Privacy Policy

This Privacy Policy explains how Voyanix LLC (“Voyanix”, “we”, “us”) handles personal data through the Soren application and website at soren.quest(the “Service”). We are the data controller for personal data we process about you (“Hero”, “you”).

Questions or requests? Email privacy@voyanix.com. We respond to verifiable consumer requests within 30 days for GDPR, 45 days for CCPA.

1. Data we collect

Account and profile data

• Email address — for account access, billing notifications, and (with your consent) product updates.
• Name — optional; used for personalization in the app.
• Time zone — for daily reminders and the 55-day quest clock.
• Avatar URL — optional; you control what (if anything) you upload.

Quest content (sensitive)

Soren is a coaching application. The content you create as part of your quest is personal and often emotionally significant. We treat the categories below with the same care as “sensitive personal information” under CCPA § 1798.140(ae) even where law does not strictly require it.

• Daily vibe ratings (1-5 mood/energy scale). Used by Soren to adjust coaching tone and surface patterns over time.
• Reflections, journals, and dreams— free-text you write across daily reflections, weekly “Craft Your Week” rituals, the Vision Storm, and the Spark Catcher.
• Conversations with Soren AI — every message you send and every response Soren generates, including hard-moment coaching threads.
• Quest data — your Mountain (primary goal), milestones, tasks, slay history, Hero Points, energizers, and questie session logs.
• Muse profile — derived from the onboarding assessment; influences how Soren coaches you.

Pre-purchase funnel data

• Hero Assessment answers (call to adventure, dragons, treasure, archetype). Stored in our funnel database to improve onboarding and reach you with the offer that matches your archetype.
• Lead email (if you provided one before purchasing). We do not send marketing email without your separate, explicit consent.

Payment data

Stripe processes all payments. Voyanix never receives or stores your full card number, CVV, or expiration date. We do receive your billing email, customer ID, subscription status, and (if you accept the decisive-action offer) the discount code applied.

Technical data

• IP address, browser user-agent, and timestamps — used for rate-limiting, fraud prevention, and debugging.
• Cookies and browser storage — see our Cookies Policy.

We do not use third-party advertising trackers, analytics pixels (Google Analytics, Mixpanel, PostHog, Segment), or marketing cookies. The app has none today; if we ever add any, we will update this policy and request your consent before activating them.

2. How we use your data

• Provide the Service— render your quest, store your reflections, deliver Soren's coaching responses.
• Personalize Soren's coaching — your Muse profile, recent vibe checks, and quest context are sent to our AI model with each prompt so responses are relevant to your situation.
• Bill your subscription — Stripe collects what it needs; we receive subscription state and invoice records.
• Communicate with you — transactional emails (account confirmation, billing receipts, deletion requests). We do not send marketing email unless you explicitly opt in.
• Security and abuse prevention — rate-limiting, fraud detection, account recovery.
• Improve the Service — aggregated, anonymized usage patterns inform what we build next. We do not profile individual heroes for anything beyond the coaching loop you opted into.

3. Legal basis (GDPR)

For heroes in the EEA, UK, and Switzerland, we rely on these legal bases under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)) — for delivering the Service you signed up for.
• Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, and aggregated product improvement. You can object at any time.
• Consent (Art. 6(1)(a)) — for marketing email and non-essential cookies. Withdrawable at any time.
• Legal obligation (Art. 6(1)(c)) — when we must retain records to comply with tax, fraud, or other applicable law.

4. Sub-processors and data sharing

We use the following sub-processors. Each receives only the data it needs to perform its function. We have data processing agreements (DPAs) in place; see our DPA for details.

• Clerk (Clerk.com, USA) — authentication. Stores your email + auth credentials.
• Stripe (Stripe Inc, USA) — billing. Stores payment method + subscription state.
• Google Cloud Platform (Google LLC, USA) — hosts our application (Cloud Run), database (Firestore), file storage (Cloud Storage), and AI model (Vertex AI / Gemini).
• Brevo (Brevo SAS, France) — transactional email (account confirmations, deletion requests, data export notifications). EU-based; not used for marketing today.
• Cloudflare (Cloudflare Inc, USA) — DNS only. We do not proxy traffic through Cloudflare today.

Soren AI / Vertex AI / Gemini disclosure

Soren's coaching responses, daily briefings, task suggestions, Heroic Quest Statement options, milestone names, and similar AI features are generated by Google's Gemini model running in Vertex AI (us-central1 region). To produce a response, we send the model the relevant context: your Mountain, recent reflections, muse profile, and the current conversation thread.

Per Google's Vertex AI terms, this content is not used to train Google's general-purpose models. Google may retain it briefly for abuse monitoring; we have requested the shortest retention available under our service agreement.

Soren's responses are AI-generated. They are not a substitute for medical, mental-health, legal, or financial advice. See the AI Disclaimer in our Terms.

5. International data transfers

Our infrastructure is hosted in the United States (Google Cloud us-central1, Iowa). If you are in the EEA, UK, or Switzerland, your personal data is transferred to the US and processed there. For these transfers, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK Addendum, executed with each sub-processor. Supplementary measures include encryption in transit (TLS 1.2+) and at rest, role-based access controls, and audit logging.

6. How long we keep your data

• Active account data — for as long as your account is active.
• Conversations with Soren— retained while your account is active. We do not currently auto-delete older threads (planned for a future release; see your account's Export my data view to see what we hold).
• Funnel responses — kept for 12 months after the last visit, then anonymized for aggregate product analysis.
• Billing records — kept for 7 years to satisfy tax law (Stripe is the system of record).
• Aggregated analytics — kept indefinitely once stripped of identifiers (legitimate interest in product improvement).
• After deletion — when you delete your account (see § 7), we hard-delete your data 30 days after the request, except as required by law.

7. Your rights

You have the following rights regardless of where you live. Many are self-service from inside the app (Settings → Danger Zone). For anything that requires manual action, email privacy@voyanix.com.

• Right to access (GDPR Art. 15 / CCPA § 1798.100) — download a machine-readable copy of all personal data we hold. Self-service: Settings → Export my data.
• Right to deletion / erasure (GDPR Art. 17 / CCPA § 1798.105) — request hard deletion. We schedule the deletion for 30 days out and email you a confirmation; you can cancel during that window. Self-service: Settings → Delete my account.
• Right to rectification (GDPR Art. 16 / CCPA § 1798.106) — correct inaccurate data. Most fields are self-service in Settings.
• Right to restriction (GDPR Art. 18) and objection (GDPR Art. 21) — pause processing or object to legitimate-interest uses. Email us.
• Right to data portability (GDPR Art. 20) — same as access; the export is JSON.
• Right to opt out of sale/sharing (CCPA / CPRA / VCDPA / etc.) — we do not sell your personal data and do not share it for targeted advertising. There is nothing to opt out of, but you can confirm this in writing on request.
• Right to non-discrimination — exercising any of these rights does not affect your subscription or service quality.
• Right to lodge a complaint — with your local data protection authority (e.g., ICO in the UK, CNIL in France) if you believe we mishandled your data.

8. Children

Soren is not intended for children under 16. We require sign-up to confirm age and do not knowingly collect personal information from children under 16 in the EEA/UK or under 13 in the US. If you believe we have collected information from a child, email privacy@voyanix.com and we will delete it promptly.

9. Security

We use TLS 1.2+ for all traffic, encrypt data at rest, enforce role-based access controls, and audit privileged access. We do not guarantee the security of any system, but we treat hero data as privileged and worth protecting. If we ever suffer a breach affecting your data, we will notify you per applicable law (within 72 hours under GDPR).

10. Cookies

See our Cookies Policy for the full list, purposes, and durations. We use cookies for authentication, functional preferences, and (in a few places) the funnel state. We do not use advertising or tracking cookies.

11. California residents

If you are a California resident, you have the rights described above (access, deletion, correction, opt-out of sale/sharing, limit-the-use of sensitive personal information, non-discrimination). To submit a verifiable consumer request, either use the self-service options in Settings or email privacy@voyanix.com.

We do not sell or share personal data for targeted advertising. We process the following categories of “sensitive personal information” only to provide the Service as you requested: precise behavior data (mood/vibe ratings) and personal reflections you choose to write.

12. Changes to this policy

We will update this Privacy Policy as the Service evolves. We will update the “Last updated” date and, for material changes, notify you in the app and by email at least 30 days before the change takes effect.

13. Contact

Voyanix LLC
Email: privacy@voyanix.com
Support: hero@voyanix.com