1. Introduction
The Catalyst Project LLC ("we," "our," or "us") operates Catalyst OS (catalystproject.ai). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including The Mirror dashboard, calculator suite, and consulting services.
We are committed to protecting your privacy and being transparent about our data practices. Please read this policy carefully to understand how we handle your information.
2. Information We Collect
2.1 Account Information
- Email address (required for account creation)
- Full name (optional)
- Password (hashed, never stored in plain text)
- Profile preferences and settings
2.2 Mirror Dashboard Data
When you use The Mirror, we collect data you explicitly provide:
- Journal entries and reflections
- Goals, milestones, and progress updates
- Dimension scores and self-assessments (Mind, Body, Heart, Wealth, Spirit)
- Chat conversations with the AI assistant
- Onboarding responses (life stage, focus areas, preferences)
- Achievement and challenge progress
2.3 Calculator Data
- Calculator inputs you provide (age, weight, financial figures, etc.)
- Calculated results and outputs
- Saved calculator snapshots (if you choose to save to your Mirror)
2.4 Payment Information
- Payment processing is handled entirely by Stripe
- We store only your Stripe customer ID and subscription status
- We never see or store your full credit card number
- Billing history is maintained by Stripe
2.5 Newsletter Subscription
- Email address
- Subscription preferences and frequency
- Email engagement metrics (opens, clicks)
- Subscription source and UTM parameters
2.6 Automatically Collected Information
- Device information (browser type, operating system, device type)
- Usage data (pages visited, features used, time spent)
- IP address and approximate geographic location
- Referral source (how you found us)
- Cookies and similar tracking technologies (see Section 8)
3. How We Use Your Information
3.1 To Provide Our Services
- Create and manage your account
- Process subscriptions and payments
- Deliver personalized AI insights based on your Mirror data
- Save and retrieve your calculator results
- Track your goals, achievements, and progress
- Send transactional emails (receipts, password resets, etc.)
3.2 To Improve Our Services
- Analyze usage patterns to improve features
- Debug issues and fix errors
- Develop new calculators and tools
- Optimize AI responses and personalization
3.3 To Communicate With You
- Send the weekly newsletter (if subscribed)
- Notify you of important account changes
- Respond to support requests
- Send service announcements and updates
4. AI Processing and Data Usage
Important: Your Mirror data is used to personalize AI responses for you. Your data is never used to train AI models and is never accessible to other users.
4.1 How AI Uses Your Data
- Your journal entries, goals, and calculator results are retrieved to provide context for AI conversations
- Data is sent to Anthropic (Claude) for processing AI responses in real-time
- OpenAI is used only for generating text embeddings (vector representations) to enable search functionality
- AI conversations are stored to maintain chat history and continuity
4.2 What We Do NOT Do
- We do not use your data to train AI models
- We do not share your personal data with other users
- We do not sell your data to third parties
- We do not use your data for advertising targeting
- We do not combine your data with external data sources
5. Data Storage and Security
5.1 Where Your Data Is Stored
- Primary database: Supabase (PostgreSQL) with servers in the United States
- Application hosting: Vercel (United States)
- Payment data: Stripe (PCI-DSS compliant)
- Email delivery: Resend
5.2 Security Measures
- All data is encrypted in transit (TLS/HTTPS)
- Database encryption at rest
- Row-Level Security (RLS) ensures users can only access their own data
- Passwords are hashed using industry-standard algorithms
- Regular security audits and updates
- Access controls limit employee access to user data
Data Isolation: Your Mirror data is stored in isolated database rows with Row-Level Security (RLS) policies. This means your personal data, journal entries, and AI conversations are cryptographically separated from other users' data at the database level.
6. Third-Party Services
We use the following third-party services to operate Catalyst OS:
Supabase
Database hosting, authentication, and real-time features. Your account data, Mirror content, and calculator snapshots are stored here.
Stripe
Payment processing for subscriptions and consulting services. Stripe is PCI-DSS Level 1 compliant. We never see your full card number.
Anthropic (Claude)
AI assistant powering The Mirror chat and insights. Your data is sent to Claude for processing but is not used to train their models.
OpenAI
Text embeddings for search functionality. Only text content is processed; no personal identifiers are sent.
Vercel
Application hosting and deployment. Basic analytics for performance monitoring.
Resend
Email delivery for newsletters, transactional emails, and notifications.
Cal.com
Scheduling for consulting sessions. Your name and email are shared when you book a session.
7. Your Rights and Choices
You have the following rights regarding your data:
7.1 Access and Portability
- View all data we have about you through your account settings
- Export your data in a portable format (JSON)
- Request a complete copy of your data via email
7.2 Correction and Deletion
- Edit or correct any data in your account
- Delete individual entries, goals, or chat conversations
- Delete your entire account and all associated data
- Request deletion via email if you cannot access your account
7.3 Communication Preferences
- Unsubscribe from the newsletter at any time (one-click in any email)
- Manage notification preferences in your account settings
- Opt out of non-essential communications
8. Cookies and Tracking
8.1 Essential Cookies
We use essential cookies that are necessary for the website to function:
- Authentication tokens (to keep you logged in)
- Session management
- Security tokens (CSRF protection)
8.2 Analytics
We use privacy-respecting analytics to understand how visitors use our site. We do not use Google Analytics or other invasive tracking tools.
8.3 What We Don't Do
- No third-party advertising cookies
- No cross-site tracking
- No selling of cookie data
- No fingerprinting
9. Data Retention
- Active accounts: Data is retained as long as your account is active
- Deleted accounts: Data is permanently deleted within 30 days of account deletion
- Newsletter unsubscribes: Email removed immediately; engagement history retained for 90 days for analytics
- Payment records: Retained for 7 years as required by tax law
- Server logs: Automatically deleted after 90 days
10. Children's Privacy
Catalyst OS is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@catalystproject.ai. We will take steps to delete such information.
11. International Data Transfers
Our services are hosted in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States. By using our services, you consent to this transfer. We ensure appropriate safeguards are in place for any international data transfers.
12. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect and how it is used
- Right to delete your personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email (if you have an account) or by posting a prominent notice on our website at least 30 days before changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@catalystproject.ai
The Catalyst Project LLC
San Antonio, Texas, United States
For data deletion requests or to exercise your privacy rights, email us with the subject line "Privacy Request" and include your account email address.