Introduction

Urge Surfer is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mindful recovery support application.

We understand that seeking help for managing urges and cravings is a deeply personal journey, and we are committed to providing a safe, secure, and confidential environment for your recovery process.

Information We Collect

Session Data

• Urge Intensity Ratings: Your self-reported intensity levels before and after sessions
• Trigger Information: Types of triggers you experience and custom descriptions you provide
• Emotional State: Primary and secondary emotions selected, emotion intensity, and custom emotion descriptions
• Recovery Commitment: Your self-assessed commitment level to recovery
• Location Context: General location type and custom location descriptions (if provided)
• Session Progress: Completion status and step-by-step progress through guided sessions
• Personal Reflections: Written reflections and notes you choose to share

Contact Information

• Phone Number: Optional phone number for SMS support messages (not stored permanently)
• IP Address: Used for session identification and analytics (anonymized after 30 days)

Personal Coping Strategies

• Custom Strategies: Coping strategies you create and their effectiveness ratings
• Usage Tracking: When and how often you use specific strategies
• Categories: How you organize your personal toolkit

Technical Data

• Browser Information: Basic browser type and version for compatibility
• Usage Patterns: How you interact with the app to improve user experience
• Error Logs: Technical issues to help us improve the service

How We Use Your Information

Personalized Experience

• Provide customized guidance based on your triggers, emotions, and history
• Adapt session instructions to your specific needs and patterns
• Generate personalized insights and progress analytics
• Recommend relevant coping strategies from your personal toolkit

AI-Powered Support

• Generate real-time emotional support during sessions
• Analyze reflection notes to provide meaningful insights
• Create personalized SMS messages for follow-up support
• Identify patterns to help improve your recovery journey

Communication

• Send supportive SMS messages after session completion (if requested)
• Provide follow-up check-ins to support your recovery
• Share crisis resources when appropriate

Service Improvement

• Improve the effectiveness of our guided sessions
• Enhance AI personalization algorithms
• Fix technical issues and optimize performance
• Develop new features based on user needs

Data Protection & Security

Encryption

• All data transmitted between your device and our servers is encrypted using HTTPS/SSL
• Sensitive information is encrypted at rest in our database
• API communications with third-party services (OpenAI, Twilio) are fully encrypted

Access Controls

• Limited access to your data on a need-to-know basis
• No permanent storage of phone numbers after SMS delivery
• Regular security audits and monitoring
• Secure coding practices and vulnerability assessments

Data Minimization

• We only collect information necessary to provide our services
• Phone numbers are deleted after SMS messages are sent
• IP addresses are anonymized after 30 days
• Optional data collection with clear opt-in choices

Information Sharing

Third-Party Services

• OpenAI: Session data is processed to generate personalized guidance and insights
• Twilio: Phone numbers are temporarily used to send SMS messages
• Database Provider: Session data is securely stored in our database infrastructure

We Do NOT Share

• Your personal information with advertisers or marketers
• Individual session details with third parties for commercial purposes
• Your identity or contact information without your explicit consent
• Any data for research purposes without anonymization

Legal Requirements

We may disclose your information only when required by law, such as responding to a valid court order or subpoena, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Retention

• Session Data: Retained for up to 2 years to provide personalized insights and track progress
• Phone Numbers: Deleted immediately after SMS delivery (not stored long-term)
• IP Addresses: Anonymized after 30 days for privacy protection
• Personal Strategies: Retained as long as you continue using the service
• Technical Logs: Retained for 90 days for troubleshooting and security monitoring

Your Rights & Choices

Control Your Data

• Opt-Out: Choose not to provide optional information like phone numbers
• SMS Control: Opt out of follow-up messages at any time
• Session Data: All session participation is voluntary
• Personal Strategies: Add, edit, or delete your personal coping strategies anytime

Data Requests

You have the right to:

• Request a copy of your personal data
• Request correction of inaccurate information
• Request deletion of your data (subject to legal requirements)
• Object to certain data processing activities

Important Limitations

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify users of significant changes by updating the effective date and posting the new policy on our website. Continued use of the service after policy updates constitutes acceptance of the revised terms.

Contact Information

If you have questions about this Privacy Policy or how we handle your personal information, please contact us at:

benjamin@flourishingrecovery.com

For data protection inquiries, you can also contact us regarding your rights to access, correct, or delete your personal information.