Firmhold

Privacy Policy

Last updated: June 2025

What we collect

Firmhold collects only what it needs to function:

  • Account data: your email address and hashed password (stored by Supabase Auth).
  • Profile data: your stated goal, estimated monthly cost, baseline frequency, and timezone — everything you enter during onboarding or in settings.
  • Log entries: the type (relapse or urge survived), intensity, stress level, triggers, and timestamp of each entry you submit.
  • Computed patterns: aggregated behavioral patterns derived from your log entries and stored for your insights report.
  • Payment data: managed entirely by Stripe. We do not store card numbers. We store your Stripe customer ID and subscription status.

How we use your data

  • To provide you with behavioral pattern analysis and insights.
  • To compute your daily risk level and personalize your dashboard.
  • To process subscription payments through Stripe.
  • To send transactional emails (account creation, password reset). We do not send marketing emails without your consent.

We do not sell your data. We do not share it with third parties except as described below.

Third parties

  • Supabase — database and authentication hosting. Your data is stored on Supabase infrastructure. Supabase Privacy Policy.
  • Stripe — payment processing. We pass your email to Stripe when you subscribe. Stripe Privacy Policy.
  • Vercel — application hosting. Vercel processes HTTP requests to our servers. Vercel Privacy Policy.

Data retention

Your data is retained as long as your account is active. You can delete your account at any time from the Settings page. Account deletion permanently removes all log entries, patterns, and profile data. Payment records are retained by Stripe per their legal obligations.

Your rights

  • Access: You can view all your data within the app.
  • Deletion: You can delete your account and all data from Settings → Danger Zone.
  • Portability: Contact us to request a CSV export of your log entries.

Security

All data is transmitted over HTTPS. Row-level security ensures users can only access their own data. Passwords are hashed and never stored in plain text. Pattern analysis runs on our servers — your data is never sent to a third-party AI service.

Contact

Questions about this policy? Email support@firmhold.app.