Privacy Policy

outside/input. is a product of Falkor Atlas, a sole proprietorship registered in Utrecht, the Netherlands (KVK 90273591). In this policy, "we", "us", and "our" refer to Falkor Atlas.

We provide a web application that helps inspectors, surveyors, and appraisers capture field observations (voice, photo, text) and generate professional reports with the help of AI.

This privacy policy explains what personal data we collect, why we collect it, how we process it, and what rights you have. It applies to our website at outsideinput.ai and our web application at app.outsideinput.ai.

2.1 Account data

When your account is created, we store your email address and a securely hashed password. We do not collect your name, phone number, or other personal identifiers unless you provide them voluntarily.

2.2 Inspection data

When you use the application, we store the data you create:

• Voice recordings and their transcriptions
• Photographs you capture or upload
• Text notes you enter
• Project details (e.g. vessel name, property address)
• AI-generated report drafts based on your observations
• Final reports you approve and deliver

This data belongs to you. We process it solely to provide the service you signed up for.

2.3 Website analytics (cookie-based)

Our marketing website uses Google Analytics to understand how visitors find and use our site. This only happens if you give explicit consent via the cookie banner. We collect:

• Pages visited and time spent
• Referring website or campaign
• Device type, browser, and screen size
• Approximate location (country/city level, IP anonymised)

We do not use advertising cookies, retargeting pixels, or social media trackers.

2.4 Technical logs

Our hosting providers (Vercel for the website, Supabase for the application) automatically log IP addresses, request timestamps, and error details for security and debugging purposes. These logs are retained for a limited period and are not used for profiling.

When you capture observations (voice, photo, text), they are sent to AI services (including OpenAI and Anthropic) to transcribe audio, describe images, and draft report sections. This processing is essential to the service you use.

Your data is never used to train AI models. We use API-based processing only, which means your content is processed and discarded by the AI provider — it is not retained or used for model improvement. We select providers that offer contractual guarantees on this.

• Database and file storage: Supabase (infrastructure hosted on AWS, EU region). Your inspection data, account data, and uploaded files are stored here.
• AI processing: OpenAI (USA) and Anthropic (USA) process data transiently under data processing agreements. No data is retained by these providers after processing.
• Automation: n8n Cloud (EU) orchestrates background workflows (e.g. triggering AI processing when you finish an inspection).
• Website hosting: Vercel (global CDN, primary in EU).

Where data is transferred outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by the GDPR.

We use the following cookies:

You can change your analytics cookie preference at any time by clicking "Cookie Settings" in the website footer.

• Account and inspection data: Retained for as long as your account is active. If you delete your account, we will delete your data within 30 days, unless we are legally required to retain it.
• Analytics data: Retained by Google Analytics for 14 months, then automatically deleted.
• Server logs: Automatically deleted after 30 days.

Under the GDPR, you have the right to:

• Access your personal data — request a copy of what we store
• Rectify inaccurate data — ask us to correct errors
• Erase your data — request deletion of your account and associated data
• Restrict processing — ask us to temporarily stop processing certain data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent for analytics cookies at any time via the cookie banner

To exercise any of these rights, email us at privacy@outsideinput.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We protect your data with the following measures:

• All data transmitted over HTTPS (TLS encryption)
• Passwords hashed using industry-standard algorithms (bcrypt via Supabase Auth)
• Row Level Security (RLS) on all database tables — users can only access their own data
• Private storage bucket with signed, time-limited URLs for media access
• No shared access to inspection data between users (per-account isolation)

We use the following third-party services to operate outside/input.:

Our service is designed for professional use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

We may update this privacy policy from time to time. When we make significant changes, we will update the "Last updated" date at the top. We encourage you to review this page periodically.

If you have any questions about this privacy policy or how we handle your data: