1. Who We Are
NeuroSpicy is operated by Varnish Labs LLC, a company registered in the State of Washington. When this policy says "we", "us", or "our", it refers to Varnish Labs LLC.
2. Information We Collect
Information you provide
- Account information: Email address, display name, and timezone when you create an account.
- Authentication data: If you sign in with Google, we receive your email and basic profile information from Google. We do not receive or store your Google password.
- Energy and mood logs: The energy ratings (1-10), optional mood ratings (1-10), and time-of-day data you submit during check-ins.
- Activity logs: Activity selections and associated energy/mood ratings when you use activity tracking.
- Profile settings: Your display name, avatar selection, theme preference, notification preferences, and public/private profile setting.
- Push notification subscriptions: Browser push subscription endpoints and keys when you enable notifications.
- Feedback: Any text you submit through the feedback form.
- Friend connections: Friend requests you send or accept.
- Knowledge base content: Articles and sections created by staff members.
Information collected automatically
- Usage analytics: We use Vercel Analytics and Vercel Speed Insights to collect anonymous, aggregated performance data. This does not include personal information or tracking cookies.
- Server logs: Standard web server logs including IP addresses, browser type, and request timestamps. These are retained for security and debugging purposes and are not used for tracking.
3. How We Use Your Information
We use your information to:
- Operate the Service and provide features you request (check-ins, signals, friends, notifications)
- Compute energy and mood signals from your logged data
- Send check-in reminder notifications at times you configure
- Send email notifications (friend invites, feedback confirmations)
- Improve the Service through aggregated, anonymous analytics
- Respond to your feedback and support requests
We do not:
- Sell your personal information to third parties
- Use your data for advertising
- Share individual user data with researchers or third parties without your explicit consent
- Use your energy or mood data for any purpose other than providing the Service to you
4. Data Storage and Security
Your data is stored in a Supabase-hosted PostgreSQL database with Row Level Security (RLS) enabled on all tables. This means your data is isolated at the database level and can only be accessed through authenticated requests with your credentials.
The Service is hosted on Vercel. Emails are sent through Resend. All data is transmitted over HTTPS.
We implement reasonable security measures to protect your data, but no system is 100% secure. If you become aware of a security vulnerability, please contact us at support@neurospicy.sh.
5. Data Sharing
We share your information only in the following circumstances:
- Public profiles: If you enable a public profile, your display name, avatar, energy logs, and signal data are visible to anyone with your profile link. You can disable this at any time in Settings.
- Friends: Users you connect with as friends can see your current energy, mood, and phase information.
- Service providers: We use Supabase (database), Vercel (hosting), and Resend (email) to operate the Service. These providers process data on our behalf under their own privacy policies.
- Legal requirements: We may disclose information if required by law, court order, or governmental regulation.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account (available in Settings), we permanently delete your personal data within 30 days, except where retention is required by law.
Energy and mood logs are retained only while your account exists. We do not keep historical data after account deletion.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Export: Download your data through the Settings page.
- Correction: Update your information through the Settings page.
- Deletion: Delete your account and all associated data through the Settings page.
- Objection: Object to specific processing activities by contacting us.
For users in the European Economic Area (EEA), we process your data based on your consent (which you provide by creating an account and using the Service) and our legitimate interests in operating and improving the Service.
For users in California, you have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. We do not sell personal information.
8. Cookies
NeuroSpicy uses only essential cookies required for authentication (Supabase session cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
A local storage item is used to remember your selected theme preference. This is not shared with any external service.
9. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
10. International Data Transfers
Your data is processed and stored in the United States through our service providers (Supabase, Vercel). If you are accessing the Service from outside the United States, you consent to the transfer of your data to the United States.
11. Future Use of Aggregated Data
We may in the future use aggregated, anonymized data (data that cannot be used to identify individual users) for research purposes, such as studying neurodivergent energy patterns at a population level. If we do so, we will update this policy. Individual user data will never be shared without explicit consent.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
13. Contact
If you have questions about this Privacy Policy or how we handle your data, contact us at support@neurospicy.sh.