Privacy

Local first, explicit when connected.

This engineering draft describes the current commercial architecture. It is not the final Privacy Policy and must be reviewed against the deployed product and applicable law.

Data Diligence may process

  • Account email, verification state, device labels, and session metadata.
  • Subscription status and provider identifiers—not complete card details.
  • Encrypted sync envelopes and conflict metadata; encryption keys remain client-held.
  • Allowlisted operational events without request bodies, passwords, tokens, or raw provider errors.

Local and optional data

Tasks, notes, journals, health entries, focus history, and other lifestyle data remain local unless a user explicitly enables a documented encrypted service. The manual backup flow uploads ciphertext only.

Control and deletion

Authenticated users can export their account data and request permanent deletion with password reauthentication and an exact confirmation. A future retention schedule will define automatic cleanup of operational records.

Contact

Privacy requests will be handled at privacy@diligence.com after the owner replaces this placeholder with a verified business address and publishes the reviewed policy.