Privacy Policy
Last updated July 17, 2026.
We collect the information you provide to operate your Chart Your Life account. This includes login and profile information (such as email, name, optional profile photo link, date of birth, and gender), plus the goals, notes, health records, forms, assessments, saved content, plans, routines, calendar items, recipes, meal plans, shopping and pantry items, purchases, and progress you create. We also generate limited operational records such as sessions, sign-in and last-seen timestamps, and hashed rate-limit identifiers.
How we use it
To operate and secure the service, sync your account across devices, personalize your experience, deliver transactional email through Resend, and process payments through Stripe. We do not sell your personal data or use your private workspace content for marketing.
What app administrators can access
Routine Admin and Editor screens can access the account and commerce information needed to operate the service, including your name, login email, optional date of birth and derived age, gender, role, purchases, access entitlements, and cloud-storage connection status. They do not display your private notes, goals, reflections, health records, form responses, routines, recipes, meal plans, shopping lists, pantry items, or personal file links.
Where structured data is stored
Your account details and the text or structured records you create are stored in the application's PostgreSQL database and associated with your account. They are not stored as Google Drive files. Server-side ownership checks restrict member-facing reads and changes to the signed-in account.
Your files and Google Drive
Persistent photos, videos, PDFs, documents, and similar files are kept in your own Google Drive or another cloud provider. The service stores the HTTPS link and related metadata, not a persistent copy of the file. When direct Google uploads are configured, they use the limited drive.file permission, which covers only the specific files used with the app—not the rest of your Drive. Personal direct uploads stay restricted; profile images and staff-published assets are made viewable to anyone with the link so they can display on the site.
If you use document scanning, the selected image is processed temporarily for text recognition and deleted immediately after processing. It is not retained as an uploaded file.
Sharing
Anyone-with-the-link cloud URLs can be opened by anyone who obtains the URL. Keep sensitive personal files restricted. Shared health-record views do not include private file attachments.
Your choices
You can update your profile, clear this site's Google Drive connection, download the supported account and workspace records included in the JSON export, delete your account data, and control email preferences from Account Settings. You can also revoke access from your Google Account permissions. Deleting a link in this service does not delete the original file from your cloud provider.
Security
We use server-side role and ownership checks, opaque and revocable database-backed sessions, audit logging for supported administrative changes, and provider-hosted payment handling. Specifically authorized infrastructure operators may require controlled technical access for security response, backup recovery, legal obligations, or support you request. That access is separate from routine Admin and Editor screens. No online service can guarantee absolute security. See our Trust page for the plain-language version.