Data Controls
Effective date: February 11, 2026. This page explains exactly where data lives, what requires explicit permission, and what choices you control.
Default behavior (local-first)
- Workspace state is stored on your device/browser.
- Divergify does not silently upload task content or inferred health/cognitive patterns.
- No ad-tracking cookies or cross-context behavioral advertising.
What requires explicit permission
- Submitting contact messages (you explicitly provide and send this data).
- Optional marketing opt-in (separate checkbox).
- Opening third-party links (store, social, payment pages).
- Any future cloud backup/sync or AI integration features.
Cloud and sync model
The intended architecture is user-controlled storage: you choose whether to stay local-only or connect your own cloud provider. If enabled, sync should use end-to-end encrypted data blobs so providers cannot read workspace content.
Until that feature is live, default behavior remains local-only.
AI data boundary
AI features should be optional and separately consented. If enabled, only the minimum required payload should be sent to the selected AI provider, and only for the session/use case you trigger.
No AI processing should run on your data unless you explicitly turn it on.
Medical and legal boundary
Divergify is a productivity environment, not a medical provider. We do not diagnose, treat, or provide clinical care. The tools can be used by people with or without formal diagnoses.
If we launch regulated healthcare features in the future, we will add the required compliance controls first.
California + HIPAA quick answers
- HIPAA usually applies to covered healthcare entities and their business associates, not general productivity tools.
- California disclosures are structured for CalOPPA visibility and CCPA/CPRA-style rights handling where applicable.
- California privacy rights requests can be submitted via chaoscontrol@divergify.app.
- Divergify does not sell personal information or use cross-context behavioral advertising.
Public web inference risk
Public pages can still be indexed and observed at the network/browser level. That means third parties may infer topic interest from visited URLs even when workspace data stays local.
We reduce this risk by avoiding ad trackers and keeping workspace content local by default.
Your controls right now
- Clear browser storage to remove local workspace state and settings.
- Use the “Shades,” “Tin Foil Hat,” and “Brain Mode” controls locally in your browser.
- Use contact-form consent and opt-in checkboxes intentionally.
- Email privacy requests to chaoscontrol@divergify.app.
State-law alignment
Divergify is built to support consent-first handling and local-first minimization across US state privacy frameworks. Where laws differ by state, we aim to apply the stricter operational standard and update controls as requirements evolve.
For legal details, see Privacy Policy and Terms of Service.