Legal

Privacy Policy

Last updated: December 2024

1. Introduction

At Stoic, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

We are committed to protecting the confidentiality of your personal information and ensuring that your data is handled responsibly. Please read this policy carefully to understand our practices.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and professional credentials (for coaches)
  • Profile Information: Bio, certifications, specializations, and profile photo
  • Payment Information: Billing address and payment method details (processed securely by our payment providers)
  • Communications: Messages you send through the platform and customer support inquiries

2.2 AI Companion Conversations (Clients)

When clients use the AI Companion, we collect conversation data to provide the service and generate Timeline insights. This includes:

  • Text of conversations with the AI Companion
  • Emotional patterns and themes identified by the AI
  • Breakthrough moments and progress markers
  • Session timestamps and frequency of use

2.3 Automatically Collected Information

  • Device information (type, operating system, browser)
  • IP address and approximate location
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our services
  • Generate Timeline insights for coaches (with client consent)
  • Process payments and manage accounts
  • Communicate with you about updates, features, and support
  • Analyze usage patterns to enhance user experience
  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Train and improve our AI systems (using anonymized, aggregated data only)

4. Timeline Data Sharing

4.1 Client Control

Clients have complete control over their Timeline data. You decide:

  • Whether to share your Timeline with a coach
  • Which time periods to share (full history or selected dates)
  • When to revoke access to your Timeline

4.2 What Coaches See

When you share your Timeline with a coach, they can view:

  • Daily emotional patterns and trends
  • Key themes and recurring topics
  • Breakthrough moments and significant insights
  • Your current emotional state before sessions

Coaches do not see the full transcripts of your AI conversations unless you explicitly choose to share them.

4.3 Revoking Access

You can revoke a coach's access to your Timeline at any time through your account settings. Once revoked, they will no longer be able to view any of your Timeline data.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strict role-based access with multi-factor authentication for staff
  • Regular Audits: Third-party security assessments and penetration testing
  • Secure Infrastructure: Hosted on SOC 2 Type II certified cloud providers
  • Monitoring: 24/7 security monitoring and incident response

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to industry best practices.

6. HIPAA Compliance

Where applicable, Stoic maintains compliance with the Health Insurance Portability and Accountability Act (HIPAA). This includes:

  • Business Associate Agreements (BAAs) with applicable partners
  • Administrative, physical, and technical safeguards for protected health information
  • Regular risk assessments and compliance audits
  • Employee training on HIPAA requirements

Coaches operating as covered entities should contact us to execute a Business Associate Agreement.

7. Data Retention

We retain your data according to the following guidelines:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • AI Conversation Data: Retained for 2 years or until you delete it, whichever is sooner
  • Timeline Data: Same as AI conversation data
  • Payment Records: Retained for 7 years for legal and tax compliance
  • Usage Analytics: Anonymized data may be retained indefinitely

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to certain types of processing
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at daria@cherniakk.com. We will respond within 30 days.

9. Third-Party Services

We work with trusted third-party services to operate our platform:

  • Cloud Hosting: For secure data storage and processing
  • Payment Processing: To handle transactions securely
  • Analytics: To understand platform usage (anonymized)
  • Communication: For email and notifications
  • AI Infrastructure: To power the AI Companion

All third-party providers are vetted for security and privacy practices. We maintain Data Processing Agreements where required.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality (authentication, security)
  • Analytics Cookies: Help us understand usage patterns (can be disabled)
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

11. Children's Privacy

Stoic is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us at daria@cherniakk.com.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for internal transfers

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page with an updated "Last updated" date
  • Sending you an email notification for significant changes
  • Displaying a notice within the platform

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: daria@cherniakk.com

Back to Home