How we handle the things you tell us.

“Plainsight” refers to the product and the company that operates it. If you need to contact us about anything on this page, write to team@plainsight.work.

When a leader signs your company up, we collect: your name, email, company name, a short description of the team, the question you're curious about, anything you want interviewers to steer around, and the name, email, and role of each person on the team.

We use that information to schedule and run the interviews, to send each person their personal interview link, and to send you status updates and the final blueprint.

Each interview is a voice call with a Plainsight interviewer. With the participant's consent, we record the call, transcribe it, and produce a structured summary of what they actually do at work — their main workflows, the tools they use, the handoffs that break things, and what they'd change if they could.

We do not capture screen recordings. We do not install software on anyone's machine. The interview happens in a browser tab.

• We do not sell your data. To anyone. Ever.
• We do not train AI models on your transcripts or blueprint.
• We do not show one person's answers to anyone else at the company. What goes back to leadership is patterns across the team, not individual quotes attributable to a named person.
• We do not store payment details ourselves; if you ever pay us, a third-party processor handles it.

This one matters enough to be its own section. People only tell the truth about how their company actually runs if they know their words won't be on a slide tomorrow. So:

• Individual transcripts are not visible to the leader who commissioned the audit.
• Pull quotes that appear in your blueprint are paraphrased and aggregated, never attributed to a named individual.
• If a participant asks us to delete their interview, we do — even if the audit is mid-way through and even if the leader objects.

Plainsight is glue around a small number of specialist services. The ones that touch your data are:

• Supabase (EU, Ireland) — primary database where company, interview, transcript, and blueprint records live.
• Vercel (US) — application hosting layer. Vercel runs the website and the API, and sees request metadata.
• ElevenLabs (US) — the voice interview runtime. Audio and transcripts pass through ElevenLabs during the call itself.
• Anthropic (US) — produces the structured summary and the final blueprint from your transcripts. Anthropic has stated they do not train their models on API customer data.
• Resend (EU, Ireland) — sends our transactional emails (invitations, status updates, blueprint-ready notifications).

Each of these has its own privacy posture. If you need the current list of subprocessors in writing for a procurement review, email us — we'll send it.

Transcripts, blueprints, and the structured data behind them stay in our database for as long as the leader who commissioned the audit wants access to them. If you want them deleted, write to us and we delete them within seven days.

Operational logs (request metadata at Vercel and Supabase, email delivery records at Resend) are retained for up to 90 days for debugging and abuse prevention.

Wherever you are, you can ask us to:

• Tell you what data we hold about you (access).
• Send you a copy of it (portability).
• Correct anything wrong (rectification).
• Delete it (erasure).
• Stop using it for specific purposes (restriction or objection).

In the EU and UK, these rights are codified by the GDPR. In California, by the CCPA/CPRA. In practice, we'll honour them regardless of jurisdiction. Email team@plainsight.work with the subject line “Data request” and we'll come back to you within seven days.

We use a lightweight first-party analytics snippet to see which pages get visited and where they come from. The snippet does not track individuals across sites, does not build a profile, and does not pass data to advertising networks.

We set one essential cookie for the admin area to keep you signed in. No third-party tracking cookies.

Plainsight is built for workplaces. The product is not intended for anyone under 16, and we don't knowingly collect data from anyone under 16.

If we change anything material here, we'll update the date at the top of this page and — for users with an active audit — email the change to the leader on the account.