Privacy Policy
Last Updated: May 2026 | Effective Date: January 2026
1. Introduction
Crualitics ("we," "us," "the Platform") is owned and operated by Sebastian Solo. We take your privacy seriously. This policy explains what data we collect, how we use it, and the rights you have over it. By using Crualitics, you agree to this Privacy Policy.
2. Information We Collect
Account Information
- Email address (required for login and account recovery)
- Phone number (optional — only collected if you provide one for SMS security codes)
- Password (stored encrypted using bcrypt hashing — we never see it)
- Display name or username
Wellness & Journaling Content
- Journal entries, Truth Stack entries, Acknowledgment Stack entries
- Conversations with CRUAL Solo
- Life Assessment responses and Game Plan goals
- Your data is encrypted in transit (HTTPS/TLS) and protected at rest by our database provider's managed encryption
Technical Data
- Device type, browser, and operating system
- IP address (used only for security and rate limiting)
- Anonymous usage analytics (page views, feature usage)
3. How We Use Your Information
- Provide the Service: Your wellness content powers CRUAL Solo's memory so she can support your journey.
- Account Security: Send password reset codes via SMS or email, detect suspicious activity.
- Communications: Send wellness reminders (only if you opt in), important account notices, and crisis support messages.
- Improve the Platform: Anonymous analytics help us understand what's working — we never identify individual users in analytics.
- Payment Processing: Subscription payments are handled by Stripe; we never store your full credit card number.
4. How We Protect Your Data
- Encryption in Transit & At Rest: Your data is encrypted in transit using HTTPS/TLS and protected at rest by our database and hosting provider's managed encryption controls.
- Password Hashing: Passwords are hashed with bcrypt — even we can't read them.
- JWT Authentication: Sessions use signed JSON Web Tokens stored in HttpOnly cookies.
- HTTPS Only: All traffic is encrypted in transit.
- Database Security: Hosted on Neon PostgreSQL with managed encryption and backups.
5. What We Do NOT Do
- We do NOT sell your data. Your information is never sold to third parties — period.
- We do NOT share your wellness content. Your journals and conversations with CRUAL are confidential.
- We do NOT use your data to train external AI models. Your story stays with you.
- We do NOT send marketing texts. SMS is used only for security codes and (if you opt in) wellness reminders.
6. SMS & Text Messaging
If you provide a phone number, you agree to receive account security codes (such as password reset one-time passcodes) from Crualitics. Message frequency varies. Message and data rates may apply.
- Account Security Codes: One-time passcodes for password reset and identity verification — sent automatically and not optional.
- Optional Wellness Reminders: Daily check-ins, journaling nudges, and goal updates — only sent to users who opt in.
- Crisis Support: Emergency resource messages if crisis-level content is detected.
- Reply HELP for help. Reply STOP to opt out of non-security messages, or START to opt back in.
- SMS consent is not a condition of purchasing any goods or services. Your phone number is never sold or shared with third parties for marketing.
7. Third-Party Services
- Anthropic (Claude AI): Powers CRUAL Solo's responses. Conversations are processed but not retained by Anthropic for training.
- Stripe: Processes subscription payments. Stripe's privacy policy applies to payment data.
- SendGrid: Sends transactional emails (password resets, account notices).
- Twilio: Sends SMS security codes and optional wellness reminders.
- Neon: Hosts our PostgreSQL database with managed encryption.
- Google Analytics: Anonymous usage analytics. No personally identifiable information is shared.
8. Your Rights
- Access your data: Request a copy of all data we hold about you.
- Correct your data: Update any inaccurate information through your account settings.
- Delete your account: Request permanent deletion of your account and all associated data.
- Opt out of SMS: Reply STOP to any wellness reminder text. Security codes are not optional.
- Opt out of analytics: Use browser-level Do Not Track or analytics-blocking extensions.
To exercise any of these rights, email CrualityLLC@gmail.com with your request.
9. Data Retention & Account Deletion
We retain your account data for as long as your account is active. If you delete your account, we permanently remove your personal information and wellness content within 30 days, except where retention is required by law (e.g., payment records for tax purposes).
If a subscription payment fails or is not renewed, your account follows this lifecycle, measured from the date of the failed or missed payment:
- Days 0–30 (Grace): Account stays active with daily reminders to update payment.
- Day 30 (Frozen): Access is paused until your balance is paid up to date.
- Day 60 (Archived): The account is removed from the live platform and moved to secure archive storage.
- Day 150 (Deleted): After 90 days in archive, all data is permanently and irreversibly deleted.
Founding/grandfathered members, approved veterans within their benefit window, administrators, and designated lifetime accounts are exempt from this automated deletion process.
10. Children's Privacy
Crualitics is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, please contact us immediately for removal.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice. The "Last Updated" date at the top reflects the most recent revision.
12. Contact Us
Email: CrualityLLC@gmail.com
Platform: Crualitics