SF2X · the brain that begins where you did

Privacy

Draft — not legal advice. This policy is being finalized and is pending attorney review before public launch. Owner/Controller: Cameron Piper / SF2X · contact campiper84@gmail.com.

Talking to her without an account

You can talk to SF2X on the public site without signing up. For that no-account use:

No account, no profile. We don't create an account or build a profile about you. As a guest you talk to her shared brain — you can't read anyone's private memory, and nothing you say is written into her long-term memory.
Your message is processed by OpenAI. To answer you, and to run an automated safety check on the reply, each message is sent to OpenAI as a processor. Please don't share sensitive personal information you wouldn't want processed this way.
Your IP is used transiently for safety, not identity. We use your IP only to rate-limit abuse and protect the service — never to identify or profile you.
Your transcript stays in your browser. For guests, the conversation lives in your own browser's local storage on your device. Clear your browser data to erase it; we don't store guest transcripts on our servers.

Safety, not therapy. Replies are screened by automated moderation. If you express distress or thoughts of self-harm, she may share crisis resources — in the US call or text 988; anywhere, findahelpline.com. She is an AI, not a counselor or a crisis service. In an emergency, contact your local emergency number (911 in the US) right away. See the Terms (§8a).

If you create an account

What we collect

Account data (email; basic profile from social sign-in if used — passwords are handled by Supabase Auth, we never see them); optional birth data for the Origin Signature (date, optional time, optional approximate location); your creative content; usage/security logs; and payment data (handled by Stripe — we never store full card details).

The two-tier brain & the privacy membrane

Your Personal Brain holds your data privately, scoped to your account (row-level security). The Universal Brain learns only anonymized, abstract patterns — it never holds your identity, your words, or anything traceable to you. The membrane between them is one-way, de-identifying, and defaults closed.

Tier	Data	Crosses up?
0 · Identity	email, login	Never
1 · Origin inputs	birth date/time/place	Only de-identified + coarsened
2 · Your raw words	what you say to her	Never — only abstract patterns
3 · Derived patterns	patterns she forms	Only aggregated (minimum group sizes)

Your sovereignty & rights

See everything (your crystal is your data, plus a plain "what I know about you" view). Edit or delete any memory, export your whole brain, pause learning, or wipe your Personal Brain entirely. Under GDPR / CCPA you may access, correct, export, or delete your data and opt out of non-essential processing — email campiper84@gmail.com. SF2X reflects for you; it does not build a profile about you to sell, target, or influence you.

Sharing, retention & security

We share data only with the processors that run the service — Supabase (database/auth), OpenAI (inference/embeddings on submitted content), Stripe (payments), Cloudflare/Vercel (hosting/security), Resend (email) — each only to provide its function. We do not sell your data. We retain account data while your account is active and delete it on request (except records we must keep for legal/financial reasons). Security: RLS on user data, TLS in transit, Cloudflare Zero-Trust on the brain API, least-privilege access. No system is perfectly secure; we will notify you of a breach as required by law.

Children

SF2X is not directed at children under 13 (or the applicable age in your region) and we do not knowingly collect their data.