Privacy Policy

Effective Date: February 23, 2026

1. Introduction

The Living Company ("we," "our," or "us") is an AI-powered strategic planning facilitator. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (the "Service").

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register for an account we collect:

• Name (first and last)
• Email address
• Password (stored as a cryptographic hash)
• Optional profile information such as job title, phone number, and bio

2.2 Organization Data

When you create or join an organization, you or other members may provide:

• Organization name, description, industry, and address
• Mission statement, vision statement, and core values
• Organizational chart data (employee names, titles, departments)
• Product and service line information
• Competitor analysis data
• Key customer profiles
• Financial statements and metrics
• Business process descriptions

2.3 Strategic Planning Data

As you use the strategic planning features we collect:

• Conversation messages exchanged with the AI assistant
• Planning data for each phase (Learn, Focus, Align, Execute)
• Contributions, comments, and reactions from team collaboration
• Priority assignments and action plans

2.4 Usage Data

We automatically collect certain information when you access the Service:

• IP address and approximate location
• Browser type and version
• Pages visited and features used
• Timestamps of actions for activity logging

2.5 Cookies and Local Storage

We use essential session cookies to maintain your authentication state. These cookies are:

• Marked HttpOnly and Secure to prevent client-side access
• Set with SameSite=Lax for cross-site request protection
• Required for the Service to function — they cannot be disabled

We also use localStorage in your browser to remember your cookie consent preference.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Facilitate AI-powered strategic planning conversations
• Enable collaboration between organization members
• Send transactional emails (invitations, password resets, weekly summaries)
• Generate analytics and reports for organization administrators
• Improve the Service and develop new features

4. AI Data Processing

The Service uses the Anthropic Claude API to provide AI-powered strategic planning guidance. When you interact with the AI assistant:

• Your conversation messages and relevant organization context are sent to Anthropic's API for processing
• Anthropic processes data according to their own privacy policy
• We do not use your data to train AI models
• AI-generated responses are stored as part of your strategic plan

We also use the OpenAI API to generate vector embeddings for semantic search. These embeddings are numerical representations of text and cannot be reversed into the original content.

5. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Anthropic (AI processing), OpenAI (embeddings), SendGrid (email delivery), and our hosting provider for infrastructure
• Organization Members: Data within an organization is visible to members according to their assigned role (owner, admin, consultant, member, or observer)
• Legal Requirements: We may disclose information if required by law, legal process, or government request

6. Data Retention

• Account and organization data is retained as long as your account is active
• Activity logs are automatically deleted after 35 days
• Invitation tokens expire after 7 days
• Password reset tokens expire after 1 hour
• You can request deletion of your account and associated data by contacting us

7. Security

We implement appropriate technical and organizational measures to protect your data, including:

• Password hashing using industry-standard algorithms
• HTTPS encryption for all data in transit
• Secure, HttpOnly session cookies with SameSite protection
• CSRF token validation on all state-changing requests
• Role-based access control within organizations

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your strategic planning data
• Object to certain processing activities

To exercise any of these rights, please contact us using the information below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice within the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us