Privacy Policy

Effective: April 3, 2026

1. Who We Are

Azimuth ("we," "us," "our") is a values-aligned planning application operated by Endurance Digital Ventures LLC, based in Fort Collins, Colorado. This policy describes how we collect, use, and protect information when you use Azimuth at azimuthplanner.com or through our mobile applications.

2. Information We Collect

Account information. When you sign in with Google, we receive your email address and basic profile name via Google OAuth (using the openid, email, and profile scopes). We use your email solely for authentication and account identification.

Planning data. Everything you write in Azimuth — journal entries, goals, values, rapid log items, weekly and monthly reflections, collections — is stored in our database (hosted by Supabase) associated with your user account. We do not read, analyze, mine, or sell this data.

Calendar data. If you connect your Google Calendar, we request read-only access to your calendar events (using the calendar.events.readonly scope). Calendar data is fetched directly from Google's API by your device and is never transmitted to or stored on our servers. We store only a boolean indicating whether you have connected a calendar and your display preference (event titles visible or busy-only). You can disconnect your calendar at any time from Settings, which immediately revokes access.

AI coaching data. If you use AI coaching features (available on eligible tiers), the relevant portions of your planning data are sent to Anthropic's Claude API to generate coaching responses. This data is processed according to Anthropic's privacy policy. Anthropic does not use API inputs to train its models. Coaching responses are cached within your account data so we don't need to re-send data for the same session.

Push notification subscriptions. If you enable reminders, we store your device's push subscription endpoint and your preferred notification times. Each device is stored separately. Subscription data is deleted when you disable notifications or when a subscription expires.

Technical data. We use essential cookies and localStorage for authentication state, dark mode preference, and notification settings. We do not use tracking cookies or advertising cookies. Our hosting provider (Vercel) may collect standard server logs (IP address, request timestamps) as part of normal infrastructure operation.

Analytics. We collect anonymous product usage data through PostHog to understand how features are used and improve the application. Analytics are enabled by default and can be disabled at any time from Settings. Analytics use hashed, non-identifiable user IDs — we cannot connect analytics data to your identity. No cookies are used for analytics (memory-only persistence). We honor the Global Privacy Control (GPC) browser signal: if your browser sends a GPC signal, analytics are automatically disabled. Analytics data is never combined with your planning content. On our public pages (landing page, blog), we collect anonymous pageview and engagement data with no cookies and no personally identifiable information.

3. How We Use Your Information

We use your information to:

• Authenticate you and secure your account
• Store and sync your planning data across devices
• Generate AI coaching insights when you request them
• Send push notification reminders at your chosen times
• Maintain and improve the application's reliability
• Understand aggregate feature usage through anonymous analytics (enabled by default, opt-out available in Settings)

We do not use your information to build user profiles, serve advertisements, conduct behavioral analytics, or train AI models.

4. Information Sharing

We do not sell, rent, or share your personal data with third parties, with these limited exceptions:

• Infrastructure providers: Your data is stored on Supabase (database) and served via Vercel (hosting). Both process data on our behalf under their respective privacy commitments.
• Analytics provider: Anonymous usage events are sent to PostHog (enabled by default, opt-out in Settings). These events contain no personal planning content and use hashed, non-identifiable user IDs. No cookies are used. We honor the Global Privacy Control (GPC) browser signal.
• AI provider: When you use AI coaching features, relevant data is sent to Anthropic's Claude API. This occurs only when you explicitly request coaching.
• Legal requirements: We may disclose information if required by law, subpoena, or court order.

5. AI Coaching Data

Provider: AI coaching, alignment scoring, and values discovery features are powered by Anthropic's Claude API.

What is transmitted: Goals, core values, daily wins, habit scores, weekly planning data, life area scores, and coaching history — only the sections relevant to the specific AI request.

What is NOT transmitted: Your email address, account ID, rapid log free-text entries (unless part of a coaching prompt context), or evening journal entries.

Retention: Anthropic does not retain API inputs or outputs for model training, per their API data usage policy.

User control: AI features require explicit consent before first use. A consent dialog explains what data is shared before any data leaves the app. You can revoke AI consent at any time from Guide → Privacy, which immediately prevents all AI features from transmitting data.

6. Data Security

Your data is protected by Supabase's Row Level Security (RLS) policies, which enforce that each user can only access their own data at the database level. All data is encrypted in transit (TLS) and at rest. API endpoints are authenticated via JWT verification and rate-limited to prevent abuse.

7. Data Retention

We retain your planning data for as long as your account is active. When you delete your data through the app, it is permanently removed from our primary database. Residual copies may persist in encrypted database backups for up to 30 days before being automatically overwritten. Server logs containing IP addresses and request metadata are retained for no more than 90 days.

If you delete your account, we will remove all associated data from our primary systems within 7 days. Backup retention follows the same 30-day cycle described above.

8. Your Rights and Controls

Export. You can export all your data as a JSON file at any time from the app's settings. This includes every entry, goal, value, and collection associated with your account.

Deletion. You can permanently delete all your data from within the app. Deletion removes all rows from our database associated with your account. This action is irreversible.

Notifications. You can enable, disable, or adjust notification times at any time from the app's settings. Disabling notifications removes your push subscription from our database.

AI consent. You can grant or revoke AI feature consent at any time from Guide → Privacy.

Analytics opt-out. Anonymous usage analytics are enabled by default. You can disable them at any time from Settings. Disabling analytics immediately stops all data collection. If your browser sends a Global Privacy Control (GPC) signal, analytics are automatically disabled regardless of the in-app setting.

9. Colorado Privacy Act

Endurance Digital Ventures LLC is incorporated in Colorado. If you are a Colorado resident, the Colorado Privacy Act (CPA) provides you with the following rights:

• Right to access: You may request a copy of your personal data. Use the in-app data export feature, or contact us.
• Right to correction: You may correct inaccurate personal data directly within the app.
• Right to deletion: You may delete your data at any time from within the app.
• Right to opt out: You may opt out of the processing of your personal data for targeted advertising or the sale of personal data. Azimuth does not engage in either activity.
• Right to data portability: You may export your data in a structured, machine-readable JSON format from Settings.

To exercise any right not available through self-service features, contact privacy@azimuthplanner.com. We will respond within 45 days.

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA provides you with similar rights to access, delete, and port your personal information. Azimuth does not sell personal information and does not share personal information for cross-context behavioral advertising. You may exercise your rights using the in-app controls described in Section 8 or by contacting privacy@azimuthplanner.com.

11. International Users

Azimuth is operated from the United States. If you are located outside the United States, please be aware that your data is transferred to and processed in the United States. By using Azimuth, you consent to this transfer. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, and port your data. To exercise these rights, contact privacy@azimuthplanner.com.

12. Children's Privacy

Azimuth is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or via email. The effective date at the top of this page indicates when the policy was last revised.

14. Contact

Questions about this policy? Contact us at privacy@azimuthplanner.com.