Legal

Privacy Policy

Innovation Practice LLC Last updated: June 30, 2026 support@howmightwe.ai

This Privacy Policy explains how Innovation Practice LLC (Company, we, us, or our) collects, uses, discloses, and protects personal information when you use HowMightWe.ai, available at https://www.howmightwe.ai, and any related website, application, content, or service that links to this Privacy Policy (the Service).

HowMightWe.ai helps users reframe messy problem statements into clearer brainstorming questions using AI-supported design-thinking methods.

Innovation Practice LLC is a Wyoming limited liability company registered at 1309 Coffeen Avenue, Sheridan, WY 82801, United States. For privacy questions or requests, contact us at support@howmightwe.ai.

01Scope

This Privacy Policy applies to personal information we process through the Service. It does not apply to third-party websites, services, or platforms that we do not control.

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18.

02Personal information we collect

We collect personal information in the following ways.

Information you provide

Depending on how you use the Service, you may provide:

  • Inputs and project content, such as problem statements, prompts, notes, saved reframes, feedback, and other text you submit to the Service.
  • Account information, when you create or use an account, such as your name, email address, profile image, authentication identifier, and account settings.
  • Communications, such as messages you send to us, support requests, feedback, survey responses, or other correspondence.
  • Marketing preferences, such as whether you choose to receive updates or unsubscribe from them.
Please do not submit sensitive personal information, regulated data, confidential business information, trade secrets, or information you are not authorized to share unless you understand and accept the risks of using an online AI-assisted service.

Information collected automatically

When you use the Service, we and our service providers may automatically collect:

  • IP address;
  • browser type and version;
  • device type, operating system, and device identifiers;
  • pages or features viewed;
  • referring and exit pages;
  • dates, times, and duration of use;
  • approximate location derived from IP address;
  • diagnostic logs, crash reports, performance data, and security events; and
  • cookie and similar technology data.

Information from third-party sign-in providers

If you sign in through a third-party provider such as Google or X (Twitter), or through a one-time email sign-in link, we may receive information permitted by that provider and your settings, such as your name, email address, profile image, and authentication identifier. We do not receive your password for that third-party account.

03How we use personal information

We use personal information to:

  • provide, operate, maintain, and improve the Service;
  • process your Inputs and generate Outputs;
  • create and manage accounts;
  • save preferences or saved work if you choose to use those features;
  • respond to support requests, feedback, and inquiries;
  • analyze usage, diagnose bugs, monitor performance, and improve reliability;
  • protect the Service, prevent abuse, detect security incidents, and enforce our Terms of Use;
  • communicate with you about Service updates, security notices, and administrative messages;
  • send marketing or product updates if you opt in or where otherwise permitted by law, with the ability to unsubscribe;
  • comply with legal obligations and respond to lawful requests; and
  • evaluate or complete a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.

We may use aggregated or de-identified information that does not reasonably identify you for analytics, product improvement, research, or other lawful purposes.

04AI processing

The Service uses AI-supported systems to process your Inputs and generate Outputs. To provide the Service, we may transmit Inputs, Outputs, and related technical information to AI model providers or infrastructure providers acting on our behalf.

Do not submit information you are not authorized to share. AI-generated Outputs may be inaccurate, incomplete, non-unique, or unsuitable for your intended use. You are responsible for reviewing and validating Outputs before relying on them.

05Legal bases for processing — EEA/UK users

If you are located in the European Economic Area, the United Kingdom, or a similar jurisdiction, our legal bases for processing personal information may include:

  • Contract: to provide the Service and perform our Terms of Use;
  • Legitimate interests: to secure, maintain, troubleshoot, analyze, and improve the Service, respond to inquiries, prevent abuse, and conduct ordinary business operations;
  • Consent: where required for certain cookies, marketing communications, or optional processing;
  • Legal obligations: to comply with applicable laws, enforce legal rights, and respond to lawful requests; and
  • Vital interests or public interests: only where applicable and legally permitted.

Where we rely on consent, you may withdraw your consent at any time.

06Cookies and similar technologies

We may use cookies, local storage, pixels, and similar technologies to operate and improve the Service. These technologies may be used for:

  • Essential functions, such as security, authentication, load balancing, and remembering privacy preferences;
  • Preferences, such as remembering interface choices;
  • Analytics and performance, such as understanding how users interact with the Service and diagnosing problems; and
  • Communications, such as measuring whether Service emails are opened or links are clicked.

Browser storage of in-progress work. If you use the Service without an account, your in-progress problem statement and generated reframes are held in your browser (in session and local storage on your device), not on our servers, so they survive a page refresh and can carry over if you choose to sign in. Any in-progress draft kept in local storage is cleared when it migrates to your account on sign-in, when you sign out, and otherwise no later than 7 days after your last activity. Clearing your browser storage removes this data.

You can control cookies through your browser settings. If you block certain cookies, parts of the Service may not work properly.

If we use non-essential cookies where consent is required, we will provide a consent mechanism where required by applicable law.

07How we disclose personal information

We may disclose personal information to:

  • Service providers and processors that help us operate the Service, such as hosting, cloud infrastructure, database, authentication, analytics, security, logging, error monitoring, email delivery, session replay, and AI model providers;
  • Professional advisers, such as lawyers, accountants, auditors, and insurers;
  • Authorities or third parties when legally required, such as to comply with law, subpoena, court order, or lawful government request;
  • Parties involved in business transactions, such as a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets;
  • Affiliates, if any, that process information consistently with this Privacy Policy; and
  • Other parties with your consent or at your direction.

We do not sell your personal information for money. We do not share your personal information for cross-context behavioral advertising as those terms are commonly used under California privacy law. If this changes, we will update this Privacy Policy and provide required opt-out rights.

08Service providers

The Service may use providers in categories such as:

  • cloud hosting and infrastructure;
  • database and storage;
  • AI model processing;
  • authentication, including third-party sign-in providers;
  • analytics and product usage measurement;
  • logging, error monitoring, and security;
  • email delivery and customer communications; and
  • website performance and reliability tools.

Examples of providers that may be used include Google services, email delivery providers, analytics providers, crash/error monitoring providers, session replay or debugging providers, and AI model providers. The exact providers may change over time as the Service evolves.

09Data retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • for signed-in users, account information and saved work are retained on our servers while your account is active, until you delete them or delete your account, subject to backups and legal obligations;
  • Inputs, Outputs, and saved work are retained while needed to provide the Service, until you delete them or delete your account, subject to backups and legal obligations;
  • for users without an account, problem statements and reframes are not retained on our servers; they remain only in your browser as described in the Cookies and similar technologies section, and any in-progress draft kept in local storage is cleared no later than 7 days after your last activity;
  • support communications are retained as long as needed to respond, maintain business records, and resolve disputes;
  • technical logs, security logs, and analytics data are retained for limited periods appropriate to security, troubleshooting, analytics, and legal needs; and
  • legal, tax, accounting, and compliance records are retained as required by applicable law.

We may retain aggregated or de-identified information that does not reasonably identify you.

10International transfers

We are based in the United States, and your personal information may be processed in the United States and other countries where we or our service providers operate. These countries may have data protection laws different from those in your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as contractual commitments, standard contractual clauses, or other lawful transfer mechanisms.

11Security

We use reasonable technical, organizational, and administrative measures designed to protect personal information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for using the Service appropriately and for protecting access to any account credentials or third-party sign-in methods you use.

12Your privacy rights

Depending on where you live, you may have rights to:

  • access personal information we hold about you;
  • correct inaccurate personal information;
  • delete personal information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • receive a portable copy of certain personal information;
  • opt out of certain marketing communications;
  • opt out of sale or sharing where applicable; and
  • lodge a complaint with a data protection authority.

To exercise privacy rights, contact us at support@howmightwe.ai. We may ask you to verify your identity before responding. We will respond within the period required by applicable law.

If you have an account, you can delete individual saved problem statements yourself within the Service. If you use the Service without an account, your in-progress work lives only in your browser; you can remove it by clearing your browser storage, as described in the Cookies and similar technologies section.

13EEA/UK privacy rights

If you are in the EEA or UK, you may have rights under applicable data protection law, including the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

You also have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can try to resolve your concern.

14California privacy notice

This section applies to California residents to the extent the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), applies to our processing of your personal information.

Categories of personal information we may collect

Category Examples Collected
Identifiers Name, email address, IP address, account identifiers Yes
Customer records information Contact details you provide to us Yes, if provided
Protected classifications Age or other protected characteristics No, unless in Inputs
Commercial information Records of products or services considered or used Yes, if applicable
Internet or network activity Device data, usage logs, interactions with the Service Yes
Geolocation data Approximate location derived from IP address Yes
Sensory data Audio, visual, or similar data No, unless future features allow
Professional or employment information Job or company details No, unless in Inputs
Education information Student or education records No, unless in Inputs
Inferences Preferences or usage patterns from Service interactions Yes, limited form
Sensitive personal information Account login, precise location, government IDs, health data Not requested

Sources

We collect personal information from you, from your device and browser, from third-party sign-in providers if you use them, and from service providers that help us operate the Service.

Purposes

We use the categories above for the purposes described in Sections 3 and 4 of this Privacy Policy.

Disclosure

We may disclose the categories above to the recipients described in Section 7 of this Privacy Policy.

Sale, sharing, and sensitive personal information

We do not sell your personal information for money. We do not share your personal information for cross-context behavioral advertising. We do not use sensitive personal information to infer characteristics about you.

California rights

California residents may have the right to know, access, correct, delete, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights. To exercise these rights, contact us at support@howmightwe.ai.

15Marketing communications

If you receive marketing emails from us, you may unsubscribe using the link in the email or by contacting us. Even if you opt out of marketing emails, we may still send you non-marketing messages such as security, legal, account, and Service-related notices.

16Do not track

Some browsers offer a Do Not Track signal. There is no consistent industry standard for responding to these signals, and the Service does not currently respond to Do Not Track signals.

17Children's privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information to us, contact us at support@howmightwe.ai, and we will take appropriate steps to delete it.

18Third-party links

The Service may contain links to third-party websites or services. We do not control and are not responsible for the privacy practices, policies, or content of third parties. Review their privacy policies before providing personal information to them.

19Changes to this privacy policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice by posting the updated Privacy Policy on the Service, updating the date above, or using another reasonable method.

We will not use a Privacy Policy update to retroactively expand our rights to use personal information in a materially different way without appropriate notice or consent where required by law.

20Contact us

For privacy questions, requests, or to exercise your rights, contact us:

Innovation Practice LLC

1309 Coffeen Avenue
Sheridan, WY 82801
United States

Email: support@howmightwe.ai