Privacy Policy

What Information We Collect

Information You Provide

• Card Prompts: Optional text you enter when creating cards
• Generated Cards: The AI-generated content and associated images

Automatically Collected Information

• Device ID: Anonymous identifier stored in cookies for rate limiting
• Usage Analytics: Anonymous data about how you use the platform
• Technical Data: Browser type, device type, IP address (anonymized)

How We Use Your Information

Service Provision

• Generate personalized daily focus cards
• Store your card history for easy access
• Enforce fair usage limits (3 cards per day)
• Track your clarity streak for motivation

Platform Improvement

• Analyze usage patterns to improve user experience
• Monitor platform performance and reliability
• Understand which features are most valuable

Data Retention and Deletion

Automatic Deletion

• Cookies: Session cookies expire when you close your browser
• Streak Data: Deleted after 30 days of inactivity
• Rate Limit Data: Reset daily

Manual Deletion

You can request immediate deletion of all your data by:

• Clicking the "Delete My Data" link in the footer
• Emailing us at contact@symclarity.com

Data Sharing and Third Parties

We do not sell, rent, or share your personal data with third parties.

Service Providers

We work with trusted service providers who help us operate the platform:

• AI Providers: For generating card content (data is not stored by providers)
• Hosting Services: For platform infrastructure and reliability
• Analytics Services: For anonymized usage analytics only

Your Privacy Rights

GDPR Rights (EU Users)

• Right to Access: Request information about data we store
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your data
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to certain data processing

CCPA Rights (California Users)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Cookies and Tracking

Essential Cookies

• Device ID: Anonymous identifier for rate limiting and streak tracking
• Session Data: Temporary data for platform functionality
• Consent Preferences: Your privacy choices and consent status

Analytics Cookies (Optional)

• Usage Analytics: Anonymous data about platform usage
• Performance Monitoring: Platform performance and error tracking

You can decline non-essential cookies without affecting platform functionality.

Comprehensive Security & Data Protection

Technical Security Measures

Encryption & Transport Security

• HTTPS Everywhere: All connections use TLS 1.3 encryption
• Modern Cipher Suites: Only the strongest encryption algorithms are used
• HSTS Protection: Automatic HTTPS enforcement prevents downgrade attacks
• Secure Headers: Content Security Policy, X-Frame-Options, and other security headers

Infrastructure Security

• Regular Updates: Security patches applied promptly to all systems
• Secure Configuration: Server hardening and security best practices
• Access Controls: Multi-factor authentication and strict access permissions
• Monitoring: Comprehensive security monitoring and intrusion detection systems

Application Security

Input Validation & Protection

• Content Filtering: Automatic detection and blocking of harmful or inappropriate content
• Rate Limiting: Protection against abuse with configurable daily limits
• Input Sanitization: All user inputs are properly validated and cleaned
• SQL Injection Protection: Parameterized queries prevent database attacks
• XSS Prevention: Output encoding and Content Security Policy protect against cross-site scripting

Session & Authentication Security

• Secure Cookies: HttpOnly, Secure, and SameSite flags on all cookies
• CSRF Protection: Token-based protection on all state-changing operations
• Session Timeouts: Automatic session expiration for security
• Secure Random Generation: Cryptographically secure random values for all tokens

AI & Content Security

AI Safety Measures

• Multiple Safety Filters: Layered content filtering at multiple stages
• Prompt Injection Protection: Advanced safeguards against malicious prompts
• Content Moderation: Automated review of generated content
• Harmful Content Prevention: Zero tolerance for hate speech or harmful content

AI Provider Security

• Encrypted API Connections: All AI provider communications are encrypted
• No Data Persistence: AI providers don't store your prompts or generated content
• Provider Compliance: All AI providers meet our security standards
• Regular Audits: Ongoing verification of provider security practices

Data Protection & Privacy

Privacy-First Architecture

• Minimal Data Retention: Data is only kept as long as necessary for service operation
• Anonymous Device IDs: No personal information collected or stored
• Local Processing: Minimal data transfer with secure server processing
• No Third-Party Tracking: Zero external analytics or advertising trackers
• IP Anonymization: Last octet removed from all IP addresses

Security Reporting

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue:

• Email: contact@symclarity.com
• Response Time: We respond promptly to all security reports
• PGP Key: Available upon request for encrypted communications
• Bug Bounty: Program coming soon to reward security researchers

Compliance & Certifications

• GDPR Compliant: Full compliance with EU data protection regulations
• CCPA Compliant: Meets California privacy law requirements
• OWASP Standards: Following OWASP security best practices
• Regular Audits: Third-party security assessments conducted periodically

Children's Privacy

SymClarity is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Showing a notification on the platform for significant changes

Contact Us

If you have questions about this privacy policy or your data, contact us:

• Email: contact@symclarity.com
• Data Protection Officer: contact@symclarity.com
• Delete My Data: One-click data deletion