Privacy Policy

Scope

This Privacy Policy applies to Core Creations, GetYourLifeTogether, and related account, workspace, dashboard, collaboration, automation, document, spreadsheet, invoice, health, finance, inventory, messaging, password, authenticator, notification, integration, AI, and security features provided through the application.

The application may be used for personal, family, team, or organization workspaces. Workspace owners and administrators may control settings, invite users, set permissions, view workspace activity, manage billing, and access content available to them through their role.

Information collected

We collect account and profile information such as name, email address, avatar, login method, password hash, MFA settings, recovery and reactivation metadata, account status, workspace membership, roles, preferences, and acceptance records for legal documents.

We collect content you create or upload, including tasks, projects, notes, documents, spreadsheets, lists, recipes, events, activities, counters, calendars, time entries, invoices, inventory records, files, comments, messages, attachments, saved views, dashboard configuration, automation rules, search data, and workspace settings.

We collect sensitive or high-risk content if you choose to use those features, including health logs, workouts, sleep, water, food, steps, body metrics, budgeting data, transactions, subscriptions, assets, invoice parties, password manager records, authenticator records, API keys, integration tokens, webhook URLs, local encryption settings, and connection details for third-party systems.

We collect technical, security, and diagnostic data such as IP address, approximate location from IP lookup, user agent, device and browser details, session identifiers, trusted-device records, login history, access logs, audit logs, rate-limit records, CSRF/security events, API usage, error logs, and timestamps.

Sources

Data comes from you, workspace members, organization administrators, imported files, connected devices or services, browser and device signals, cookies or session storage, OAuth providers, payment processors, email systems, AI providers, and third-party APIs or webhooks that you connect or configure.

How information is used

We use information to create and secure accounts, authenticate users, provide MFA and trusted-device controls, operate workspaces, enforce permissions, save user content, run automations, deliver notifications, process exports/imports, support search, sync connected services, process payments, troubleshoot problems, prevent abuse, maintain audit trails, comply with legal obligations, and improve the service.

Health, money, password, authenticator, AI, dashboard, integration, and automation data is used only to provide the features you request, but those features can involve sensitive data. You are responsible for choosing what information to enter, upload, import, store, or share.

Third-party services

The app may interact with providers such as hosting and database services, email delivery services, payment processors such as Stripe, OAuth providers such as Google, Microsoft, Discord, Facebook, Apple, and Steam, AI services, weather/quote/package/media APIs, health imports, Discord webhooks, calendar services, and user-configured systems such as Plex, Radarr, Sonarr, qBittorrent, TrueNAS, and similar integrations.

When you connect or use third-party services, data may be sent to, received from, stored by, or processed under those services' own terms and privacy policies. We are not responsible for third-party services, outages, misuse, data handling, security practices, API changes, rate limits, or failures.

AI features

If you use AI features, prompts, messages, files, summaries, metadata, and outputs may be sent to AI providers or processed by local or hosted AI components. Do not submit confidential, regulated, privileged, or highly sensitive information to AI features unless you have confirmed that the configuration and provider terms are appropriate for that use.

AI output may be inaccurate, incomplete, offensive, unsafe, or unsuitable for your purpose. You are responsible for reviewing AI output before relying on it.

Security and encryption

We use administrative, technical, and organizational safeguards intended to protect data, including authentication, MFA support, CSRF controls, rate limiting, session controls, audit logs, role-based workspace access, and optional workspace encryption paths for some content. These measures reduce risk but do not eliminate it.

No application, network, device, database, encryption system, integration, backup, or human process is perfectly secure. We do not guarantee that data will always remain private, available, uncorrupted, unrecoverable by unauthorized parties, or protected from loss, theft, disclosure, compromise, ransomware, malware, user error, administrator misuse, credential theft, provider failure, or other security incidents.

You are responsible for strong passwords, MFA, protecting recovery phrases and encryption keys, restricting workspace access, managing connected services, maintaining your own backups of important data, and promptly reporting suspected unauthorized access.

Sharing and disclosures

We may disclose information to operate the service, to workspace owners and administrators according to permissions, to service providers and processors, to connected services you enable, to payment providers, to comply with law or legal process, to protect rights, safety, and security, to investigate abuse, or as part of a merger, acquisition, restructuring, or transfer of assets.

We do not sell personal information in the ordinary meaning of selling customer lists for money. If applicable law treats any analytics, advertising, or third-party data transfer as a sale or sharing, you may have opt-out rights as described by that law.

Retention

We keep data for as long as needed to provide the service, maintain security, comply with law, resolve disputes, enforce agreements, preserve audit records, and support backups or disaster recovery. Deleted data may remain temporarily in logs, backups, caches, archives, security records, or third-party systems before deletion is completed.

Your choices and rights

You can access, update, export, or delete certain data through available app controls. You may request access, correction, deletion, portability, restriction, or opt-out rights where applicable law grants them. Some requests may be limited by account security, workspace ownership, legal obligations, backups, audit logs, billing records, dispute records, or the rights of other users.

Children

The service is not intended for children under 13, and users under the age of majority should use the service only with permission and supervision from a parent, guardian, school, employer, or organization administrator as applicable.

Health, financial, and regulated data

The service is not a medical provider, health plan, financial advisor, bank, broker, tax advisor, legal advisor, or regulated records custodian. Unless a separate written agreement says otherwise, the service is not offered as a HIPAA-covered service, PCI storage service, regulated financial recordkeeping system, or compliance archive.

Changes

We may update this policy when features, providers, risks, or legal requirements change. The app may require you to accept a new version before continued use.

Contact

For privacy or data requests, contact the account owner, workspace administrator, organization operator, or support contact provided for this service.