Privacy Policy
Effective: 2026-05-10 · Last Updated: 2026-05-10
The Inner Circle ("we", "us", "our") operates joininnercircle.net (the "Service"). This Privacy Policy describes how we collect, use, share, and protect your personal information.
By accessing or using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information you provide directly
| Category | When collected | Purpose |
|---|---|---|
| Email address | Signup, magic-link auth, support | Account identity, member communication, magic-link delivery |
| Full name | Stripe Checkout | Receipt, member display, support |
| Payment information (card last 4, brand, country) | Stripe Checkout | Tokenized via Stripe — we never see or store full card numbers |
| Onboarding intake (7 questions) | First-time login | Personalize the GameBoy AI drafting tool. Stored only in your member profile, scoped to your user ID via Postgres Row-Level Security. |
| Community messages | When you post | Visible to other paid members of your tier. |
| Quiz answers (per module) | When you submit a quiz | Track which modules you've passed. We do not analyze quiz answers for any purpose other than pass/fail unlocking. |
| GameBoy drafting input | Per drafting request | Sent to our AI provider to generate reply drafts. Audit-logged for 30 days, then auto-purged. We do not use your inputs to train any AI model. |
1.2 Information collected automatically
| Category | Purpose |
|---|---|
| IP address (truncated within 7 days) | Abuse detection, rate limiting. Not associated with member identity beyond the 7-day window. |
| User-agent string | Browser/device debugging. |
Cloudflare bot management cookie (__cf_bm) | Set by Cloudflare. Required for Service operation. |
| Supabase auth token | Holds your session JWT (1h expiry, auto-refreshed). Cleared on sign-out. |
| UI preference cookies | Suppress repeat-prompt UI. Domain-scoped, expire automatically. |
1.3 Information we do NOT collect
- We do not track you across websites (no Google Analytics, Meta Pixel, TikTok Pixel, or third-party advertising tags on our member-facing pages).
- We do not record video or audio sessions outside of explicitly-disclosed 1-on-1 calls.
- We do not sell or rent your personal information to anyone.
2. How We Use Your Information
- Provide the Service (auth, content access, billing, support)
- Send transactional emails (welcome, expiry reminders, dunning)
- Audit-log admin actions and abuse patterns
- Generate AI reply drafts via our AI provider
- Comply with tax and financial-record retention requirements
3. Sharing With Third Parties
We share your data only with these processors, only for the purposes listed:
| Processor | Data shared | Purpose |
|---|---|---|
| Stripe | Email, name, billing address, card token | Payment processing, refunds, chargeback defense |
| Supabase | All Service data | Database, auth, Realtime chat |
| Cloudflare (Pages + Workers) | Request metadata, JWT in transit | Application hosting, KV cache, edge cache |
| Resend | Email address, email body | Transactional email delivery |
| OpenRouter / Anthropic / Google | GameBoy drafting input, system prompt | AI reply generation. Our AI providers are contractually committed not to train on API inputs. |
| Cloudflare Stream | Video playback metadata | Tier-gated video streaming |
We do not share your data with advertising networks, data brokers, or third-party analytics providers.
4. Data Security
- All data in transit is encrypted via TLS 1.2+
- Database is encrypted at rest (AES-256)
- Service-role keys are stored as encrypted secrets in our hosting environment
- Member data is read/write-restricted via Postgres Row-Level Security policies — by default a member can read/write only their own row
- Admin actions are audit-logged with reason and timestamp
If a breach affects your data, we will notify you within 72 hours of confirmation by email to your account email.
5. Your Rights
Depending on your residence, you may have the following rights:
| Right | How to exercise |
|---|---|
| Access — request a copy of your data | Email welcome@joininnercircle.net with subject "data access request" |
| Correction — fix inaccurate data | Edit profile via the Member Area, or email us |
| Deletion — request your data be erased | Email with subject "deletion request". See §6 for what gets deleted vs. retained for legal compliance. |
| Portability — receive your data in a machine-readable format | Email request; we deliver JSON within 30 days |
| Opt-out of marketing emails | Click unsubscribe in any non-transactional email. Transactional emails (receipts, expiry notices) cannot be opted out of while you are an active member. |
We respond to verified requests within 30 days.
6. Data Retention & Deletion
- Active members: all data retained while account is active.
- Cancelled / refunded: coaching access ends per the bifurcated entitlement model. Lifetime content access is preserved unless you request deletion. We retain your member row and email indefinitely for tax/financial-record purposes.
- On deletion request: within 30 days we delete your profile, your community messages, your module progress, and your GameBoy audit log. We retain financial records (purchases, refunds, admin actions) per legal retention obligations (typically 7 years).
7. Children's Privacy
The Service is not directed to and may not be used by anyone under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected data from a person under 18, we will delete it promptly. The Service requires you to confirm you are 18+ during onboarding.
8. International Users & Geo-Blocking
The Service is currently not available to residents of the European Union, United Kingdom, Switzerland, or other countries with comparable data-protection regimes (GDPR, UK GDPR, Swiss FADP).
If you are outside the US, your data is stored on infrastructure with US data centers as primary. By using the Service, you consent to the transfer of your data to the US.
9. Changes to This Policy
We will notify you by email at least 30 days before any material change to this Privacy Policy takes effect. Continued use of the Service after the effective date constitutes acceptance.
10. Contact
The Inner Circle
welcome@joininnercircle.net
This Privacy Policy is current as of the date above. We are continuing to refine it with legal counsel; substantive changes will be emailed to active members at least 30 days before they take effect. Questions about this policy can be sent to the email address above.