Legal

Privacy Policy

Effective Date: Upon Launch  •  Last Updated: February 7, 2026
We never sell your data to advertisers, data brokers, or third parties without your explicit consent.

Your privacy is important to us. This Privacy Policy explains how Catalyst collects, uses, stores, and protects your personal information. We are committed to transparency and to complying with all applicable federal and state privacy laws, including the FTC Act and the California Consumer Privacy Act (CCPA).

Section 1: Information We Collect

1.1 Voice Data

What We Collect
  • Voice recordings from your conversations with Catalyst
  • Voice characteristics (tone, pace)
  • Language detection for multilingual features
How We Collect It
  • When you speak with Catalyst (voice input)
  • During voice-first onboarding
  • When using dynamic language switching
Purpose
  • Provide voice-based productivity coaching
  • Enable multilingual voice interactions
  • Detect language preferences

1.2 Conversation Data

What We Collect
  • Full text transcript of your conversations with Catalyst
  • Timestamped session history
  • Goals, projects, and priorities shared with Catalyst
  • Daily focus scores and productivity patterns
  • Archetype classification and preferences
Purpose
  • Provide personalized productivity coaching
  • Track progress toward your goals
  • Enable daily focus scoring and task recommendations
  • Support archetype-based personalization

1.3 Calendar and Task Data

What We Collect
  • Calendar events and availability (optional)
  • Task lists and project details
  • Deadlines, time commitments, and project interdependencies
Purpose
  • Provide goal-aware calendar orchestration
  • Generate task recommendations based on dependencies
  • Align time allocation with priorities

1.4 Usage Patterns

  • How often you use Catalyst and which features you access
  • Session duration and engagement metrics
  • Task completion patterns

Collected through app analytics (no third-party tracking) and our backend systems.

1.5 Device and Technical Information

  • Device type (iOS/Android, system language)
  • App version and operating system version
  • Telegram user ID and chat information

Section 2: How We Use Your Information

2.1 To Provide Services

  • Generate personalized productivity coaching responses
  • Calculate daily focus scores
  • Provide task recommendations based on priorities and dependencies
  • Identify and apply archetype-based personalization
  • Suggest calendar modifications aligned with your goals

2.2 To Personalize Your Experience

  • Adapt coaching style to your archetype
  • Recognize productivity patterns over time
  • Suggest relevant resources from the Wisdom Knowledge Base
  • Adjust language and tone based on your preferences

2.3 To Improve Services

We use anonymized, aggregate data to understand which features provide the most value, improve daily focus scoring accuracy, optimize task recommendation quality, and test new features before rollout.

What We Do NOT Do
  • We do NOT sell your personal data to anyone
  • We do NOT share your conversations with advertisers
  • We do NOT share your data with analytics platforms without explicit consent

2.4 For Legal Compliance

  • Comply with FTC requirements for consumer apps
  • Document consent records and maintain audit logs
  • Comply with CCPA if you are a California resident

Section 3: How We Share Your Information

3.1 We Do Not Sell Your Data

We do NOT sell your voice recordings, conversations, calendar data, or any personal information to third parties for any purpose.

3.2 When We Share (Limited Cases)

Situation What's Shared Why Your Consent
ElevenLabs (TTS)Voice response textGenerate voice responsesYes (in-app consent)
OpenRouter (LLM)Conversation contextGenerate coaching responsesYes (in-app consent)
VPS HostingEncrypted backupsSecure data storageYes (in-app consent)
TelegramMessage contentEnable messagingYes (in-app consent)
Payment ProcessorPayment infoProcess subscriptionsYes (during checkout)
Legal RequirementAs required by lawCourt order complianceNo (legal process)

3.3 Third-Party Service Details

ElevenLabs (Text-to-Speech): Converts Catalyst's responses to voice. ElevenLabs does NOT store your personal data permanently.

OpenRouter (LLM Inference): Generates AI-powered coaching responses. OpenRouter does NOT permanently store your conversations.

Telegram (Messaging): Enables Telegram-based communication. Telegram has its own privacy policy at telegram.org/privacy.

VPS Hosting: Stores encrypted backups and databases. All data encrypted at rest (AES-256) and in transit (TLS 1.3).

3.4 What We Never Share

  • Ad networks or advertisers
  • Data brokers
  • Analytics platforms without explicit consent
  • Social media platforms (except Telegram as the communication platform)

Section 4: Data Security

4.1 Encryption

At Rest: All voice recordings, conversation transcripts, and stored data encrypted with AES-256.

In Transit: All data transmitted using TLS 1.3 encryption with HTTPS-only connections and certificate pinning.

4.2 Access Controls

RoleAccess LevelPurpose
FounderFull accessOversight and development
Authorized DevelopersRead-only for debuggingIssue resolution only
Third-Party ServicesEphemeral accessProvide services only

Every access to your data is logged with timestamp and purpose. Logs are retained for 2 years.

4.3 Data Retention

Data TypeRetention PeriodWhen Deleted
Conversation transcripts90 days after session90 days after deletion request
Voice recordings90 days after session90 days after deletion request
Usage patterns12 months12 months (or 90 days if requested)
Crash reports90 days90 days

4.4 Breach Notification

If a breach occurs, we will notify you within 60 days, describe the breach, explain what we are doing to address it, and provide guidance on steps you can take.

Section 5: Your Rights

5.1 Right to Access

You can view all stored conversations, voice recordings, and usage data, and export all your data in a readable format.

How: In Catalyst app → Settings → Privacy → Download My Data, or email privacy@catalystgoals.com

5.2 Right to Delete

You can delete your account and all associated data, specific conversations, or voice recordings.

How: In Catalyst app → Settings → Privacy → Delete My Data, or email privacy@catalystgoals.com

We delete your data within 90 days. Third-party services do NOT retain your data. VPS backups are securely destroyed.

5.3 Right to Export (CCPA)

California residents can request ALL data collected (not just last 12 months) under CCPA 2026.

How: Email privacy@catalystgoals.com with subject "Data Export - CCPA". Complete export in JSON within 30 days.

5.4 Right to Opt Out

  • Opt out of analytics collection at any time
  • Opt out of new features requiring additional consent
  • Revoke consent for third-party services

5.5 Right to Consent

You must consent before we collect, store, or share any personal data. We use explicit opt-in with no pre-checked boxes, no false urgency, no misleading placement, and no dark patterns.

Section 6: California and State Rights

6.1 CCPA 2026

If you are a California resident, your rights include:

  • Right to know all categories of personal information collected
  • Right to know sources and purposes for collection
  • Right to know third parties sharing data
  • Right to delete and correct personal information
  • Right to opt out of sale or sharing (we do not sell)
  • Right to limit use of sensitive personal information

How: Submit request to privacy@catalystgoals.com. Response within 30 days. No fee.

6.2 Risk Assessment

For automated decision-making (e.g., task recommendations, daily focus scoring), we conduct risk assessments before the December 2027 deadline, disclose significant impacts, and provide opt-out where feasible.

Section 7: Children's Privacy

Catalyst is NOT intended for children under 16. We do NOT knowingly collect personal information from children under 16. If we discover such collection, we delete it immediately.

Section 8: International Users

If you are outside the United States, your data is processed in the United States. We use Standard Contract Clauses for data transfers and appropriate security measures. This policy is based on U.S. law (FTC, CCPA). Additional local protections may apply.

Section 9: Changes to This Policy

If we change this policy, we will post the updated policy in the Catalyst app, email you notice of material changes, and explain what changed and why.

Section 10: Contact Us

Privacy Questions: privacy@catalystgoals.com (response within 30 days)

Legal Inquiries: legal@catalystgoals.com