Privacy Policy
1. Introduction
Effort Mastery LLC ("we," "us," "our") operates the EMRALD effort management platform, including the EMRALD API, Obsidian plugin, and web dashboard (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
We take your privacy seriously. EMRALD is a personal productivity and effort management tool — your data is yours, and we treat it that way.
2. Data We Collect
2.1 Account Information
- Email address
- Password (hashed — we never store or see your plaintext password)
- Account creation date
2.2 Data You Provide Through the Service
- Work session records (start time, end time, duration, project, effort level)
- Project/tracked item information (names, effort levels, linked note paths)
- Energy check-in responses
- Effort receipt responses (perceived effort ratings, session notes)
- Calibration profile data (work capacity, motivational traits, recharge activities)
- Daily schedule/hour settings
2.3 Data We Generate From Your Input
- D-Metrics (D1–D20): Computed diagnostic measurements derived from your session and check-in data
- AI-generated insights, observations, and suggestions
- Burnout risk assessments
- Effort digests and summaries
2.4 Technical Data
- API request logs (timestamps, endpoints accessed, response codes) — retained for operational purposes and rate limiting
- API key identifiers (not the full key)
2.5 Payment Data (Pro subscribers)
We store your Stripe customer ID and subscription status. We do NOT store credit card numbers, bank account details, or other payment credentials. All payment processing is handled by Stripe.
3. Data We Do NOT Collect
- We do not read or access the contents of your Obsidian notes. The plugin reads note paths for project linking but does not transmit note content to our servers.
- We do not use tracking cookies, analytics pixels, or advertising trackers.
- We do not collect device fingerprints, IP-based location data, or browsing history.
- We do not collect data from third-party sources about you.
4. How We Use Your Data
We use your data solely to:
- Provide the Service — storing sessions, computing metrics, generating insights
- Improve the Service — analyzing aggregate, anonymized usage patterns to improve our algorithms
- Communicate with you — account-related emails, service announcements, billing notifications
- Enforce our Terms — detecting abuse, enforcing rate limits
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share your individual data with other users
- Train AI models on your personal data (insights are generated per-user, not from cross-user training)
5. Data Storage and Security
5.1 Infrastructure
Your data is stored on Supabase (hosted on AWS) in the US East region. The API runs on Cloudflare Workers.
5.2 Encryption
Data is encrypted in transit (TLS/HTTPS) and at rest (AES-256 via Supabase/AWS defaults).
5.3 Access Control
Row-Level Security (RLS) is enforced on every database table. Your data is only accessible to your authenticated account. Our team accesses user data only when necessary for support or debugging, and only with your knowledge.
5.4 API Key Security
API keys are hashed before storage. We store only the key prefix for identification purposes.
6. Data Retention
| Scenario | Retention |
|---|---|
| Active free account | Session data older than 90 days is stored but hidden. Upgrading restores access. |
| Active Pro account | All data retained with no time limit. |
| Downgrade from Pro to Free | 30-day grace period with full access, then 90-day visibility limit applies. |
| Account deletion | 30-day soft-delete period, then permanent irreversible deletion. |
| Inactive account (12+ months) | We may send a reminder email. We will not delete data without notice. |
7. Your Rights
You have the right to:
- Access your data at any time through the Service or by requesting an export
- Correct inaccurate data through the Service interface or by contacting us
- Delete your account and all associated data through the web dashboard or by contacting us
- Export your data in a machine-readable format upon request
- Withdraw consent by closing your account at any time
If you are located in the EU/EEA, you may also have rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are a California resident, you may have rights under the CCPA. Contact us to exercise these rights.
8. Third-Party Services
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Cloudflare | API hosting and CDN | cloudflare.com/privacypolicy |
| Stripe | Payment processing (Pro tier) | stripe.com/privacy |
| Google Workspace | Business email | policies.google.com/privacy |
We do not share your EMRALD usage data with these providers beyond what is necessary for them to provide their services to us.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.
10. AI and Automated Processing
EMRALD uses automated algorithms to compute metrics and generate insights from your data. These are informational tools, not decisions that have legal or similarly significant effects on you. Specifically:
- Burnout warnings are suggestions, not diagnoses. EMRALD is not a medical or psychological tool.
- Effort metrics are derived from your self-reported data and may not reflect objective reality.
- AI-generated insights are based on patterns in your individual data and should be treated as one input among many in your decision-making.
11. Research Participation (Opt-In)
11.1 Optional Contribution
You may choose to opt in to EMRALD's Research Participation Program, which contributes anonymized, aggregate data to effort management research.
11.2 If You Opt In
- Your data is stripped of all personally identifying information before inclusion in any research dataset
- Only statistical patterns across many users are shared — never individual session logs, project names, or personal details
- Research partners are vetted by Effort Mastery LLC and must agree to use data solely for published academic or scientific research
- No data is sold to commercial entities. Research partnerships are non-commercial.
- You may opt out at any time through your account settings, with no effect on your access to the Service
11.3 Default
Research Participation is off by default. You must explicitly opt in.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The "Effective Date" at the top will be updated accordingly.
13. Contact
For privacy-related questions, data requests, or concerns:
Effort Mastery LLC
Email: legal@effortmastery.com
Website: effortmastery.com