Privacy Policy
Draft — pending legal review
This policy describes Disco Parrot's current data-handling practices in good faith and is published so visitors to this site understand what we collect today. It will be replaced by a counsel-reviewed version before general availability. If anything here is unclear, email privacy@discoparrot.com and we'll answer directly.
Effective: May 23, 2026 · Last updated: May 23, 2026 · Version: 0.1 (pre-GA draft)
Section 1
About this policy
Disco Parrot, Inc., a Delaware corporation ("Disco Parrot," "we," or "us"), provides an AI-native development platform. This policy covers the marketing website at discoparrot.com today. When the platform itself becomes available, a separate counsel-reviewed privacy policy will cover product use.
For website visitors and prospects we act as the data controller. For future customer data processed in the platform, we will act as the data processor on behalf of each customer.
Section 2
Information we collect
Today, Disco Parrot collects three categories of information from this site:
- Information you submit through the contact form — your name, work email, company, and message — submitted voluntarily so we can respond to your inquiry.
- Anonymous analytics via PostHog — pages viewed, browser, approximate geographic region. No personally identifying data is attached and we do not build cross-site profiles.
- Standard server logs for security and abuse prevention — IP address, user agent, and timestamp — retained 30 days.
Nothing else today.
Section 3
How we use information
Our use is limited and named:
- Respond to contact requests
- Route demo inquiries to a Slack channel internally
- Send transactional replies via Azure Communication Services
- Measure site engagement in aggregate
- Defend against abuse and protect site availability
We do not sell or rent contact data, and we do not use it for third-party marketing.
Section 4
Legal bases (GDPR)
For visitors in the EEA, UK, or Switzerland, our lawful bases under GDPR Article 6 are:
| Activity | Lawful basis |
|---|---|
| Contact form | Consent + legitimate interest in responding |
| Analytics | Consent (or legitimate interest where local law permits) |
| Security / abuse logs | Legitimate interest |
You can withdraw consent at any time by emailing privacy@discoparrot.com.
Section 5
Sub-processors and third-party services
The canonical list of sub-processors lives on our Security page. For the marketing site specifically, we use:
- Microsoft Azure — site hosting and transactional email (via Azure Communication Services)
- Cloudflare — CDN, DNS, edge security
- PostHog — anonymous web analytics
- Slack — internal routing of contact-form submissions to our team
We will give 30 days' advance notice on this page before adding or changing a material sub-processor.
Section 6
Cookies and similar technologies
We categorize cookies into two buckets:
- Strictly necessary — session and CSRF cookies required for the site to function
- Analytics — PostHog cookies used to count page views and aggregate engagement
We do not use advertising cookies, do not enable cross-site tracking, and do not defy Do-Not-Track signals. A full cookie banner and preference center will ship before general availability; today, analytics cookies fire only after first interaction.
Section 7
Data retention
Default retention periods:
- Contact-form submissions: 24 months, then purged
- Analytics data: 13 months (PostHog default)
- Server logs: 30 days
After deletion, residual backup copies expire on standard backup cycles. You can request earlier deletion of your contact data by emailing privacy@discoparrot.com.
Section 8
International data transfers
Disco Parrot is US-based. Visitor data from the EEA, UK, or Switzerland may transfer to the United States. We rely on:
- EU Standard Contractual Clauses, Module 2 (controller-to-processor)
- UK International Data Transfer Addendum (IDTA)
- Swiss Addendum to the EU SCCs
We are not currently certified under the EU-US Data Privacy Framework.
Section 9
Your rights
Depending on where you live, you have some or all of the following rights:
- Access — ask what we hold about you
- Correct — fix inaccurate information
- Delete — request erasure
- Port — receive a copy of your data in a portable format
- Object — object to processing based on legitimate interest
- Restrict — ask us to pause processing
To exercise these rights, email privacy@discoparrot.com. We will respond within 30 days (45 days where the law permits an extension).
Section 10
California / US state privacy notice
Disco Parrot does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of personal information we collect:
- Identifiers (name, email)
- Commercial information (interest expressed via contact form)
- Internet activity (pages viewed, anonymous analytics)
California residents have the right to know, delete, correct, opt-out of sale/share, limit use of sensitive personal information, and not be discriminated against for exercising these rights. Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy laws have parallel rights.
Section 11
Security
We protect personal information using encryption in transit (TLS 1.2+), encryption at rest, Azure Key Vault for secrets, and audit logging on platform actions. See Security for the architectural detail, sub-processor list, and vulnerability disclosure policy.
Section 12
Children's data
Our services are not directed to individuals under 18 and we do not knowingly collect personal information from anyone under 18. If you believe we have, contact privacy@discoparrot.com and we will delete it.
Section 13
Data Processing Agreement
For prospective customers, our Data Processing Agreement — including SCC Module 2, the UK IDTA, and the Swiss Addendum — is available pre-signature on request. Use the Security page "Request DPA" card or email privacy@discoparrot.com.
Section 14
Changes to this policy
We will update the effective date at the top of this page and post material changes with a notice on this page at least 30 days before they take effect. For customer accounts (when they exist), we will also provide notice by email.
Section 15
Contact
Questions about privacy:
- mailprivacy@discoparrot.com — privacy questions and data-subject requests
- shieldsecurity@discoparrot.com — security reports and vulnerability disclosures
Mailing address and EU/UK representative will be added when the platform launches in those regions.
Have questions about how we'll handle your data?
mailTalk to security