Privacy Policy

At DunbarrioSolo, privacy is not a compliance requirement — it is the fundamental premise of the application. An emotional practice cannot happen safely if you feel you are being watched or monetized. This policy outlines exactly what data we collect, how our AI processes it, and how we protect your boundaries. It reflects the app's current product behavior, including encrypted journal storage, AI processing, export, retention settings, and permanent account deletion.

1. What We Collect

We do not collect device identifiers, advertising IDs, location data (beyond the optional hometown ZIP you may provide), contacts from your phone, browsing history outside the app, biometric data, or data from other apps on your device.

2. How We Use Your Data

We use your data to:

• create and maintain your account
• store your circles, embraces, ledger entries, and Weekly Weaves
• generate AI-assisted mascot responses and Weekly Weave summaries you request
• manage subscription access and billing state
• support data export, account deletion, security, and abuse prevention

We do not use your data for advertising, profiling for third parties, or any purpose beyond operating and improving the app.

3. AI Processing

To provide mascot responses, sentiment analysis, and the Weekly Weave, we securely transmit your data to our AI providers (Anthropic Claude for paid tiers, Google Gemini for free tier). Here is the strict protocol:

• Ephemeral processing. When you send an embrace, the text is sent securely via our backend Edge Functions to the AI model. The AI analyzes it to generate a character voice response and an emotion token. The text exists in the AI's memory only for the few seconds it takes to respond. The model providers do not use your private journal entries to train their foundational models.
• Weekly Weave synthesis. Once a week, your recent activity — moods, ledger logs, journal sentiments, and entries you flagged with "Save for Weave" — is compiled and processed by the AI to generate your personal narrative portrait.
• No client-side keys. API keys never touch your device. All AI communication happens server-to-server over HTTPS.

You have the option to toggle off "Let the Mascot Answer" on any embrace. Entries sent without this toggle do not reach the AI provider.

4. Encryption and Retention

Encryption. Sensitive journal fields — embrace text, mascot responses, Weekly Weave narratives, and conversation histories — are encrypted using AES-256-GCM before being stored. The encryption key is kept separately from the database. The database contains encrypted ciphertext, not readable text.

Retention. You control how long your journal text is stored via the retention setting in your Profile:

When retained text expires, the words are permanently removed. Higher-level metadata — mood, energy, emotion tokens, and derived Weekly Weave patterns — may remain so your longitudinal reflections continue to work.

Weekly Weave narratives are not subject to retention deletion. They are AI-generated summaries that reference patterns, not verbatim journal text.

5. Sharing and the "Solo" Phase

During the Solo phase of your practice:

• We do not sell, rent, or trade your personal data, journal entries, or relational maps to third parties or advertisers.
• Your data is visible only to you. There is no public feed, no follower system, and no broadcast mechanism.
• If you eventually choose to engage in the "Selective Sharing" or "Mutual Engagement" phases, you maintain explicit control over what specific segments of your Weekly Weave are shared, and with whom. Raw journal text is never shared with other users.

We do not describe the app as ad-supported, and we do not position your emotional patterns as a product. We make money from subscriptions. That is the entire business model.

6. Service Providers

We use infrastructure and service providers to operate the app:

We do not use data brokers, analytics platforms, advertising networks, or third-party tracking technology. There is no Google Analytics, no Facebook Pixel, no tracking cookies.

7. Stripe and Payment Information

Payments and subscription management are handled through Stripe. We do not store full card details in the app database. Stripe may retain customer and transaction records for legal, accounting, fraud-prevention, and compliance purposes, even if your app account is later deleted.

8. Local Storage and Authentication

The app uses a session cookie (set by Supabase Auth) to maintain your login state. This is a strictly necessary, first-party cookie — the app cannot function without it. The app may also use browser or device storage to preserve essential client-side state. Clearing local storage or signing out removes those local session artifacts from that device.

9. Your Controls

You can use in-app settings to:

• change your profile information at any time
• set journal retention preferences (30 days, 90 days, 1 year, or forever)
• export all your stored data via the Ledger Export feature (.txt, .md, .csv)
• permanently delete your account and all associated data

Account deletion is immediate and irreversible. Upon deletion, we hard-delete your account credentials, journal entries, ledger history, circle architecture, Weekly Weave archive, and progression data from our active databases. We recommend exporting your data before deleting.

10. Your Rights by Jurisdiction

Regardless of where you live, every user has access to export, correction, and permanent deletion via in-app controls.

• EU/EEA residents (GDPR): You have the right to lodge a complaint with your local Data Protection Authority. Our legal basis for processing is performance of contract and legitimate interest.
• California residents (CCPA): We do not sell personal information or share it for cross-context behavioral advertising. Contact privacy@dunbarrios.com for data disclosure requests.
• Washington State residents: Under the My Health My Data Act, emotional journaling data may qualify as consumer health data. We obtain consent via the privacy consent modal on first use. You may withdraw consent by deleting your account.

11. Security

We use reasonable technical and organizational measures to protect the service including AES-256 encryption at rest, Row Level Security on all database tables, server-side secret management, HTTPS for all data in transit, input sanitization, rate limiting, and bot protection. No system can promise absolute security. If we discover a breach affecting your data, we will notify affected users within 72 hours.

12. Children

The app is not directed at anyone under 16. If we discover that a user is under 16, we will delete their account and all associated data.

13. Changes to This Policy

If this policy changes materially, we will publish a new version and ask you to review and accept it the next time you sign in. The app tracks which policy version you accepted.