Privacy Policy

1. Information We Collect

We collect the minimum amount of information necessary to provide the Service. This includes:

• **Authentication Details**: When you create an account, we collect your email address, name, and profile photo. This authentication is managed securely by **Better Auth** using **Google Authentication** as our identity provider.
• **Usage & Telemetry Data**: We collect non-identifiable technical data (e.g., browser type, operating system, duration of sessions, and clicks) to monitor and optimize performance.
• **Diagnostic Baselines**: We persist the numerical scores and baselines from your cognitive audits (such as latency or working memory metrics) in our database to render progress graphs.

2. The Ephemeral Principle (Zero Content Retention)

**Your inner thoughts remain yours.** The content of your active somatic mindfulness sessions (including the words typed during Mist Writing, Offload, or breathing rituals) is designed to be purely ephemeral. This data is processed temporarily in-memory or inside your local browser storage to facilitate the exercise, and is **never** permanently saved, stored, or logged on our servers or within our Supabase database once the session is completed.

3. Infrastructure & Third-Party Services

We integrate with high-trust third-party providers to deliver a secure experience:

• **Better Auth & Google**: Auth processes are routed directly through Google Authentication protocols, minimizing identity risk.
• **Supabase**: All user accounts, subscription statuses, and diagnostic logs are securely stored on cloud databases hosted by **Supabase**.
• **Payment Processors**: If you purchase misuto access (such as our $29 Single Person Lifetime Access), your billing details are processed securely and directly by third-party processors (e.g., Lemon Squeezy or Stripe). We do not collect, view, or store your credit card details.

4. How We Use Your Information

We use the collected information to:

• Create, maintain, and secure your account.
• Analyze progress history and render cognitive baseline charts.
• Provide, evaluate, and continuously improve misuto's emotional regulation tools.
• Detect, prevent, and address security threats, technical issues, or violations of our Terms of Service.

5. Cookies & Local Storage

We use browser cookies and LocalStorage to manage active authentication sessions, persist user preferences, and temporarily save baseline diagnostics on your local hardware. You can disable or clear these in your browser settings, though doing so may log you out or reset active session metrics.

6. Data Security & Retention

We implement industry-standard encryption and safety protocols via Supabase and Better Auth to protect your information. Your account and diagnostic profiles are retained as long as your account remains active. You can delete your account and all associated telemetry history at any time from your in-app settings.

7. Your Rights (GDPR & CCPA Compliance)

Regardless of your physical location, we recognize your right to control your personal data. You have the right to request access to the data we hold about you, request corrections to inaccurate details, or request the absolute deletion of your account and diagnostic history (the "Right to be Forgotten").

8. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date.