Privacy Policy

1. Who we are

FactCircles is a conflict resolution platform operated by FactCircles Inc. ("we", "us", "our"). We offer an AI-facilitated mediation service accessible via our iOS app, Android app, and web presence.

Contact: privacy@factcircles.app

2. Data we collect

Account data

When you create an account we collect your email address and a display name. We do not require your real name.

Session data

When you create or join a session we store: the session topic, participant list (by account ID), phase progress, and the written responses you submit during the Questions and Solutions phases. This content is processed by Grok (xAI's API) to generate the facilitator's prompts and the final shared resolution.

Payment data

Session fees are processed by Stripe. We store a Stripe customer ID and a record of completed payments. We do not store full card numbers, CVVs, or bank account details — Stripe handles all of this under their own privacy policy.

Usage data

We collect standard server logs (IP address, device type, app version, timestamps) for security monitoring and performance optimisation. These logs are retained for 90 days.

3. How we use your data

• To authenticate you and manage your account.
• To run sessions — routing messages, enforcing phase transitions, generating facilitator prompts via Grok.
• To process payments and issue invoices via Stripe.
• To award achievement badges based on completed sessions.
• To send transactional emails (session invites, confirmation, early-access notifications). We do not send marketing emails without your explicit opt-in.
• To monitor for distress signals within a session and alert the organiser if needed.

4. AI processing (Grok / xAI)

Session content — your written responses — is sent to xAI's Grok API to generate facilitator messages and the final resolution summary. xAI processes this data as a data processor on our behalf under a data processing agreement. xAI's use is governed by their privacy policy. We do not use your session content to train our own models.

5. Data sharing

We do not sell your personal data. We share data only with:

• xAI (Grok) — to process session content (see §4).
• Stripe — to process payments.
• Infrastructure providers (hosting, object storage) — under confidentiality agreements.
• Law enforcement — only when legally required, and only to the extent required.

6. Data retention

Session data (responses, resolution) is retained for 24 months after the session date, after which it is deleted or anonymised. You can request earlier deletion at any time (see §8). Account data is retained for as long as your account is active.

7. Security

All data in transit is encrypted with TLS 1.3. Session content at rest is encrypted using AES-256. Access to production data is restricted to authorised engineers and requires multi-factor authentication. See our Security page for details.

8. Your rights

Depending on your jurisdiction you may have the right to: access your data, correct inaccuracies, delete your account and associated data, export your data in a portable format, and object to certain processing. To exercise any of these rights, email privacy@factcircles.app. We respond within 30 days.

9. Cookies

The FactCircles web presence uses only strictly necessary cookies (session authentication token). We do not use third-party advertising or tracking cookies.

10. Children

FactCircles is not directed at children under 16. If you believe a child has provided us personal data, please contact us at privacy@factcircles.app and we will delete it promptly.

11. Changes

We may update this policy. Material changes will be communicated by email and by a notice in the app at least 14 days before they take effect.