Privacy Policy

We collect the following categories of information:

Account Data

• Email address — required for authentication (magic link / OTP via Resend)
• Display name — for personalization and AI coaching context

Growth & Activity Data

• Goals — the transformation objectives you set within the platform
• Actions — AI-generated daily action plans and your completion records
• Mirror conversations — dialogue with our AI accountability coach, including emotional state signals
• Timeline & evolution data — weekly narrative summaries, XP, streaks, and level progression
• Outcomes — self-reported metrics (job applications, skills learned, income changes)

Session & Technical Data

• JWT session tokens — stored as HTTP-only cookies for web; Bearer tokens for iOS
• Authentication tokens — one-time-use magic link and OTP codes (auto-expire after 15 minutes)
• Device & browser information — collected automatically via server logs

Payment Data

• Stripe Customer ID & Subscription ID — we do not store credit card numbers directly. All payment processing is handled securely by Stripe

We use your information for the following purposes:

• Service delivery — authenticate your account, generate personalized action plans, power Mirror AI coaching sessions, and track your growth timeline
• AI personalization — analyze your emotional state, execution patterns, and goals to deliver contextually relevant guidance and interventions
• Security — prevent unauthorized access, detect fraudulent activity, and enforce rate limits via Upstash Redis
• Communication — send transactional emails (verification codes, magic links) via Resend. We do not send marketing emails without your explicit consent
• Analytics & improvement — aggregate, anonymized usage patterns to improve AI models and platform features
• Billing — manage your subscription, process payments, and handle refund requests through Stripe

IntelliGrowth AI uses artificial intelligence extensively. We believe in full transparency about how AI interacts with your data:

• AI engines — we use Google Gemini, Anthropic Claude, and OpenAI models for reasoning, coaching, and content generation
• Mirror conversations — your conversations with the AI coach are processed in real-time. Emotional state detection is used solely to provide better coaching, not for advertising or profiling
• Action generation — AI analyzes your goals and history to create personalized daily actions. This processing happens on-demand and is not pre-computed
• Data isolation — your data is never shared between users or used to train AI models without your explicit consent
• Human-first philosophy — AI amplifies your potential; it does not replace your judgment. All recommendations are suggestions, not directives

We do not sell your personal data. We share information only in these limited circumstances:

• Service providers — Stripe (payments), Resend (transactional email), Upstash (rate limiting), NeonDB (database hosting), Vercel (hosting). Each provider processes data under their own privacy policies
• AI providers — Prompts and contextual data are sent to Google, Anthropic, and OpenAI for processing. These providers process data per their respective data processing agreements
• Legal requirements — we may disclose information if required by law, court order, or governmental regulation
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

We use cookies strictly for functionality:

• Session cookie (ig-session) — an HTTP-only, secure JWT cookie used for authentication. Expires after 30 days of inactivity
• No advertising cookies — we do not use third-party advertising or tracking cookies
• No analytics cookies — we do not currently deploy client-side analytics trackers (e.g., Google Analytics)

• Account data — retained for the lifetime of your account, plus 30 days after deletion to allow recovery
• Authentication tokens — auto-expire after 15 minutes and are marked as used immediately upon verification
• Session tokens — expire after 30 days
• Mirror conversations — retained as long as your account is active
• Payment records — retained as required by tax and financial regulations (typically 7 years)

We implement industry-standard security practices:

• Encryption in transit — all data transmitted over HTTPS/TLS
• Token hashing — authentication tokens are stored with unique identifiers and are single-use
• HTTP-only cookies — session tokens cannot be accessed by client-side JavaScript, preventing XSS attacks
• Rate limiting — authentication attempts are rate-limited via Upstash Redis to prevent brute-force attacks
• Security headers — X-Content-Type-Options, X-Frame-Options (DENY), X-XSS-Protection, Referrer-Policy, and Permissions-Policy are enforced on all responses
• Database security — NeonDB with SSL/TLS connections and channel binding
• Cascade deletion — when a user account is deleted, all associated data (goals, actions, conversations, timeline entries, outcomes) are automatically purged

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate personal data
• Deletion — request deletion of your account and associated data ("Right to be Forgotten")
• Data portability — request your data in a structured, machine-readable format
• Restriction — request restriction of processing in certain circumstances
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at rachel.nguyen@intelligrowth.ai. We will respond within 30 days.

IntelliGrowth AI is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

Your data may be transferred to and processed in the United States and other countries where our service providers operate. By using IntelliGrowth AI, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Effective" date. Continued use of IntelliGrowth AI after any changes constitutes acceptance of the updated policy.

For privacy-related inquiries or to exercise your data rights, contact us: