SummitPM
Legal

Privacy Notice

Last updated: April 27, 2026

This Privacy Notice explains how SummitPM Consulting LLC (“SummitPM,” “we,” “our,” or “us”), based in the United States, collects, uses, shares, and protects personal data when you visit our website or use the SummitPM platform (the “Service”).

For the personal data we collect from you in connection with your use of the Service, SummitPM acts as the data controller. For payment-related personal data collected at checkout and in connection with billing, our payment service provider Stripe, Inc. ("Stripe") acts as an independent controller for fraud-prevention and regulatory purposes — see Stripe's privacy policy.

1. Personal data we collect

We collect the following categories of personal data:

  • Account data: name, email address, hashed password (or third-party login identifier such as Google).
  • Subscription and entitlement data: plan, status, renewal date, Stripe customer and subscription identifiers, environment (test or live).
  • Usage and content data: properties you save, comparisons you build, calculator inputs, advisor prompts and chat messages, watchlist items, portfolio entries.
  • Technical data: device and browser type, IP address, log data, cookie identifiers, approximate location derived from IP, error and performance telemetry.
  • Support data: messages, attachments, and metadata you send when contacting us.

We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us and we will delete it.

2. How and why we use personal data

  • Provide the Service — create and authenticate your account, deliver dashboards, AI advisor responses, and analytics (legal basis: performance of a contract).
  • Billing and entitlement — sync subscription state from Stripe so we can grant or revoke access (contract; legitimate interest in operating the Service).
  • Customer support — respond to your questions and troubleshoot issues (contract; legitimate interest).
  • Security and fraud prevention — monitor for abuse, rate-limit, detect intrusions, protect users (legitimate interest; legal obligation).
  • Service improvement and analytics — measure feature usage, debug, and improve quality (legitimate interest; consent where required).
  • Communications — send transactional emails about your account, security, billing, or material changes (contract; legal obligation). Marketing emails only with consent or where permitted; you can unsubscribe at any time.
  • Legal compliance — comply with applicable laws, respond to lawful requests, enforce our Terms (legal obligation; legitimate interest).

3. AI processing

Prompts and chat content you submit to the AI advisor are sent to our AI provider(s) solely to generate a response. We do not use your chat content to train third-party foundation models. Do not submit sensitive personal data, payment details, or confidential information into AI prompts.

4. Sharing of personal data

We share personal data only with:

  • Stripe, our payment service provider, for checkout, payments, invoicing, subscription management, and fraud prevention.
  • Service providers (subprocessors) — hosting, database, authentication, email delivery, error monitoring, customer support tooling, and AI inference providers — bound by appropriate confidentiality and data-protection terms.
  • Professional advisers — legal, accounting, and insurance advisers, where necessary.
  • Authorities — when required by law, subpoena, court order, or to protect our rights, users, or the public.
  • Successors — in connection with a merger, acquisition, financing, or sale of assets, subject to equivalent protections.

We do not sell your personal data.

5. International transfers

SummitPM is based in the United States and our service providers may process data in the United States and other countries. Where we transfer personal data from outside the United States, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

6. Retention

We retain personal data for as long as your account is active and for a reasonable period afterward to comply with legal, accounting, and tax obligations, resolve disputes, and enforce our agreements. Billing records retained by Stripe are kept according to Stripe's retention policy. When personal data is no longer needed it is deleted or anonymized.

7. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, least-privilege permissions, audit logging, and regular review of our security practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your rights

Depending on where you live (including under the California Consumer Privacy Act and similar US state laws), you may have rights to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data;
  • request a portable copy of your data;
  • opt out of certain processing (e.g., targeted advertising);
  • not be discriminated against for exercising your rights.

To exercise these rights, email aoluwasoro@summitpmconsulting.com. We will respond within the time required by applicable law. You may also lodge a complaint with your local data-protection authority.

9. Cookies

We use a small number of cookies and similar technologies. Strictly necessary cookies (authentication, security, billing flow) are always active. We may also use analytics cookies to understand aggregate usage and improve the Service. Where required by law, non-essential cookies are set only with your consent. You can manage cookies through your browser settings.

10. Changes to this Notice

We may update this Privacy Notice from time to time. Material changes will be highlighted in the Service or sent by email.

11. Contact

SummitPM Consulting LLC — United States.
Privacy contact: aoluwasoro@summitpmconsulting.com.

Questions? Email aoluwasoro@summitpmconsulting.com.