Privacy Policy
Last updated: June 21, 2026
1. What We Collect
Account data (email, display name), goals and habits you create, calendar event metadata you authorize us to read, journal entries you write, and AI-generated insights derived from those inputs. Payment information is handled by our payment processor — we never see your card details.
2. How We Use It
To operate the Alignment Engine: compare planned actions against actual behavior, generate alignment scores and nudges, and produce your weekly reports. We do not sell your data, and we do not use your private content to train external AI models.
3. Calendar Integration
Calendar access is read-only and limited to event titles, times, and durations needed to reconcile behavior. You may revoke access at any time, which deletes synced event data from our systems within 30 days.
4. AI Processing
Generating alignment scores, nudges, and weekly reports requires sending relevant data to third-party AI providers (Google Gemini via the Lovable AI Gateway) under data-processing agreements. These providers do not retain or train on your inputs.
5. Storage & Security
Data is stored on our backend infrastructure with row-level access control. Connections are encrypted in transit (TLS). We perform regular backups and access reviews.
6. Your Rights
You can export or delete your data at any time from account settings. EU/UK residents have rights under GDPR (access, rectification, erasure, portability). California residents have rights under CCPA.
7. Retention
We retain account data while your account is active. Deleted accounts and their data are purged within 30 days, except where legally required.
8. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising cookies.
9. Changes
We will notify you of material changes by email. Continued use after notice constitutes acceptance.
10. Contact
Questions or data requests: privacy@northstar.app.