Privacy Policy
Effective date: April 1, 2026 · Last updated: April 1, 2026
Canopy ("we", "us", or "our") operates the competitive intelligence platform available at yourcanopy.net. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have regarding your information. By using our service you agree to the practices described here.
1. Data We Collect
Account data
When you create an account we collect your name, email address, company name, and a hashed password. If you subscribe to a paid plan we also collect billing contact details passed through our payment processor (Stripe).
Workspace and usage data
We store the competitor names, URLs, and configuration settings you add to your workspaces. We log feature usage events (e.g., battlecard generation, briefing opens) to improve the product and to calculate plan limits.
Communications
When you email us or submit a support request we retain the content of that communication and your contact information to resolve your request and improve our support.
Automatically collected data
Our servers automatically record standard log data including your IP address, browser type, referring URL, pages visited, and timestamps. This data is used for security monitoring, abuse prevention, and aggregate analytics.
2. Cookies and Tracking
We use cookies and similar technologies for the following purposes:
| Cookie | Purpose | Duration |
|---|---|---|
| canopy_session | Keeps you logged in across page loads | Session / 30 days if "remember me" |
| _stripe_mid | Fraud prevention (set by Stripe) | 1 year |
| _stripe_sid | Fraud prevention session (set by Stripe) | 30 minutes |
We do not use third-party advertising cookies or sell data to ad networks. You can configure your browser to refuse cookies, but some features of the service may not function correctly if you do so.
3. How We Use Your Data
- ›To deliver the service — running competitor monitors, generating daily briefings, and sending alert emails.
- ›To process payments — securely handling subscription billing through Stripe.
- ›To communicate with you — sending transactional emails (receipts, password resets, account alerts) and, with your consent, product updates.
- ›To improve the product — analyzing aggregate usage patterns to prioritize features and fix bugs.
- ›To enforce our Terms — detecting abuse, fraud, or violations of our Acceptable Use Policy.
- ›To comply with law — meeting legal obligations, responding to lawful requests from authorities.
4. Third-Party Services
Stripe (payment processing)
We use Stripe, Inc. to handle all payment card data. Your payment information is transmitted directly to Stripe and is never stored on our servers. Stripe is PCI-DSS Level 1 certified. See Stripe's privacy policy at stripe.com/privacy.
Anthropic (AI analysis)
Our AI briefing and battlecard features are powered by Anthropic-hosted language models. Competitor content that we have collected (website text, review excerpts, job posting summaries, and news headlines) is passed to the model to generate analysis. We do not send your personal account information or credentials to the AI model. Outputs are stored only as part of your workspace data.
Email delivery
Transactional emails (daily briefings, alerts, receipts) are sent through a third-party email delivery provider. Your email address and the content of briefing emails are processed by this provider solely for delivery purposes.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share data only in the following circumstances:
- ›Service providers — vendors listed above (Stripe, email delivery) who process data on our behalf under confidentiality agreements.
- ›Team members — if you invite colleagues to your Canopy workspace they will have access to workspace data you have configured.
- ›Legal requirements — when required by law, court order, or to protect the rights and safety of Canopy or others.
- ›Business transfers — in the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
6. Data Retention
We retain your account data for as long as your account is active. If you cancel your subscription, your account data is retained for 90 days to allow reactivation, after which it is permanently deleted from our production systems.
Competitor monitoring data and generated briefings associated with your workspace are deleted within 30 days of account closure. Anonymized, aggregated usage statistics may be retained indefinitely as they contain no personal information. Backup copies may persist for up to an additional 90 days in encrypted off-site storage before being purged.
7. Data Security
We use industry-standard security measures including TLS encryption for data in transit, encryption at rest for sensitive fields, bcrypt password hashing, and access controls that limit employee access to production data. No method of transmission over the internet is 100% secure; while we strive to protect your data, we cannot guarantee absolute security. If we become aware of a security breach that affects your data we will notify you promptly in accordance with applicable law.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access & Portability
Request a copy of the personal data we hold about you in a machine-readable format.
Correction
Ask us to correct inaccurate or incomplete personal data.
Deletion
Request deletion of your personal data, subject to legal obligations requiring us to retain certain records.
Opt-out of marketing
Unsubscribe from marketing or briefing emails at any time via the link in any email or the unsubscribe page.
Restriction & Objection (GDPR)
Restrict how we process your data or object to processing based on legitimate interests.
Do Not Sell (CCPA)
California residents: we do not sell personal information. You may still submit a request confirming this at any time.
To exercise any of these rights, email us at support@yourcanopy.net. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing certain requests.
9. Children's Privacy
Canopy is a business tool intended for users aged 18 and over. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information we will delete it promptly.
10. International Data Transfers
Canopy is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. Where required (e.g., for users in the European Economic Area), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses to protect your data.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by displaying a notice within the application at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy, please contact us: