1. Introduction

SuccessTrail ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered goal achievement platform and services ("Service") available at successtrail.app.

This Privacy Policy applies to all users of our Service, including visitors to our website, registered users, and subscribers. By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

We are committed to compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regional privacy regulations.

2. Information We Collect

2.1 Personal Information You Provide

Account Information: When you create an account, we collect your name, email address, and encrypted password through our authentication provider (Supabase Auth).

Profile Information: Optional profile details such as avatar images, preferred start day for weekly planning, and personal preferences.

Goal and Progress Data: Information you provide about your goals, quests, weekly priorities, tasks, reviews, and progress tracking data.

Payment Information: Billing information including credit card details, billing addresses, and transaction history processed securely through Stripe. We do not store your complete payment card information on our servers.

Communications: Messages you send to us through support channels, feedback forms, or direct communications.

2.2 Information Automatically Collected

Usage Data: Information about how you interact with our Service, including pages visited, features used, time spent, click patterns, and user preferences.

Device Information: Technical information about your device, including IP address, browser type and version, operating system, device identifiers, and screen resolution.

Log Data: Server logs that include IP addresses, browser information, referring URLs, pages viewed, and timestamps.

Analytics Data: Aggregated and anonymized usage statistics to help us understand user behavior and improve our Service.

2.3 Information from Third Parties

AI Processing: When you use AI features, your goal and task data may be processed by OpenAI to generate personalized recommendations and action plans.

Image Services: We may retrieve images from Pexels based on your goal descriptions to enhance your experience.

Payment Processing: Stripe provides us with transaction information and payment status updates.

3. How We Use Your Information

3.1 Primary Service Functions

• Provide and maintain our goal achievement platform
• Create and manage your user account
• Generate AI-powered goal breakdowns and task recommendations
• Track your progress and provide analytics
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries

3.2 Service Improvement and Development

• Analyze usage patterns to improve our Service
• Develop new features and functionality
• Conduct research and analytics (using anonymized data)
• Ensure security and prevent fraud
• Comply with legal obligations

3.3 Communications

• Send important service updates and security notifications
• Provide customer support responses
• Send promotional emails (with your consent, where required)
• Notify you about changes to our Service or policies

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contract Performance: To provide our Service and fulfill our contractual obligations
• Legitimate Interest: To improve our Service, ensure security, and conduct business operations
• Consent: For marketing communications and optional features (where consent is required)
• Legal Obligation: To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We only share your information in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers who help us operate our Service:

• Supabase: Database hosting, authentication, and backend services
• OpenAI: AI-powered content generation and recommendations
• Stripe: Payment processing and subscription management
• Vercel: Web hosting and content delivery
• Pexels: Image search and display services

These providers are contractually bound to protect your information and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Account Data: Retained while your account is active and for a reasonable period after account deletion to handle any issues or legal requirements.

Transaction Records: Kept for tax and financial reporting purposes as required by law (typically 7 years).

Usage Analytics: Anonymized usage data may be retained indefinitely for service improvement purposes.

Legal Hold: Data may be retained longer if subject to legal proceedings or regulatory investigations.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

• Request access to your personal data
• Receive a copy of your data in a portable format
• Export your goals, tasks, and progress data through our platform

7.2 Correction and Deletion

• Correct inaccurate or incomplete personal data
• Request deletion of your personal data ("right to be forgotten")
• Delete your account and associated data through account settings

7.3 Control and Objection

• Object to processing based on legitimate interests
• Restrict processing of your personal data
• Withdraw consent for marketing communications
• Opt-out of promotional emails via unsubscribe links

7.4 How to Exercise Your Rights

To exercise these rights, contact us at support@successtrail.app. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

8. International Data Transfers

Our Service operates globally, and your information may be transferred to, and maintained on, servers located outside of your country or jurisdiction where privacy laws may differ.

EU Data Transfers: For transfers from the EU, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Service provider certifications and safeguards

Service Provider Locations:

• Supabase: United States (with EU data residency options)
• OpenAI: United States
• Stripe: Global infrastructure with regional data processing
• Vercel: Global content delivery network

9. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption
• Access Controls: Strict role-based access controls and regular access reviews
• Infrastructure Security: Secure hosting environments with regular security updates
• Authentication: Multi-factor authentication for administrative access
• Monitoring: Continuous security monitoring and incident response procedures
• Regular Audits: Periodic security assessments and vulnerability testing

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze Service usage:

Essential Cookies: Required for basic Service functionality, including authentication and security.

Analytics Cookies: Help us understand how users interact with our Service to improve functionality.

Preference Cookies: Remember your settings and preferences for a personalized experience.

You can control cookie settings through your browser preferences. Disabling certain cookies may limit Service functionality.

11. Children's Privacy

Our Service is not intended for children under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 13, please contact us immediately.

For users between 13 and 18, we recommend parental or guardian involvement in account creation and ongoing use of the Service.

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at support@successtrail.app with "California Privacy Request" in the subject line.

13. AI Data Processing and OpenAI

When you use our AI features, your goal and task information may be processed by OpenAI to generate personalized recommendations:

• Goal descriptions and task information may be sent to OpenAI's API
• OpenAI processes this data according to their privacy policy and data usage policies
• We do not send personally identifiable information (like names or emails) to OpenAI
• AI-generated content is returned to you and stored in our database
• You can opt-out of AI features and use manual goal planning instead

For more information about OpenAI's data practices, please review their privacy policy at https://openai.com/privacy.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Report to relevant authorities as required by law
• Provide clear information about what data was affected
• Explain the steps we're taking to address the breach
• Offer guidance on protective measures you can take

15. Third-Party Services and Links

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to these external sites or services. We encourage you to review the privacy policies of any third-party services you use.

Integrated Services:

• Supabase: Database and authentication services
• Stripe: Payment processing
• OpenAI: AI content generation
• Pexels: Image services
• Vercel: Hosting and deployment

16. Business Analytics and Aggregated Data

We may use aggregated, anonymized data for business analytics, research, and service improvement. This data cannot be used to identify individual users and may include:

• Usage patterns and feature adoption rates
• Performance metrics and system optimization
• Market research and product development insights
• Academic research collaboration (with anonymized data only)

17. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Notify you by email (if you have an account with us)
• Post a notice on our website
• Update the "Last Updated" date at the top of this policy
• For significant changes, provide advance notice and obtain consent where required

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

18. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Contact:
Email: support@successtrail.app
Website: successtrail.app

Privacy-Specific Inquiries:
Email: privacy@successtrail.app
Subject: Privacy Policy Inquiry

GDPR Representative (EU users):
For users in the European Union, you may also contact our data protection representative at gdpr@successtrail.app

We aim to respond to all privacy-related inquiries within 30 days or as required by applicable law.

19. Supervisory Authority Rights

If you are located in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

You can find contact information for EU data protection authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

This Privacy Policy was last updated on 2025-01-01. By using SuccessTrail, you acknowledge that you have read, understood, and agree to this Privacy Policy.