PAT privacy policy draft.

This draft describes the data PAT expects to process during review and early launch. It is not a final legal policy until approved by counsel or the operator of record.

Last updated: April 28, 2026Trust center

Data PAT uses

PAT uses account, organization, role, membership, assessment, product, and insight state to route users and generate the product experience. Local review credentials and seeded demo records are used only to validate the application locally.

Account data can include name, email, role, authentication provider identifiers, and session metadata.
Organization data can include vendor, firm, product, membership, and assessment relationships.
Assessment data can include submitted answers, scoring inputs, derived status, and generated insight readiness.

Payment data

PAT uses provider-hosted checkout when billing is configured. The app does not store raw card numbers; provider customer, subscription, invoice, and webhook references are stored only as needed for reconciliation and entitlement state.

Review and support use

Support and operator review may inspect account, billing status, assessment, and release proof records to diagnose product issues. PAT should not be used to submit sensitive client files unless a production data handling policy has been approved.