you generate a personal access token at /mcp-setup and store it in your tool's config file. The token is server-hashed (HMAC-SHA256) before storage; we never see the plaintext after issuance. Tokens auto-revoke after 90 days idle.

What our server sees on every MCP call: the SeanPropApp module you ran (for example, TAM_SIZING), the company name you supplied (so we can include it in the assembled prompt), and rate-limit metadata. Your AI tool's output, your conversation history, and your tool's API key never reach our server.

What our server records as telemetry: module ID, methodology version, anonymized session ID, your AI tool's name, duration, and an injection-pattern signal (we look for prompt-injection shapes in your inputs for security; we record only the pattern category, not the content). No company name, no analysis content, no LLM output.

Data Retention

Session metadata and telemetry events are retained indefinitely to support long-term product improvement. NPS scores and feedback are retained indefinitely. Google Drive OAuth tokens are retained until you disconnect your account or request deletion. We do not automatically purge any server-side data unless you request it.

Your Rights

You can request deletion of your account and all associated metadata at any time by emailing support@seanoneill.com. This permanently removes your email, profile, session logs, telemetry, feedback, NPS responses, and any stored Google Drive OAuth tokens from our database.

Since we never store your analysis content on our servers, there is nothing else to delete. To clear browser-side data (API key, analysis outputs, and uploaded files), clear your browser's site data for this domain.

Beta Feedback