Privacy Policy

Effective Date: May 1, 2026  ·  Last Updated: May 4, 2026

This Privacy Policy describes how DIFENERGY ("we," "us," or "our") collects, uses, discloses, and protects information from users of the DIFENERGY Confluence Pro intelligence platform and the website located at difenergy.io (collectively, the "Service").

1. Information We Collect

Information you provide directly:

• Account information: Your name and email address, collected when you register for access or subscribe to the Service.
• Payment information: Billing details such as credit card number, expiration date, and billing address. This information is collected and processed directly by our payment processor, Stripe, Inc. We do not store your full payment card information on our servers.
• Communications: Any information you include when contacting our support team at support@difenergy.io.

Information collected automatically:

• Usage data: Pages visited, features used, and interactions with the platform, collected to improve the Service and diagnose technical issues.
• Session data: Authentication session tokens managed by our authentication provider, Clerk. We do not store passwords.
• War Room chat history: Queries you submit to the AI War Room are processed in real time and may be briefly retained in session storage on our servers. We do not use your queries to train AI models.

2. How We Use Your Information

• To create and manage your account and authenticate your identity.
• To process your annual subscription payment and send billing receipts.
• To deliver the Service, including intelligence briefings, GPSE updates, and platform access.
• To respond to support requests and account inquiries.
• To diagnose technical issues and improve platform performance.
• To send service-related communications (briefings, platform alerts). You may opt out of marketing communications at any time by emailing support@difenergy.io.

3. Information We Do Not Collect or Sell

• We do not sell, rent, or trade your personal information to third parties for marketing purposes.
• We do not collect government-issued identification, social security numbers, or other sensitive personal identifiers.
• We do not use your information for automated profiling or algorithmically-driven decisions that produce legal or similarly significant effects.

4. Third-Party Service Providers

We share information with third-party providers only to the extent necessary to operate the Service:

• Stripe, Inc. — Payment processing. Stripe is PCI DSS compliant. Their privacy policy is available at stripe.com/privacy.
• Clerk, Inc. — Authentication and session management. Clerk processes your email address to deliver magic-link sign-in. Their privacy policy is available at clerk.com/privacy.
• Resend, Inc. — Transactional and broadcast email delivery (briefings, alerts). Your email address is shared with Resend solely for the purpose of delivering emails you have subscribed to receive.
• Anthropic, PBC — AI inference for War Room analysis features. Queries you submit are processed by Anthropic's API. Anthropic's privacy policy is available at anthropic.com/privacy.
• Google (Gemini API) — AI inference for supplemental intelligence generation. Google's privacy policy is available at policies.google.com/privacy.
• Redis / Upstash — Real-time data caching for platform state. No personally identifiable information is stored in cache beyond session tokens.

All providers are contractually obligated to use your information only to provide services on our behalf and are prohibited from using it for their own purposes.

5. Method of Disclosure

We may disclose your information:

• To service providers listed above, under written data processing agreements.
• If required by law, court order, or valid legal process.
• To protect the rights, property, or safety of DIFENERGY, our users, or the public.
• In connection with a merger, acquisition, or sale of all or a portion of our assets — you will be notified via email prior to any such transfer.

We do not disclose your information to any other third party without your explicit consent.

6. Security

We implement commercially reasonable technical and organizational safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction:

• All data transmission is encrypted via TLS/HTTPS.
• Authentication is managed by Clerk using passwordless magic-link authentication — no passwords are stored.
• Payment data is handled exclusively by Stripe, which maintains PCI DSS Level 1 certification.
• Server-side secrets and API keys are stored in environment variables and never exposed in client-side code.
• Access to production systems is restricted to authorized personnel only.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to prompt notification if a breach affecting your data occurs.

7. Data Retention

We retain your account information for as long as your subscription is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes. Session cache data is retained for no longer than 30 days. Upon verified account deletion request, we will remove your personal information within 30 days, except where retention is required by law.

8. Your Rights

You have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your account and associated data.
• Opt out of non-essential communications.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email support@difenergy.io with the subject line corresponding to your request. We will respond within 30 days.

9. Children's Privacy

The Service is intended for users 18 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify active subscribers of material changes by email at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact

Questions about this Privacy Policy should be directed to:
support@difenergy.io
DIFENERGY · difenergy.io