Privacy Policy

Shoulders of Giants (the “Service”) is operated by Luis Flavio Carvalho Cipparrone Serviços Administrativos Ltda. (CNPJ 51.033.169/0001-89) (“Shoulders of Giants,” “we,” “us,” or “our”), organized under the laws of the Federative Republic of Brazil. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. It applies to shouldersofgiants.app and any related products, applications, voice services, and APIs we provide.

By using the Service, you acknowledge the practices described here. If you do not agree, do not use the Service.

The Service uses large language models to generate text- and voice-based conversational outputs in the style of historical figures, based on writings, letters, notebooks, recorded speeches, and other materials that are in the public domain or otherwise lawfully available to us. The outputs are synthetic and are not statements by the real historical figures, their estates, or any living person.

3.1 Information you provide

• Account information. Name, email address, and a password or authentication identifier.
• Billing information. Payment details are collected and processed directly by Paddle.com Market Ltd. (“Paddle”), which acts as the Merchant of Record for the Service. We do not store full payment-card numbers. We receive a token, the last four digits of your card, its brand and expiration, your billing postal code or country, and the status of your subscription.
• Conversation content. Text prompts, voice recordings, transcripts of voice conversations, and any files you upload while using the Service.
• Communications. Messages you send to support, feedback you submit, and waitlist or marketing-form submissions.

3.2 Information we collect automatically

• Device and usage data. IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, features used, and timestamps.
• Telephony metadata. When you place or receive a voice call through the Service: phone number (if you provide one), call duration, call status, and audio quality diagnostics, supplied by our telephony vendor.
• Cookies and similar technologies. Strictly necessary cookies for authentication and session management, and analytics cookies. See Section 9.

3.3 Information from third parties

We receive billing status and dispute information from Paddle, and identity-verification signals from authentication providers you use to sign in (e.g., Google, Apple, or email-link providers).

• To provide, operate, and maintain the Service.
• To process your voice and text inputs through large language models and text-to-speech systems in order to generate responses.
• To authenticate users and prevent fraud and abuse.
• To process payments and manage subscriptions through Paddle.
• To analyze aggregated, de-identified usage data in order to improve quality, reliability, and safety.
• To respond to support requests and communicate with you.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use the content of your private conversations to train foundation models for unrelated third parties. See Section 6 for how providers may process inputs at our direction.

This Service is offered to users in the United States. If you are a California resident, the California Consumer Privacy Act, as amended (“CCPA”), gives you certain rights with respect to your personal information. The following categories of personal information may be collected, used, and disclosed for the business purposes described in Section 4:

• Identifiers (name, email, IP address, account ID).
• Customer records (billing identifiers, subscription status).
• Commercial information (transactions and subscription history).
• Internet activity (interactions with the Service, pages viewed, features used).
• Audio and electronic information (voice recordings and transcripts of conversations with the Service).
• Inferences drawn from the above for service-quality, safety, and fraud-prevention purposes.

We retain each category for as long as needed to provide the Service and for a reasonable period thereafter to comply with legal, accounting, and dispute-resolution obligations. See Section 8 for retention details.

We share personal information with the following categories of service providers, who are contractually required to use it only on our behalf and consistent with this Privacy Policy:

• Cloud and hosting infrastructure in the United States (compute, storage, content delivery).
• Large-language-model and speech providers that process your inputs to generate responses. We instruct these providers not to use customer content to train their general foundation models.
• Telephony providers that route voice calls between you and the Service.
• Payment processing by Paddle (Merchant of Record), governed by Paddle’s own privacy policy.
• Analytics and error monitoring to understand usage patterns and detect crashes.
• Customer support tooling.

We may also disclose personal information when required by law, court order, or governmental request; to enforce our agreements; to protect the rights, property, or safety of users or the public; or in connection with a merger, acquisition, financing, or sale of assets, in which case affected users will be notified as required by law.

We process and store data using cloud providers located in the United States. By using the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.

• Account data: retained while your account is active and for up to 24 months after closure, then deleted or de-identified.
• Voice recordings and transcripts: retained for up to 90 days by default to support the Service and resolve quality issues, after which they are deleted or de-identified. You may delete individual conversations at any time from your account.
• Billing records: retained for the period required by tax and accounting law (typically seven years).
• Logs and security data: retained for up to 12 months.

We use cookies and similar technologies that are strictly necessary to operate the Service (e.g., authentication, session management, and security), as well as cookies that help us understand how the Service is used. You can control cookies through your browser settings; disabling strictly necessary cookies may impair functionality.

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and the categories of recipients.
• Access a copy of the specific pieces of personal information we hold about you.
• Delete personal information, subject to legal exceptions.
• Correct inaccurate personal information.
• Limit the use of sensitive personal information to what is necessary to provide the Service.
• Opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
• Non-discrimination for exercising any of these rights.

To exercise these rights, contact us at luis@getlocus.tech. We will verify your request by asking you to confirm information associated with your account. You may authorize an agent to submit requests on your behalf, subject to verification. We will respond within the time periods required by law.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it. Users between 13 and 18 must have permission from a parent or legal guardian to use the Service.

We use commercially reasonable technical and organizational measures to protect personal information, including encryption in transit, encryption at rest where supported by our cloud providers, access controls, and logging. No system is impenetrable; we cannot guarantee absolute security.

We do not use the contents of private user conversations to train general-purpose foundation models. If you would like to opt out of the use of your conversations for de-identified, aggregated quality-improvement analysis, contact us at luis@getlocus.tech.

We use only source materials that are in the public domain or that we believe to be otherwise lawfully available to us when preparing the corpora that inform sage voices. If you are a rights-holder and believe a sage’s corpus contains material to which you hold rights, contact us at luis@getlocus.tech.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a notice on the Service prior to the change taking effect. The “Effective” and “Last updated” dates at the top of this policy indicate when it was last revised.

Questions about this Privacy Policy or our practices? Contact us:

LUIS FLAVIO CARVALHO CIPPARRONE SERVICOS ADMINISTRATIVOS LTDA
CNPJ 51.033.169/0001-89
Rua Vicente Oropallo, 70 — São Paulo/SP, 05351-025, Brasil
luis@getlocus.tech