Privacy Policy
This Privacy Policy ("Policy") describes the practices of Mindrocket Systems LLC, a California limited liability company doing business as Primed ("Primed," "we," "us," or "our"), with respect to the collection, use, disclosure, and protection of personal information in connection with the website located at primed.today, the Primed application, and all related products and services (collectively, the "Service").
By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with the terms of this Policy, you may not access or use the Service.
1. Controller and Contact Information
The data controller responsible for the personal information processed under this Policy is:
Mindrocket Systems LLC d/b/a Primed
3645 Thousand Oaks Boulevard, Suite #2007
Thousand Oaks, California 91362
United States
Email: privacy@primed.today
2. Information We Collect
2.1 Information Provided by You
- Account Information. When you register for an account, we collect your email address, name (where provided), and a password. Passwords are stored exclusively as salted bcrypt hashes; we do not retain plaintext passwords.
- Waitlist Registrations. If you submit your email through our pre-launch waitlist form, we collect your email address and process it through our marketing email provider, ConvertKit (Kit, Inc.).
- Subscription and Payment Information. Subscription payments are processed by Stripe, Inc. Stripe collects your payment card details, billing address, and related information directly. Primed receives only a Stripe customer identifier, the subscription status, and the last four digits of your payment card.
- User-Generated Content. We collect the custom scenarios, prompts, notes, and other content you submit to the Service.
- Voice Practice Feature. If you elect to use the voice practice feature, your spoken input is transcribed to text by your web browser's built-in speech recognition service (in Chrome, this routes audio through Google's speech-to-text infrastructure). Primed does not record, store, or have access to your raw audio. Only the resulting text transcript is transmitted to Primed and our AI providers. ElevenLabs is used to synthesize the AI's spoken responses from text; we do not send your audio to ElevenLabs.
- Communications. If you contact us, we retain the contents of those communications and our responses.
2.2 Information Collected Automatically
- Authentication Token. Upon login, a JSON Web Token is stored in your browser's local storage to maintain an authenticated session. The token is removed when you log out.
- Pre-Launch Invite Cookie. During our pre-launch period, accessing the Service through a valid invite link may set a browser cookie named
primed_invite, valid for one year. This cookie contains no personal information. - Server Logs. Our hosting provider, Render Services, Inc. ("Render"), automatically records request metadata including originating IP address, user agent, request path, and timestamp for security and operational purposes. These logs are retained for a limited period.
2.3 Information We Do Not Collect
We do not currently use third-party analytics services, advertising networks, behavioral tracking technologies, or session-replay tools. If we adopt any such service in the future, we will update this Policy and provide notice in accordance with applicable law.
3. Purposes of Processing
We process personal information for the following purposes:
- Providing, operating, and maintaining the Service, including authentication, content delivery, and AI generation;
- Processing payments and managing subscriptions;
- Sending transactional communications, including password resets, billing notices, and account-related correspondence;
- Sending product updates and pre-launch announcements via ConvertKit, where you have opted in;
- Responding to your inquiries and providing support;
- Detecting, investigating, and preventing fraudulent or unlawful activity, and enforcing our Terms of Service;
- Complying with applicable legal obligations.
4. Disclosures of Personal Information
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. Personal information is disclosed only in the limited circumstances described below.
4.1 Service Providers and Subprocessors
We engage the following third-party providers to operate the Service. Each provider has access only to the personal information necessary to perform its function and is contractually obligated to maintain appropriate security and confidentiality.
| Provider | Function | Categories of Data |
|---|---|---|
| Render Services, Inc. | Web hosting and Postgres database services | All Service data, encrypted at rest |
| Stripe, Inc. | Payment processing and subscription management | Email address, name, billing details (collected directly by Stripe) |
| Resend Holdings, Inc. | Transactional email delivery | Email address and message contents |
| Kit, Inc. (ConvertKit) | Pre-launch waitlist and product update emails | Email address (opt-in only) |
| Anthropic, PBC | Generation of AI-assisted scenarios and conversational content | Text prompts you submit, processed pursuant to Anthropic's commercial API terms |
| ElevenLabs, Inc. | AI voice synthesis for the practice feature | Text of AI-generated responses (for voice synthesis only) |
| Google LLC | In-browser speech-to-text transcription via the Web Speech API (only when you enable voice practice in Chrome or other Chromium-based browsers) | Audio captured locally in your browser; transmitted directly from your browser to Google. Primed does not receive your raw audio. |
4.2 Compliance and Protective Disclosures
We may disclose personal information if required to do so by law, subpoena, or other legal process, or where we have a good-faith belief that disclosure is necessary to: (i) comply with applicable law; (ii) protect the rights, property, or safety of Primed, our users, or the public; or (iii) investigate suspected violations of our Terms of Service.
4.3 Business Transfers
In the event Mindrocket Systems LLC undergoes a merger, acquisition, financing, reorganization, or sale of all or a substantial portion of its assets, personal information may be transferred to the successor or acquiring entity, subject to the terms of this Policy. We will provide notice of any such transfer where required by law.
4.4 With Your Consent
We may disclose personal information for any other purpose with your express consent.
5. Cookies and Similar Technologies
The Service uses the following cookies and storage mechanisms:
- Authentication token (browser local storage). Required to maintain a logged-in session. Removed upon logout.
primed_invitecookie. Set when an invite link is used during the pre-launch period. Expires one year after issuance.
The Service does not use third-party advertising cookies, analytics cookies, or behavioral tracking cookies at this time.
6. Data Retention
- Account Data: retained for the duration of your active account. Upon account deletion, we delete account data within thirty (30) days, except as retained for legal, billing, or fraud-prevention purposes.
- Billing Records: retained for not less than seven (7) years to satisfy tax and accounting obligations.
- Server Logs: retained for up to ninety (90) days.
- Email Correspondence: retained for so long as reasonably necessary to address inquiries.
- AI Prompt and Generation History: retained for the duration of your active account; deleted upon account deletion.
7. Information Security
We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These safeguards include:
- Transport Layer Security (TLS) encryption for all data in transit;
- Encryption at rest for our database;
- Salted bcrypt hashing of user passwords;
- Role-based access controls limiting personnel access to a need-to-know basis;
- Contractual security obligations with all subprocessors.
No system is impervious to compromise. In the event of a security incident affecting your personal information, we will provide notification in accordance with applicable law.
8. Your Rights and Choices
8.1 California Residents (CCPA / CPRA)
If you are a resident of California, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know. You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom such information is disclosed.
- Right to Delete. You may request that we delete personal information we have collected from you, subject to statutory exceptions.
- Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
- Right to Opt Out of Sale or Sharing. Primed does not sell personal information and does not share personal information for cross-context behavioral advertising. No opt-out mechanism is currently required.
- Right to Limit Use of Sensitive Personal Information. Primed does not collect or use sensitive personal information beyond the limited purposes necessary to provide the Service.
- Right to Non-Discrimination. We will not deny service, charge differential prices, or provide a different level of service in retaliation for the exercise of any of these rights.
To exercise any of the above rights, submit a request in writing to privacy@primed.today from the email address associated with your account, or to the postal address set forth in Section 1. We will verify your identity and respond within forty-five (45) days, or such longer period as permitted by law.
8.2 Residents of Other U.S. States
Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive consumer privacy laws may have analogous rights under their respective state law. To exercise such rights, contact us at privacy@primed.today.
8.3 California "Shine the Light" (Civil Code §1798.83)
California residents may request information regarding our disclosure of personal information to third parties for direct marketing purposes during the immediately preceding calendar year. Primed does not currently make such disclosures. Requests may be submitted to privacy@primed.today.
9. Children's Privacy
The Service is not directed to, intended for, or marketed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will delete it. If you believe a child has provided personal information to us, contact privacy@primed.today.
10. International Users
The Service is hosted in the United States and intended for use by United States residents. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States, which may have data protection laws that differ from those of your jurisdiction. By using the Service, you consent to such transfer and processing.
11. Changes to This Policy
We may amend this Policy from time to time. Material changes will be communicated by email to registered users (where we have an email address on file) or by prominent notice on the Service prior to taking effect. The "Effective date" at the top of this Policy reflects the date of the most recent revision.
12. Contact
Questions, requests, or concerns regarding this Policy may be directed to:
Mindrocket Systems LLC d/b/a Primed
Attn: Privacy
3645 Thousand Oaks Boulevard, Suite #2007
Thousand Oaks, California 91362
United States
Email: privacy@primed.today