Privacy Policy

This Privacy Policy describes how Pelican Alpha ("Pelican Alpha," "we," "us," or "our") collects, uses, stores, and discloses personal information when you use our website, subscriptions, research products, and AI features.

By using Pelican Alpha, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.

We collect information you provide directly and information collected automatically when you use the site.

Information you provide may include:

• Account and profile details: Name, email, and profile metadata when you register or sign in.
• Authentication credentials: For email/password login, we store password hashes (not raw passwords). We also support Google sign-in and email magic links.
• Billing and subscription data: Plan selection, subscription status, Stripe customer and subscription identifiers, and related billing metadata. Card details are handled by Stripe, not stored in our database.
• Communications: Emails, support requests, and contact-form submissions (name, email, message, timestamp).
• AI interaction content: Questions and prompts you submit to Pelican Agent, including related metadata (for example session or chat identifiers).

Information collected automatically may include IP address, device and browser details, page visits, referrer data, basic usage diagnostics, and certain analytics events.

We use personal information to:

• Provide the Service: Authenticate users, deliver gated content, and operate the website and API features.
• Manage subscriptions: Process checkout, track entitlements, and provide billing support.
• Communicate with you: Send authentication messages, transactional notices, support responses, and optional product communications.
• Security and abuse prevention: Enforce access controls, rate-limit abusive behavior, and monitor misuse.
• Analytics and improvement: Measure usage and improve performance, UX, and product quality.
• Legal compliance: Satisfy legal obligations and enforce our Terms.

We use cookies and browser storage to operate the site and improve the experience. Examples include:

• Authentication cookies: NextAuth session cookies used to keep you signed in.
• Preference cookies: A sidebar state cookie (`sidebar_state`) used to remember UI settings.
• Local and session storage: Used for temporary app state (for example UTM data, tour state, and agent chat preferences/history in browser storage).
• Analytics cookies and scripts: Google Analytics may be used to measure traffic and usage patterns when enabled.

You can control cookies through your browser settings, but disabling required cookies may affect Service functionality.

We use service providers to run the Service, including:

• Hosting/runtime: Vercel.
• Authentication: NextAuth, Google OAuth, and Resend (magic links).
• Billing: Stripe for subscription checkout and customer portal services.
• Email and subscriber operations: Brevo for subscriber list and campaign workflows.
• Cloud storage: Cloudflare R2 for serving protected content assets.
• Contact form delivery: SMTP provider configured by us (provider may vary by environment).
• Analytics: Google Analytics (when enabled).
• AI model processing: Pelican Agent requests are proxied through our orchestrator and may be processed by third-party model providers selected by the Service.

We do not sell personal information for money. We do not run third-party ad networks on the site at this time.

We may share personal information with:

• Service providers that process data on our behalf.
• Professional advisors, auditors, or legal authorities when required.
• A successor entity in a merger, financing, reorganization, or asset sale.

We do not sell your personal information for monetary consideration.

We retain personal information for as long as needed to provide the Service, operate subscriptions, comply with legal obligations, resolve disputes, and enforce our agreements.

Contact-form submissions may be logged for operational continuity and abuse prevention, with capped local log history in our application environment.

We use reasonable technical and organizational safeguards to protect personal information, including access controls and transport encryption in normal operation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, delete, or obtain a copy of personal information, and to object to or limit certain processing. To submit a request, email ricardo.lee@pelicanalpha.com with the subject line "Privacy Request."

We may need to verify your identity before completing requests and may deny requests where legally permitted (for example, if we cannot verify identity or if an exception applies).

California residents may have rights under California privacy law, including rights to know, access, correct, and delete certain personal information. We do not sell personal information for money and do not knowingly share personal information for cross-context behavioral advertising.

We currently do not respond to browser "Do Not Track" signals as a universal control. You may still manage cookies through browser settings.

The Service is not directed to children under 18, and we do not knowingly collect personal information from children under 18.

We may update this Privacy Policy periodically. If we make material changes, we will post the revised policy with an updated date. Your continued use of the Service after updates are posted constitutes acceptance of the revised policy.

If you have questions or comments about this policy, email ricardo.lee@pelicanalpha.com or write to Pelican Alpha, 650 California Street, 7th Floor, San Francisco, CA 94108.