INTENTIVE

Privacy Policy

Effective April 2, 2026

Our Privacy Philosophy

Intentive is built around a single privacy theory: User Agency. This shapes every technical decision we make. Rather than issuing coercive, prescriptive commands, our AI generates reflective summaries that respect your autonomy — the system informs your intentions; it does not direct them.

We draw on three analytical frameworks to make this concrete:

  • Solove’s Taxonomy — We map every data practice against the four categories of privacy harm (collection, processing, dissemination, invasion) and decline those that do not serve you directly.
  • Nissenbaum’s Contextual Integrity — Information you share to reflect on your goals flows only within that context. We do not sell or share your data with third parties for advertising, analytics, or any purpose outside the service you’ve asked for.
  • Mulligan et al.’s Analytic — Our means are built for value pluralism. The controls below give you the power to inspect and reshape how the AI understands you, so you remain the one steering your intentions, not the algorithm.

What We Collect

We collect only what is necessary to operate the service:

  • Account information — your email address and, optionally, your name and avatar, used to identify your session.
  • Goals and check-ins — the text you write when setting intentions and reflecting on progress. This is the core of the service.
  • Semantic memory — structured summaries the AI derives from your check-ins, stored to give future reflections context. You can inspect and delete these at any time (see Your Controls below).
  • Usage data — standard server logs (timestamps, endpoint names, error codes) retained for up to 30 days for debugging. No identifiable behavioral tracking or fingerprinting.

We do not collect location, contacts, calendar data, or any sensor data unless you explicitly connect an integration and grant permission.

How We Use Your Information

Your data is used to:

  • Generate personalized reflective summaries and trajectory insights.
  • Maintain continuity across sessions through semantic memory.
  • Send check-in reminders if you have enabled them.
  • Diagnose errors and maintain service reliability.

We do not use your content to train shared AI models, build advertising profiles, or benchmark you against other users. Your goals belong to you.

Information Flows & Third Parties

Following Nissenbaum’s principle of contextual integrity, your data flows only in ways that match the norms of the context in which you shared it — personal reflection and goal tracking. Concretely:

  • We use a large language model API to generate reflections. Your check-in text is sent to this API to produce a response, and is governed by that provider’s data processing agreement. We do not permit the provider to use your content for training.
  • We use a managed database and cloud hosting provider to store your data. These are data processors acting under our instructions.
  • We do not sell, rent, or share your personal data with any third party for their own purposes.
  • We will disclose data if required by law, and will notify you when permitted to do so.

Your Controls

In line with CCPA/CPRA standards for granular control and our commitment to user agency, you have the following rights:

  • Right to Inspect — View the semantic memory the AI has built about you from your Profile page.
  • Right to Forget (Semantic Memory) — Remove individual memory entries directly from your Profile page. This removes the structured understanding the AI has built without deleting your raw check-ins.
  • Right to Delete — Delete your account and all associated data at any time from Settings. Deletion is permanent and cascade-removes all goals, check-ins, and memories.
  • Right to Correct — Edit any goal or check-in directly in the app.
  • Right to Opt Out — Disable check-in reminders and optional integrations at any time from Settings.

California residents may also submit requests under CCPA/CPRA by contacting us at the address below.

Data Retention

Your account data is retained for as long as your account is active. Server logs are purged after 30 days. After account deletion, backups are rotated out within 30 days. Semantic memory is deleted immediately upon your request or when you delete your account.

Security

Data is encrypted in transit (TLS) and at rest. Access to production data is restricted to authorized personnel and requires multi-factor authentication. We conduct regular dependency audits.

Changes to This Policy

We will notify you of material changes via an in-app notice at least 14 days before they take effect. Continued use after that date constitutes acceptance. The effective date at the top of this page always reflects the current version.

Contact

Questions or requests? Reach us at privacy@intentive.app.