Privacy
Policy
Living Fully
Last updated: July 5, 2026 · Effective: July 5, 2026
The short version. We collect your email address and the messages you send to Living Fully. We store your conversations encrypted, and our staff does not read them — except where the law requires it, where it's needed to protect someone's safety, or where you give us permission. To generate replies, your messages are processed by our AI provider (Anthropic). We do not sell your data, and we do not use the content of your conversations to train AI models. You can delete your conversations and your account at any time.
This Privacy Policy explains how True Success For All ("TSFA," "we," "us") collects, uses, protects, and shares information when you use the Living Fully app (the "Service"). It should be read together with our Terms of Service.
1. Information we collect
Information you provide:
-
Email address. Used as your account identity and to send you one-time sign-in codes. Sign-in is passwordless — we do not store a password.
-
Your conversations. The messages you send to Living Fully and the AI's replies are stored so your conversation history is available to you across sessions and devices.
Information collected automatically:
-
Conversation metadata. For each message we record technical details such as timestamps, which AI model and prompt version generated a reply, and token/ usage counts. This metadata is used to operate, debug, and improve the Service. It does not include the readable content of your messages beyond what's needed to store them.
-
Basic technical/device data. Standard information needed to deliver a mobile app and secure the Service (for example, app version and network information).
We do not intentionally collect special categories of data. Because Living Fully is a reflective tool, you may choose to share sensitive personal thoughts in your messages. Please share only what you're comfortable having stored and processed as described here.
2. How we use your information
We use your information to:
-
Provide the Service — authenticate your sign-in, generate AI responses, and keep your conversation history available to you.
-
Maintain and secure the Service — prevent abuse, debug problems, and protect against fraud and security threats.
-
Improve the Service — using de-identified or aggregated data. We may analyze usage patterns and quality signals (such as feedback) to make Living Fully better. Before conversation-derived data is used for improvement, we strip out identifiers that could reasonably link it back to you. We do not use the identifiable content of your conversations to train AI models.
-
Communicate with you — for example, to send sign-in codes and important notices about the Service.
-
Comply with law — meet legal obligations and respond to lawful requests.
3. Who can see your conversations
Your privacy here is a core design goal, not an afterthought.
-
Our staff does not read your conversations in the ordinary course. We do not browse, review, or monitor your chats.
-
We will only access the readable content of your conversations if:
-
you ask us to (for example, to help troubleshoot a problem or when you give explicit permission); or
-
the law requires it — such as a valid legal request, or where access is necessary to comply with a legal obligation; or
-
it is necessary to protect safety — to prevent or address an imminent risk of serious harm to you or someone else, or a violation of our Terms.
-
-
Our AI provider processes your messages to generate replies. To produce a response, your message and recent conversation context are sent to Anthropic (the maker of the Claude AI models) over an encrypted connection. Anthropic processes this data to return a reply and, under our commercial API terms with Anthropic, is not used to train its models.
4. How your data is protected
We apply layered security so that your conversation content stays protected even in a worst-case data breach:
-
Encryption in transit. All traffic between the app, our servers, and our AI provider uses TLS (HTTPS).
-
Encryption at rest, at the application layer. Every message is encrypted with AES-256-GCM before it is written to the database. The database stores only ciphertext.
-
Keys kept outside the database. The encryption key is held separately from the database, so a stolen database copy alone cannot be read.
-
Minimized exposure. Your messages are decrypted only transiently in server memory to build an AI request or to show you your own history, and (necessarily) at our AI provider during inference.
No system is perfectly secure, and we cannot guarantee absolute security — but this posture means that a leaked database dump, by itself, does not expose your conversations.
5. How we share information
We do not sell your personal information, and we do not share it for advertising. We share information only with service providers (sub-processors) who help us run the Service, under contracts that require them to protect it:
- Anthropic: AI model inference (generating replies). Your messages and recent conversation context
- Fly.io: Application hosting and managed database. Encrypted conversation data; technical data
- Mailgun: Sending one-time sign-in code emails. Your email address
We may also disclose information when required by law (see Section 3) or in connection with a merger, acquisition, or sale of assets, in which case we will require the successor to honor this Policy.
6. Data retention
We keep your conversations and account information for as long as your account is active, so your history is available to you. When you delete a conversation or your account, we delete the associated content from our active systems; residual copies in backups are removed on our normal backup-rotation cycle. We may retain limited de-identified or aggregated data, and records we are required to keep by law.
7. Your choices and rights
You can:
-
Access your history — your conversations are available to you in the app.
-
Delete your data — delete your entire account and its data from within the app (under the menu). Deleting your account permanently removes your account record and all your conversations from our active systems; residual copies in backups are removed on our normal backup-rotation cycle.
Depending on where you live, you may also have rights under laws such as the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act (CPA), Washington's My Health My Data Act and similar consumer-health-data laws, and the EU/UK GDPR, including the right to access, correct, delete, or obtain a copy of your personal information, to opt out of sale or sharing (we do not sell or share for advertising), and to be free from discrimination for exercising these rights. Because your conversations may touch on your wellbeing, we treat that content as sensitive and do not use or disclose it except as described in this Policy. To exercise any of these rights, contact us at erik@truesuccessforall.com. We will verify your request (typically via your account email) and respond within the timeframes required by law. You may appeal a decision by replying to our response.
8. Children's privacy
Living Fully is not intended for anyone under 16. We do not knowingly collect personal information from children under 16, and we comply with the US Children's Online Privacy Protection Act (COPPA). If you believe a child under 16 has provided us information, contact us and we will delete it.
A note on health privacy law. Living Fully is a personal-development tool, not a healthcare provider or health plan. We are not a HIPAA-covered entity, and using the Service does not create a provider–patient relationship. Your privacy is governed by this Policy and by the consumer-privacy and consumer-health-data laws described in Section 7 — not by HIPAA.
9. International users
We operate the Service from the United States, and your information is processed and stored in the United States and in the locations of our sub-processors. If you access the Service from outside the US, you understand your information will be transferred to and processed in the US, where privacy laws may differ from those in your country.
10. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you (in-app or by email) and update the "Last updated" date above. Your continued use after changes take effect means you accept the updated Policy.
11. Contact us
True Success For All Durango, Colorado, USA Privacy: erik@truesuccessforall.com
