Culmyra

Privacy Policy

Last updated: 7 July 2026

Culmyra works by looking at evidence you choose to give it. That makes privacy the product, not a compliance page: proof photos are private to you, sharing is opt-in per goal, and everything has a deletion schedule. This page says exactly what we collect, why, where it goes, and how long it lives.

1. What we collect

Account. Your email address, name (from you or your sign-in provider), timezone, and profile details you add (handle, bio). Passwordless sign-in means we never store a password.

Goals and check-ins. Goal titles, plans, notes, deadlines, stake amounts, and check-in history: the content of the commitments you make.

Proof photos. Photos you submit as evidence. They are stored in private storage that only your account can access, compressed on your device before upload.

Connected device data. Only what you explicitly connect: location events for zones you define (arrival at the gym, not a movement trail), health metrics (workouts, mindful minutes, steps), screen time totals, or data your own webhooks send. Each integration shows what it reads before you enable it.

Payments. Handled by Stripe. We store Stripe's references (customer and payment method identifiers) and a full audit log of stake events; your card number never touches our servers.

Technical. Push notification tokens for devices you enable, session cookies for sign-in, and a 30-day referral cookie if you arrive through an invite link. No advertising trackers.

2. What we use it for

To run the loop you signed up for: generating and adjusting your plan, scheduling reminders, verifying evidence against your goal, settling stakes at deadlines, sending the notifications and emails you have on, and powering features you opt into (sharing, cheers, leaderboard, the Pro enforcer). We also use aggregate, de-identified numbers (win rates, feature usage) to improve the product.

AI processing. Goal text is processed by our AI provider (Anthropic) to build plans, and proof photos are processed to verify they match your goal. This happens through business API terms under which the data is not used to train their models.

We do not sell your data. There is no advertising.

3. How long we keep it

Proof photos: kept while the goal is active, then deleted 90 days after the goal settles. The check-in record (done, missed, verification result) is kept so your history stays intact after the photo is gone.

Raw device readings: deleted after 90 days. Delivered reminder logs: deleted after 30 days.

Goals, check-in history, payment audit records:kept while your account exists; payment records may be retained after deletion where the law requires (tax and accounting).

Account deletion: available in your profile, effective immediately, and permanent. It removes your profile, goals, check-ins, photos, device data, and tokens. Active goals are abandoned: armed stakes are charged as forfeits first (the amount is shown before you confirm), per the Terms of Service.

4. What others can see

Nothing, by default. If you share a goal by link or make it public, viewers see the goal title, progress, and milestones only: never your stake, notes, or photos. Public profiles are opt-in and show only public goals. Escalation contacts you nominate receive the messages you configure. Cheers you leave on someone's goal show your display name.

5. Who processes data for us

Supabase (database, authentication, file storage), Stripe (payments), Vercel (hosting), Anthropic (AI planning and verification), Resend (email), Twilio (Pro voice calls and SMS), and Google or Apple if you sign in or receive push notifications through them. Each receives only what its job requires.

6. Your rights

Under UK and EU data protection law you can request access to, correction of, or deletion of your data, object to or restrict processing, and take your data elsewhere. Deletion and most access needs are self-serve in the product; for anything else, contact us and we will respond within a month. You can also complain to your data protection authority (in the UK, the ICO).

Email choices: reminder and digest emails have one-click unsubscribe. Receipts and goal outcomes are always sent because they document money decisions.

7. Security

All traffic is encrypted in transit and data is encrypted at rest. Access to proof photos is scoped to your account by row-level policies; share links use unguessable tokens. Cards are held by Stripe, a certified PCI Level 1 provider. No system is perfect: if a breach affects you, we will tell you promptly.

8. Children and changes

Culmyra is not for under-18s and we do not knowingly collect their data. We will announce material changes to this policy in the product or by email before they take effect. Questions: contact us via the address published on the site.