Behavior Insights

Privacy Policy

Last updated: April 28, 2026

1. Information We Collect

We collect only what is necessary to provide the Service:

  • Account information — your email address and optional phone number, provided at sign-up.
  • Journal content — the behavioral journal entries, behaviors, and tags you create.
  • Usage data — standard web server logs (IP address, timestamps, HTTP status codes) retained for up to 7 days for security and debugging.

We do not collect payment information directly. If billing is introduced, it will be handled by a PCI-compliant third-party processor and this policy will be updated accordingly.

2. How We Use Your Information

Your data is used exclusively to:

  • Provide and operate the Behavior Insights Service.
  • Send transactional emails (account confirmation, password reset).
  • Diagnose and fix technical issues.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your journal content to train machine-learning models without your explicit opt-in consent.

3. Data Storage and Security

Your data is stored on secured servers hosted by DigitalOcean (New York region). Access to the server is restricted by SSH key authentication.

Encryption at rest: Database-level encryption at rest is currently being implemented and will be in place prior to public launch. During the beta period, data is protected by server-level access controls and HTTPS in transit.

Encryption in transit: All data is transmitted over HTTPS/TLS. HTTP connections are automatically redirected to HTTPS.

4. Data Retention and Deletion

We retain your data for as long as your account is active. If you delete your account, all associated personal data — including journal entries, behaviors, and tags — will be permanently removed from our systems within 30 days.

To delete your account, contact us at brian.colfer@gmail.com. Backups containing your data are purged on a 7-day rolling schedule.

5. Data Sharing

We do not share your personal data with third parties except:

  • Hosting infrastructure — DigitalOcean stores your data as the cloud provider.
  • Email delivery — Mailgun is used to send transactional emails. Only your email address is shared for this purpose.
  • Legal requirements — if required by law, court order, or to protect the safety of users.

6. Analytics and AI Features

Behavior Insights does not currently use third-party analytics or tracking services. All pattern analysis (Data Discovery, Pattern Observations, Insights) is computed locally on our servers using only your own data.

If optional AI-powered features are introduced in future, we will request your explicit consent before any of your data is processed by an external AI service. You will be able to opt in or out independently of your core account.

7. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate information.
  • Deletion — request deletion of your account and all associated data.
  • Portability — request your journal data in a machine-readable format.

To exercise any of these rights, contact us at brian.colfer@gmail.com. We will respond within 30 days.

8. Cookies

We use session cookies solely to keep you signed in. We do not use advertising cookies, third-party tracking pixels, or any persistent cross-site tracking technology.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

10. Contact

For privacy-related questions or requests, contact: brian.colfer@gmail.com.