Privacy Policy

Local-first privacy commitment

Divergify is designed to run local-first. Core workspace data stays on your device by default. We do not sell personal information and we do not use advertising trackers.

In the current app release, tasks, habits, focus sessions, sidekick chat history, onboarding answers, and settings stay on your device unless you explicitly export them or choose an optional off-device action.

Tin Foil Hat mode

Tin Foil Hat mode is a product-level privacy control in the app. When it is enabled, optional cloud assist calls are blocked and embed-style content is hidden.

• Default: local-first operation on your device.
• Effect: optional assist features stay local instead of calling a cloud endpoint.
• Limit: Tin Foil Hat is not a claim of full operating-system or network-level blocking.

Data categories

We process only the minimum data needed to run the site and app.

• Local app data: tasks, habits, focus sessions, chat history, onboarding answers, and settings saved in browser or device storage.
• Support and waitlist data: name, email, and message when you submit the website contact form or email us.
• Optional assist payloads: the minimum text and context needed for Sidekicks, Magic Tasks, or Lab assist when you trigger those features and Tin Foil Hat is off.
• Basic request logs: IP address, user agent, and timestamps from hosting infrastructure logs.
• Public web metadata: page URLs and referrers visible to your browser, network provider, and destination site when you navigate the public web.

What stays on your device

• Tasks, routines, notes, private workspace content, chat history, and settings by default.
• Session-level support adjustments such as check-in state, local preferences, and continuity data.
• Export files until you decide to save or share them elsewhere.

What leaves your device

Only limited operational data leaves your device:

• Contact or waitlist submissions you intentionally send from the website.
• Normal web requests to load site assets.
• Optional assist requests for Sidekicks, Magic Tasks, or Lab only when you trigger them and Tin Foil Hat is off.
• Third-party requests initiated by you, such as opening Google Calendar, Waze, email, or external website links.
• Public-page access signals (for example URL requests) that search engines and network providers can observe.

Divergify does not silently background-upload your local workspace content to our servers.

Explicit permission model

Divergify uses consent-first controls. Data stays local unless you take a clear action that authorizes data transfer, such as submitting the contact form, opening a third-party link, exporting a file, or triggering optional assist.

• Default: local-first operation on your device.
• Optional: off-device actions happen because you chose them.
• No silent uploads: we do not background-upload workspace content without your explicit action.

Cookies, local storage, and tracking

We do not use cookies for ad targeting or cross-site behavioral tracking. We use local browser or app storage to save settings and workspace continuity. If essential cookies are used by infrastructure, they are used only for security and session reliability.

How we use server-side data

• Operate and secure the site.
• Respond to support, contact, or waitlist requests.
• Provide optional assist features when you intentionally trigger them.
• Meet legal obligations and prevent abuse.

Sharing and sales of data

We do not sell personal data. We only share limited data with service providers required to host the site, process submissions you intentionally send, or respond to optional assist requests you intentionally trigger.

Your choices

• Clear local storage in your browser or device at any time.
• Use the Data Controls page for current privacy controls and architecture.
• Use Tin Foil Hat in the app to keep optional assist flows local.
• Request deletion of contact or waitlist submissions by emailing us.
• Avoid entering sensitive medical information into contact forms or support email.

Permissions in the current Android app

The current Android manifest requests internet access only. It does not declare microphone, camera, or location permission in this release.

US state privacy rights notice

Depending on your state of residence and applicable law, you may have rights to request access, correction, deletion, or portability of personal information, and to opt out of specific processing practices where those practices apply.

Divergify does not sell personal data and does not use cross-context behavioral advertising. If this changes, we will provide required opt-out controls and update this notice.

To make a privacy rights request, email chaoscontrol@divergify.app with subject line “Privacy Request.”

California-specific disclosures

We provide this policy as a conspicuous privacy notice for California users (CalOPPA). Where California consumer privacy law applies (including CCPA/CPRA), you may request access, deletion, correction, and information about data categories we process.

Divergify does not sell personal information and does not share personal information for cross-context behavioral advertising. If this changes, we will provide legally required notices and controls.

Divergify is not offered as a healthcare provider service and does not provide diagnosis or treatment. If product scope changes toward regulated healthcare functionality, we will update this policy and controls to match applicable California medical privacy obligations, including CMIA where applicable.

Medical scope and regulatory posture

Divergify is a productivity and cognition-support environment. We do not diagnose, treat, or provide clinical care. The product may be used by people with or without formal diagnoses.

HIPAA applies primarily to covered entities (such as healthcare providers, plans, and clearinghouses) and their business associates. Divergify is currently structured as consumer productivity software rather than a covered healthcare service.

If we introduce features that materially change that posture, we will update legal terms and controls before rollout. Regardless of legal category, we apply consent-first and data-minimization controls intended to reduce privacy risk.

Retention and security

Contact or waitlist submissions and server logs are retained only as needed for support, security, and legal obligations. We apply reasonable technical and administrative safeguards, but no system is perfectly secure.

Children's privacy

Divergify is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

Changes to this policy

We may update this policy. Material changes will be reflected by updating the effective date above.

Contact

Questions or deletion requests: chaoscontrol@divergify.app.