Privacy Policy

Last updated: April 28, 2026

This policy explains what data CompassLeo (“we”, “us”) collects when you use the CompassLeo web app, mobile apps, and email digests, why we collect it, who we share it with, and how to delete it. We wrote it to be readable, not lawyerly — if anything is unclear, email support@lucidconceptions.com.

1. What we collect

You give us:

Account details — email address, password (stored as a bcrypt hash, never plaintext), and an optional full name.
Profile — life stage, school, major, graduation year, metro area, optional street address, max travel distance, goals, things you’re not interested in, hard constraints, and availability pattern. You enter all of this through the onboarding wizard or in Settings.
Categories and interests — the creative fields you ask us to scan for, plus any free-text tags you add.
Resume (optional) — if you upload a resume, we keep the file plus a structured parse of its contents so the agent can rank opportunities relative to your background.
Portfolio entries (optional) — photos and one-sentence captions you create for events you attended.
Feedback — thumbs up / thumbs down on individual picks and your accept/decline/save/missed signals.

We collect automatically:

Authentication state — an HTTP-only session cookie (web) or a bearer token (mobile), plus the IP and User-Agent of the device that signed in.
Usage data — which screens you open, which items you accept, decline, or save. This is what makes future picks smarter.
Crash and error logs — on the server, request-level logs are retained for 30 days for debugging.

From third parties:

Social login providers — if you sign in with Google, GitHub, Apple, X (Twitter), Microsoft, or Facebook, we receive your provider user ID, email (when the provider sends it), display name, and avatar URL. We never receive your password.
RevenueCat — subscription state (active, expired, in trial). We pass them your CompassLeo user ID; they do not hand back personal data.

2. Why we collect it

To produce your daily picks. Categories, profile, resume, address, and feedback all flow into the per-user ranker.
To compute walking/driving distance from your home to events. Your street address is only used for distance math — it never leaves your account record.
To remember what you’ve already seen, accepted, or skipped, so we don’t resurface it.
To fire calendar reminders and the during-event “are you here?” check on mobile.
To send you the morning digest email at the time you choose.
To process your subscription via RevenueCat / Apple App Store / Google Play.
For account security — rate-limiting, abuse prevention, and incident investigation.

3. Who we share it with

We do not sell your data. We share narrowly with the service providers that make the app work:

Anthropic — AI calls go to Anthropic’s Claude. The ranker prompt sent to Claude includes your profile summary, current categories, and the candidate event list. It does not include your full resume text or precise address; the address is converted to a coordinate before any prompt mentions it.
Resend — email delivery for the morning digest. They see your email address and the email body.
RevenueCat, Apple, Google — if you subscribe, the platform store handles the transaction. We see only the entitlement state (active / not), not your card.
OpenStreetMap (Nominatim) and US Census Geocoder — one-time geocoding lookups for your home address and event locations. These services receive only the address text, not your account ID.
Stripe — if you subscribe via the web (rather than through a mobile store), Stripe handles the card. We never see card details.
DigitalOcean — our hosting provider. They store the database backups.

We will share data with law enforcement only when compelled by valid legal process, and we will tell you when we can.

4. Where data lives

The CompassLeo database and uploaded files (resumes, portfolio photos) are stored on a DigitalOcean droplet in the United States. Backups are encrypted at rest. All traffic to and from the app is over HTTPS / TLS.

5. How long we keep it

While your account is active — everything stays so the agent keeps learning.
Server logs — 30 days, then rotated out.
After you delete your account — your row, your profile, your resume file, your portfolio photos, your sessions, and all linked records are removed within 30 days. Aggregated, non-identifiable counts (e.g. “total events scanned this month”) may persist.

6. Your rights

Access — everything we have on you is visible inside the app: Settings shows your profile, categories, resume parse, and ranker rules. Email us if you want a machine-readable export.
Correction — edit anything in Settings or the onboarding wizard at any time.
Deletion — the /account page has a one-click delete that wipes your account immediately. You can also email us; we’ll process it within 7 days.
Portability — email us; we will produce a JSON export of your profile, categories, accepted events, and portfolio.
Opt-out of email — toggle the digest off in Settings, or use the unsubscribe link in any digest.

7. Children

CompassLeo is not directed at children under 13 and we do not knowingly collect data from them. If you are a parent and believe your child has given us data, contact us and we’ll delete it.

8. California (CCPA) and Europe (GDPR)

California residents have the right to request access to, deletion of, or correction of their personal information, and the right not to be discriminated against for exercising those rights. The same applies to EU/UK residents under the GDPR. Use the controls in Settings or email us — that single channel covers both.

9. Changes

If we change this policy in a way that meaningfully affects you, we’ll send an email at least 14 days before the change takes effect. The “Last updated” date at the top will always reflect the most recent revision.

10. Contact

Questions, requests, or anything else: support@lucidconceptions.com. Mailing address available on request.