Privacy Policy

Last updated: May 17, 2026

1. Information We Collect

When you join the waitlist, we collect:

• Your email address (required)
• Your first name (optional)
• The source of your signup (e.g., UTM campaign parameters, referring URL)
• Basic technical data: IP address (hashed, not stored in plain text), user agent, timestamp

When you use the VisionBoardAI platform, we additionally collect:

• Your Vision + Identity Statement and identity pillars
• Daily protocols, reflections, and behavioral state data you provide
• Calendar event metadata (if you connect Google Calendar)
• Voice and camera input (processed to extract text; raw media is not stored)

2. How We Use Your Information

• To send you your waitlist confirmation and launch communications
• To generate your personalized daily protocols using AI
• To build and update your Identity Graph
• To improve the product through aggregate, anonymized analytics

We do not use your identity data to train shared AI models. We do not sell your data to third parties.

3. Operational Logging

Our backend services generate operational logs to support security monitoring, debugging, and performance analysis. These logs are stored in Google Cloud Logging.

What is logged per API request:

• HTTP method and request path (e.g., POST /plan/generate) — query strings are not logged
• HTTP response status code and request duration in milliseconds
• A pseudonymous request ID (randomly generated per request, not linked to personal identity)
• Authenticated user UID (for authenticated routes only) — no names or email addresses are included in logs
• Timestamp of the request

What is never logged: request bodies, email addresses, Identity Graph content, reflection text, calendar details, or any behavioral data you enter into the platform.

Retention: Operational logs are retained for 30 days and then automatically purged under Google Cloud Logging's default retention policy.

4. Error Monitoring

VisionBoardAI uses Sentry (sentry.io) for automated backend error and crash reporting. When a backend error occurs, Sentry captures: the error type and stack trace, the request path (without query strings), and the authenticated user's UID (no email, name, or personal content). Sentry event data is retained for 90 days. Sentry's privacy policy is available at sentry.io/privacy.

5. Local Storage & Shared Devices

The VisionBoardAI platform stores certain UI preferences and session state in your browser's local storage (e.g., theme selection, onboarding progress). If you use VisionBoardAI on a shared or public device, we strongly recommend signing out after each session and clearing your browser data. Local storage is not cleared automatically when you close the browser tab. Your Identity Graph and all personal data remain server-side and are only accessible after authentication — local storage contains no sensitive identity or behavioral data.

6. Data Storage & Security

Your data is stored in Google Firebase (Firestore), with industry-standard encryption in transit and at rest. Access is restricted to authenticated users only. Your Identity Graph is private to your account. Server-side field validation ensures no arbitrary data can be written to your account documents by a client application.

7. Data Export & Deletion

You can export your Identity Graph and all associated data at any time through the platform. You can request account deletion by emailing derek@visionboardai.org — we will process deletion requests within 30 days.

8. Third-Party Services

VisionBoardAI uses the following third-party services:

• Google Firebase — authentication, database, hosting, and cloud functions
• Google Gemini — AI protocol and reflection generation
• SendGrid — transactional emails (waitlist confirmation, launch notifications)
• Google Calendar API — calendar data (only if you opt in)
• Sentry — automated backend error monitoring (see Section 4)

9. Cookies

The marketing site (visionboardai.org) uses no tracking cookies. The platform app uses session cookies for authentication only.

10. Contact

For any privacy questions or data requests: derek@visionboardai.org