Privacy Policy

1. Who We Are

Pattern Owl is a customer feedback analytics platform. Pattern Owl is a product of TrustSpot Acquisitions Co, Inc. ("we," "us," or "our"). This Privacy Policy explains how we collect, use, protect, and share personal data when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and, optionally, your name. If you sign in with Google, we receive your name and email from Google. We also collect optional business information during onboarding (company name, website, and business type).

Review Data

You provide review data by uploading CSV files or connecting a review platform (e.g., RaveCapture, Judge.me, Yotpo). This data may include product names, review text, ratings, dates, and reviewer information such as customer names and, where provided by the review platform, general location (city, state, country). You are responsible for ensuring you have the right to share this data with us.

Support Ticket Data

If you connect a helpdesk platform (currently Gorgias, eDesk, or Zendesk), we ingest customer support tickets to analyze them alongside your reviews. For each ticket we collect:

• Ticket metadata: subject line, status, channel, tags, product associations, and created / updated / closed timestamps
• Customer satisfaction (CSAT) rating and any free-text CSAT comment the customer left
• The full text of public, customer-authored messages in the ticket thread
• The customer's display name as stored in the helpdesk platform (e.g., "Jane Smith")
• An internal numeric user ID from the helpdesk platform, used solely for deduplication within our database

We explicitly do not collect the following from helpdesk integrations, and these exclusions are enforced in our application code before any data is written to our database:

• Customer email addresses. Our helpdesk data mapper explicitly sets the customer email field to null on every ticket.
• Customer phone numbers. Phone number fields are not present in our data model.
• Internal agent notes. Messages marked as non-public in the helpdesk platform are filtered out at retrieval and never enter our database.
• Payment and billing data. We do not request or receive any financial information.
• Phone call transcripts. We do not transcribe audio and do not process telephony data.

Integration Credentials

If you connect a third-party review or helpdesk platform, we store your API key or access token to sync data on your behalf. Integration credentials are encrypted at rest using AES-256-GCM encryption.

Usage Data and Cookies

We use an aggregated product analytics service to understand how users interact with Pattern Owl. Our analytics service captures aggregated, non-identifying events (page views and button clicks) and is configured in cookieless mode — no analytics identifiers persist across sessions. We do not capture IP addresses, do not run session replay, and do not track form fills. Our legal basis for this processing is our legitimate interest in understanding product usage in order to improve the service (GDPR Article 6(1)(f)), balanced against the minimal privacy impact of aggregated, non-identifying event data.

We use cookies only for essential purposes such as authentication sessions. We do not use advertising, retargeting, or cross-site tracking cookies.

3. How We Use Your Information

• To provide and maintain the Pattern Owl service
• To analyze your customer feedback (reviews and support tickets) and generate insights using AI
• To authenticate your account and protect your data
• To sync data from connected review and helpdesk platforms on your behalf
• To send transactional emails (account verification, password resets, release announcements)
• To diagnose errors and improve service reliability

4. Legal Basis for Processing

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases set out in Article 6 of the General Data Protection Regulation (GDPR):

• Performance of a contract (Article 6(1)(b)) — for all processing required to deliver the Pattern Owl service to you, including ingesting, storing, and analyzing the feedback data you provide or connect.
• Legitimate interest (Article 6(1)(f)) — for aggregated, non-identifying product analytics, as described in Section 2.
• Compliance with a legal obligation (Article 6(1)(c)) — for any processing required to respond to lawful requests from public authorities.

5. AI Processing

We use a third-party large language model (LLM) provider to analyze feedback text and generate insights and recommendations. We send short text excerpts — a maximum of 600 characters per message — drawn from reviews and support ticket messages.

When AI-generated recommendations cite a specific customer comment as evidence, the customer's display name may be included in that excerpt. We do not send customer email addresses, phone numbers, order IDs, or internal agent notes to our LLM provider.

Our LLM provider operates under a standard API data usage policy: content submitted via their API is not used to train their models and may be retained for up to 30 days solely for abuse and misuse monitoring, after which it is deleted.

Your data is not used to train any artificial intelligence or machine learning model, whether operated by Pattern Owl or by any third party.

Pattern Owl does not perform automated decision-making or profiling that produces legal or similarly significant effects on you within the meaning of GDPR Article 22.

6. Categories of Service Providers

We engage the following categories of service providers (sub-processors) to deliver the Pattern Owl service. Each service processes data under its own data processing agreement with Pattern Owl.

We also use Postmark for transactional email delivery (account verification, password resets, release announcements) and an internal messaging tool for operational notifications. Neither service receives your feedback data at any point.

A current list of the specific sub-processors we engage — including the identity of our database provider, LLM provider, hosting provider, and analytics provider — is available on request to wade@patternowl.com. We will provide the list within 5 business days of receiving a request. Enterprise customers entering into a formal Data Processing Agreement receive the full list as an appendix to that agreement.

Changes to Sub-Processors

We will provide at least 14 days' written notice before engaging any new sub-processor that would have access to your customer feedback data. Notice will be delivered by email to your account email address and by update to this page. If you object to a new sub-processor in writing, we will either withdraw the proposed sub-processor or allow you to terminate your account without penalty and delete all associated data in accordance with Section 9.

7. International Data Transfers

Pattern Owl's production infrastructure is located in the United States. Your data is stored and processed in the AWS us-east-1 region (Northern Virginia), with serverless compute in the AWS iad1 region. If you are located in the European Economic Area (EEA) or the United Kingdom, your personal data will be transferred to the United States when you use Pattern Owl.

We rely on the EU Standard Contractual Clauses (SCCs) as the legal mechanism for this transfer under Chapter V of the GDPR. Pattern Owl has accepted SCC-bearing Data Processing Addenda with each of our sub-processors that receives personal data, including our database provider, LLM provider, and application hosting provider. The specific sub-processor identities and links to the underlying DPAs are available on request as described in Section 6.

No onward transfer of your data to any country other than the United States occurs in Pattern Owl's architecture.

8. Data Security

We take reasonable measures to protect your data, including:

• Encryption at rest (AES-256) and in transit (TLS 1.2 or higher)
• All data transmitted over HTTPS
• Row-level security on all database tables (users can only access their own data)
• API keys and integration credentials encrypted at rest
• Passwords hashed by our authentication provider (never stored in plaintext)
• Server-side secrets are never exposed to the browser
• Multi-factor authentication enabled on all administrative access to our infrastructure providers
• Automated production database write guards preventing unauthorized modifications to protected tables

Pattern Owl does not currently hold a SOC 2 Type II or ISO 27001 certification. We are a small, early-stage company and commit to being transparent about our compliance posture.

9. Data Retention and Deletion

We retain your account data and feedback data for as long as your account is active.

Disconnecting an integration. When you disconnect a review or helpdesk integration from the Pattern Owl Integrations page, we delete all imported data from that integration — tickets, ticket messages, theme assignments, cached analyses, and generated recommendations — synchronously within the disconnect request, typically in under 5 seconds.

Encrypted backups. Supabase (our database provider) retains encrypted daily backups for 7 days. Deleted data is removed from our live database immediately and ages out of encrypted backup snapshots within 7 days, after which no copy remains in any Pattern Owl-accessible layer.

Full account deletion. You may request full deletion of your Pattern Owl account and all associated data at any time by emailing wade@patternowl.com. We will confirm deletion in writing within 24 hours.

10. Your Rights

You have the following rights with respect to your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your personal data
• Right to restriction of processing — request that we limit how we process your data
• Right to data portability — request a machine-readable export of your data (JSON or CSV, delivered within 7 days)
• Right to object — object to processing based on our legitimate interest, including aggregated product analytics
• Right to disconnect third-party integrations at any time through the Pattern Owl Integrations page

If you are in the EEA or the UK and believe we have processed your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at wade@patternowl.com.

11. Data Breach Notification

In the event of a personal data breach affecting your data, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach, in line with GDPR Article 33. The notification will include, to the extent known at the time, the nature of the breach, the categories and approximate number of records affected, the likely consequences of the breach, and the measures we are taking to address it.

12. Children's Privacy

Pattern Owl is not intended for use by individuals under the age of 18. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

14. Data Protection Contact

If you have questions about this privacy policy, your data, or wish to exercise any of the rights described above, contact our data protection point of contact:

Wade Cline, Founder
Email: wade@patternowl.com

Pattern Owl does not currently employ a formal Data Protection Officer (DPO). At this stage of the company, Wade Cline serves as the single point of contact for all data protection matters, including data subject requests, breach notifications, and enterprise data processing agreements.

Enterprise customers may request a formal Data Processing Agreement by contacting us at the address above.

Pattern Owl, a product of TrustSpot Acquisitions Co, Inc.