Privacy Policy

What we collect, how we use it, and how we protect it.

1. What We Collect

Account Data

• Email address (for login)
• Display name, hobby, gender (optional, for personalization)
• Profile avatar (optional, stored as base64 in our database)

User-Generated Content

• Sticky notes, titles, positions, colors (your Workspace canvas)
• AI Mirror chat history
• Tasks and subtasks (Dopamine Guard)
• Workspace organization and connections
• Synthesis results

Automatically Collected

• XP, streak, activity dates (for gamification)
• Last login / last action dates
• Server logs (IP, user agent) — retained 30 days for security

Wallet Data (once $SHELL integrates)

• Solana wallet public address (once you connect your wallet)
• $SHELL token balance (read-only, to unlock premium features)
• We never access your private keys or seed phrases

2. How We Use Your Data

We use your data only to:

• Provide the SoulShell Service (save & retrieve your content)
• Send your content to Anthropic Claude API for AI features
• Personalize AI responses using your name, hobby, and context
• Improve Service reliability and performance
• Prevent abuse, fraud, or security threats

3. AI & Third-Party Processing

When you use AI features (Mirror chat, breakdowns, synthesis), your content is sent to Anthropic (Claude API provider) for processing. Anthropic has its own privacy policy and may process data subject to their terms.

We do not use your content to train AI models. Anthropic's policy also prohibits training on API data by default.

4. Data Storage & Security

Your data is stored on managed MySQL databases hosted by Hostinger in secure infrastructure. We use HTTPS encryption for all traffic, parameterized SQL queries to prevent injection, and server-side input validation.

Despite these measures, no system is 100% secure. If you suspect unauthorized access to your account, contact us immediately.

5. Data Sharing

We do not sell your data. We share limited data only with:

• Anthropic — AI processing (limited to content you submit to AI features)
• Hostinger — infrastructure provider (standard data residency)
• Legal authorities — only if required by valid legal process

6. Your Rights

You have the right to:

• Access — request a copy of your data
• Delete — request deletion of your account and data
• Correct — update inaccurate information
• Export — receive your data in portable format

To exercise these rights, email hello@soulshell.xyz. We respond within 30 days.

7. Cookies & Tracking

SoulShell uses minimal client-side storage (localStorage) to cache your data for offline access. We do not use:

• Third-party analytics (no Google Analytics)
• Advertising trackers
• Cross-site tracking

Future versions may introduce privacy-respecting analytics (e.g., Plausible). We will update this policy before adding any.

8. Children's Privacy

SoulShell is not intended for users under 13. We do not knowingly collect data from children. If we discover such data, we delete it promptly.

9. Data Retention

We retain your data as long as your account is active. After account deletion, content is purged within 30 days. Server logs are purged within 30 days automatically.

10. International Users

Your data may be processed in countries different from yours. By using SoulShell, you consent to this processing. We apply the same protections regardless of location.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced on soulshell.xyz. Check the "Effective" date at the top.

12. Contact

Privacy questions: hello@soulshell.xyz