Elites Generation

Transparency · Data practices

What we collect. Why. For how long.

A matter-of-fact inventory. Each category of data names what it is, the reason we hold it, how long we keep it by default, and how it is protected. If a category is absent from this list, we do not collect it.

The privacy commitment governs how these categories are treated. The full policy is the legal instrument.

Inventory style
Category by category
Retention
Stated per category
Encryption
At rest and in transit
Sub-processors
Named annually

Category 1

Account and identity.

The minimum required to give you an account you can return to and recover if you lose access to it.

  • What

    Email address, display name, password hash (never the password itself), account creation and last-login timestamps.

  • Why

    To authenticate you, to communicate about account-critical events, to recover your account if you lose access.

  • Retention

    For the life of the account. Deleted within 90 days of account deletion, including from backups.

  • Protection

    Encrypted at rest. Passwords hashed with a modern algorithm. MFA supported; passkeys preferred.

Category 2

Communications with the companion.

The conversation you have with the AI companion, and the context it builds about you over time so it can be useful across weeks and months rather than starting fresh each time.

  • What

    Messages you send the companion. A working memory summarising what you have discussed, goals you have named, and things you have asked for help with.

  • Why

    So the companion is a presence that remembers, not a stranger every session. The memory is yours; it is not training data for someone else.

  • Retention

    Messages retained for the life of the account by default. You can clear conversation history, clear the companion memory, or delete both on demand.

  • Protection

    Encrypted at rest and in transit. Not used to train any third-party model. Not shared with advertisers (there are none).

Category 3

Circle and Connections graph.

The private record of the people who matter to you and the connections you have made on the platform. This is some of the most sensitive data the Foundation holds.

  • What

    Your Circle members, your active connections and groups, and the per-relationship notes and timelines you have built.

  • Why

    Circle exists to help you tend a small set of important relationships. Connections exists to match you with people by character over time.

  • Retention

    Retained while the relationship is active. Tied to account deletion; when you leave, this goes with you.

  • Protection

    Private to you. Never aggregated with strangers. Never shared with third parties. Circle messaging designed for end-to-end encryption.

Category 4

Community posts.

The posts, replies, and reactions you contribute in communities. These are public in the community you posted them in. They are not public on the open web.

  • What

    Posts, replies, reactions, the community you posted in, and the timestamp.

  • Why

    Community is the heart of the product. These posts are how people meet, talk, and stand with each other.

  • Retention

    Retained while your account is active. Fully portable via data export. Deleted with your account.

  • Protection

    Visible inside the community. Not indexed by search engines. Not scraped by third parties with our cooperation.

Category 5

Telemetry and diagnostics.

A small amount of technical data the app and our services emit so we can tell when something is broken. Kept minimal on purpose.

  • What

    Crash reports, error traces, basic platform and app-version metadata, anonymous event counters (e.g. feature X loaded N times).

  • Why

    To notice when a feature is broken before you have to tell us. We do not use telemetry to build behavioural profiles.

  • Retention

    Aggregated at source; individual rows retained under 90 days. Opt-out available in settings.

  • Protection

    No third-party analytics beyond Vercel infrastructure metrics. No ad identifiers. No device fingerprinting.

Category 6

Research opt-in data.

If you choose to participate in Foundation research, your contribution enters a separate, governed pipeline. You opt in per study. You can withdraw at any time.

  • What

    Only what a specific study calls for: survey responses, validated-instrument scores, longitudinal wellbeing signals.

  • Why

    To understand what works. Foundation research is published openly so others can build on it.

  • Retention

    Aggregated and anonymised on the published schedule for the study. Raw linked records held under IRB protocol for the study duration only.

  • Protection

    Governed by an independent research committee. IRB-reviewed where applicable. Never combined with advertising data; there is none.

What we do not collect

The absence is the policy.

Some categories are deliberately missing. Not by omission. By design. If a category is on this list, the Foundation will not begin collecting it under this charter.

  • Advertising identifiers

    No IDFA, no AAID, no ad-network IDs. Apps are built to run without them.

  • Cross-site trackers

    No third-party tags on our surfaces. No pixels embedded on partner sites that beacon data back to us.

  • Device fingerprinting

    We do not build synthetic identifiers from browser/device characteristics to re-identify visitors.

  • Third-party analytics

    No Google Analytics, no Facebook SDK, no Mixpanel, no Segment. Vercel infrastructure metrics only, scoped to serving the site.

  • Sold data

    We do not buy user data from data brokers to enrich your profile. Full stop.

Sub-processors

A full list of sub-processors (infrastructure hosts, payment, email, error monitoring) will publish with the first annual transparency report, including what each is used for and the region they operate from. Until then, the major categories are: hosting, transactional email, payments processing, and error monitoring.

The legal version.

The full privacy policy contains the same practices in legal form. Both documents are the same commitment, in two registers.