Privacy Policy

Local-first privacy commitment

Divergify is designed to run local-first. Core workspace data stays on your device by default. We do not sell personal information and we do not use advertising trackers.

We do not exfiltrate your task content, notes, habits, or inferred cognitive/health-related patterns to Divergify servers.

Explicit permission model

Divergify uses consent-first controls. Data stays local unless you take a clear action that authorizes data transfer, such as submitting a contact form, opening a third-party link, or enabling an optional integration.

• Default: local-only operation on your device.
• Optional: off-device features are opt-in and can be disabled or revoked.
• No silent uploads: we do not background-upload workspace content without your explicit action.

Data categories

We process only the minimum data needed to run the site and app.

• Local Storage Data: app settings and local workspace state saved in your browser/device storage.
• Inferred Health Data (local only): optional inferences (for example stress/focus patterns) derived on-device.
• Contact Data: name, email, and message when you submit the contact form or email us.
• Basic Request Logs: IP address, user agent, and timestamps from hosting infrastructure logs.
• Public Web Metadata: page URLs and referrers visible to your browser, network provider, and destination site when you navigate the public web.

What stays on your device

• Tasks, routines, notes, and private workspace content.
• Local Storage Data used for preferences and continuity.
• Inferred Health Data used to personalize your experience on-device.

What leaves your device

Only limited operational data leaves your device:

• Contact form submissions you intentionally send.
• Normal web requests to load site assets.
• Technical request data sent to third-party resources embedded on specific pages (for example font/CDN files).
• Third-party requests initiated by you (for example external social links or Ko-fi).
• Public-page access signals (for example URL requests) that search engines and network providers can observe.

Divergify does not upload your local workspace content or Inferred Health Data to our servers.

Inference and crawler limits

Divergify publishes public pages about neurodivergence. Search engines can index those pages, and parties that can see browsing activity (for example an ISP, employer network, or shared-device observer) may infer interest in those topics.

To reduce this risk, we avoid ad-tech trackers and cross-context behavioral advertising scripts, and keep core workspace content local by default.

Cookies, local storage, and tracking

We do not use cookies for ad targeting or cross-site behavioral tracking. We use local browser storage to save app settings and task continuity. If essential cookies are used by infrastructure, they are used only for security and session reliability.

How we use server-side data

• Operate and secure the site.
• Respond to support/contact requests.
• Meet legal obligations and prevent abuse.

Sharing and sales of data

We do not sell personal data. We only share limited data with service providers required to host the site or process submissions you intentionally send (for example hosting/forms providers).

Your choices

• Clear local storage in your browser/device at any time.
• Use the Data Controls page for current privacy controls and architecture.
• Request deletion of contact submissions by emailing us.
• Avoid entering sensitive medical information into contact forms.

US state privacy rights notice

Depending on your state of residence and applicable law, you may have rights to request access, correction, deletion, or portability of personal information, and to opt out of specific processing practices where those practices apply.

Divergify does not sell personal data and does not use cross-context behavioral advertising. If this changes, we will provide required opt-out controls and update this notice.

To make a privacy rights request, email chaoscontrol@divergify.app with subject line “Privacy Request.”

California-specific disclosures

We provide this policy as a conspicuous privacy notice for California users (CalOPPA). Where California consumer privacy law applies (including CCPA/CPRA), you may request access, deletion, correction, and information about data categories we process.

Divergify does not sell personal information and does not share personal information for cross-context behavioral advertising. If this changes, we will provide legally required notices and controls.

Divergify is not offered as a healthcare provider service and does not provide diagnosis or treatment. If product scope changes toward regulated healthcare functionality, we will update this policy and controls to match applicable California medical privacy obligations, including CMIA where applicable.

Medical scope and regulatory posture

Divergify is a productivity and cognition-support environment. We do not diagnose, treat, or provide clinical care. The product may be used by people with or without formal diagnoses.

HIPAA applies primarily to covered entities (such as healthcare providers, plans, and clearinghouses) and their business associates. Divergify is currently structured as consumer productivity software rather than a covered healthcare service.

If we introduce features that materially change that posture, we will update legal terms and controls before rollout. Regardless of legal category, we apply consent-first and data-minimization controls intended to reduce privacy risk.

If future features process health-related data off-device, additional consumer-health privacy requirements (including applicable breach-notification rules) may apply.

Retention and security

Contact submissions and server logs are retained only as needed for support, security, and legal obligations. We apply reasonable technical and administrative safeguards, but no system is perfectly secure.

Children's privacy

Divergify is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

Changes to this policy

We may update this policy. Material changes will be reflected by updating the effective date above.

Contact

Questions or deletion requests: chaoscontrol@divergify.app.