Privacy Policy

Effective date: June 3, 2026. Last updated: June 3, 2026.
This Privacy Policy describes how the Divine Karma Institute ("we," "us," "our") handles information when you use our website at divinekarmainstitute.com and our applications Inkling, Self-Aware, Quantum Compass, and Halo Mind Sync (collectively, the "Services").

1. Summary
2. Our six commitments
3. What we collect
4. How we use information
5. Sharing
6. Cross-app data sharing
7. Retention
8. Security
9. Your rights
10. Children's privacy
11. International users
12. Cookies & site analytics
13. Changes to this policy
14. Contact

1. Summary

The Divine Karma Institute is built around a simple privacy stance: your data lives on your device. We do not run analytics over your journal content. We do not train models on your data. We do not sell, rent, or share your personal information. If you delete your data, it is gone.

For the full architectural story in plain language, see How We Work. The sections below set out the legally precise version.

2. Our six commitments

Every Institute application is built around six binding commitments:

On-device by default. Raw entries, embeddings, decision logs, outcomes, and value hierarchies are stored locally on your device. Nothing leaves the device unless you explicitly enable cross-device sync.
End-to-end encrypted sync. When sync is enabled, your data is encrypted on your device with a key derived from your passphrase or biometric. Our servers see opaque ciphertext, never plaintext journal or decision content.
No cross-user aggregation. Your data is never used to train, calibrate, or inform any other user's model. There is no shared model trained on user content.
No third-party analytics on content. Journal content, decision content, mood data, and free-text entries are never sent to third parties. Any usage telemetry is anonymous, opt-in, and off by default.
Export and delete on demand. You can export your full data as encrypted JSON at any time. You can delete all stored data with a single in-app action.
Biometric or passphrase lock. Self-Aware and Quantum Compass require biometric or passphrase authentication at every cold open.

3. What we collect

Information you provide

Depending on which Service you use, you may provide:

Journal entries (Self-Aware): mood ratings, structured prompts, free-text reflections, and metadata you choose to add.
Decision logs (Quantum Compass): your framing of a decision, your value hierarchy, sliders for environmental and emotional factors, your gut-feel rating, and the outcomes you mark later.
Reflection inputs (Inkling): which exercises you complete, your responses to prompts.
Biofeedback signals (Halo Mind Sync, when launched): low-fidelity nervous-system signal during practice sessions.
Account information (only if you create an account): email address, passphrase (hashed), and device identifier for sync.
Communications: emails or messages you send us.

We do not ask for or store: age, gender, race, ethnicity, religion, national origin, sexual orientation, marital status, income, education level, or other demographic attributes. The Services literally cannot use what they do not collect.

Information collected automatically

If you opt in to anonymous usage telemetry, we may collect:

Session length and feature-usage counts (which screens were opened, not what was written).
Crash reports and error logs (technical, with no journal content).
App version and device type (for compatibility).

This telemetry is off by default. You can enable or disable it in app settings at any time.

From third parties

If you purchase an app through the Apple App Store or Google Play Store, the store provides us with limited purchase confirmation data. We do not receive your payment card details.

4. How we use information

We use the information we collect to:

Operate the Services on your device.
Provide the analyses, journaling, scoring, and reflection features you've requested.
Enable optional cross-device sync (where you've enabled it).
Respond to your support requests.
Improve the Services (using only anonymous, opt-in telemetry).
Comply with legal obligations and protect against fraud, abuse, or security risk.

We do not use your journal content, decision content, or reflections to train machine learning models, generate marketing material, or profile you for any purpose.

We do not sell, rent, or trade your personal information. We share information only in these limited cases:

With your consent. For example, if you explicitly choose to share a result.
Service providers under strict contract. Hosting providers, encryption infrastructure, email providers, and similar vendors who process information on our behalf and are bound by confidentiality obligations. They do not see plaintext journal content.
Legal compliance. If required by valid legal process. We will challenge overbroad requests where lawful and will notify users where permitted.
Business transfer. If the Institute is acquired or merged, your information may be transferred to the successor entity, who will be bound by an equivalent Privacy Policy.

6. Cross-app data sharing

By default, Self-Aware and Quantum Compass are siloed: neither can read the other's data. You may grant Quantum Compass read-only access to your Self-Aware data via a single explicit toggle in either app's settings.

When enabled, Quantum Compass reads Self-Aware's local data store to enrich its Historical Pattern (H) and Synchronicity (S) scores. Self-Aware never reads from Quantum Compass. You can revoke this access at any time, and revocation immediately stops cross-app data flow.

7. Retention

Your on-device data is retained for as long as the app is installed. You can delete all stored data from within the app at any time. If you uninstall the app, your local data is removed by the operating system per the platform's standard behavior.

If you enable cross-device sync, your encrypted data is retained on our servers until you delete it or close your account, plus a short technical buffer (up to 30 days) for backup invalidation.

Email correspondence, account records, and purchase records may be retained as required for accounting, fraud prevention, or legal compliance, typically for up to seven years.

8. Security

We protect your information through:

On-device storage by default, with biometric or passphrase access controls.
End-to-end encryption of any data leaving your device.
Industry-standard transport security (TLS) for all network communications.
Access controls and audit logs on internal systems.
Vendor due diligence on any third-party processor.

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

9. Your rights

You have the right to:

Access the information we hold about you.
Correct any inaccurate information.
Delete your information (most data can be deleted directly in-app).
Export your data in a portable format.
Withdraw consent for optional processing (such as telemetry or sync) at any time.
Object to processing in certain circumstances.
Lodge a complaint with your local data protection authority.

To exercise any of these rights for information not directly available in-app, email hello@divinekarmainstitute.com. We will respond within 30 days (or sooner where required by law).

California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what categories of personal information we collect, to request deletion, to opt out of any sale or sharing of personal information (we do not sell or share), and to be free from discrimination for exercising these rights. We do not "sell" personal information as that term is defined under California law.

European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are in the EEA or UK, our legal bases for processing are: performance of a contract (delivering the Services you request), legitimate interests (operating and improving the Services, security), consent (optional features such as sync and telemetry), and legal obligation (where required).

If you wish to lodge a complaint, you may contact your national data protection authority.

10. Children's privacy

The Services are not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information to us, please contact us at hello@divinekarmainstitute.com and we will delete it. Users under 18 should use the Services only with parental or guardian involvement.

11. International users

The Divine Karma Institute is based in the United States. If you access the Services from outside the US, you understand that your information may be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country. Where required, we rely on standard contractual clauses or other approved transfer mechanisms.

12. Cookies & site analytics

The marketing website at divinekarmainstitute.com uses minimal cookies. We use:

Strictly necessary cookies for basic site operation (none persistent at this time).
No advertising cookies or tracking pixels.
No third-party advertising networks.

If we add optional analytics in the future, we will give you clear notice and a way to opt out before any personally identifying tracking is enabled.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Material changes will be communicated in-app or by email where reasonable. Your continued use of the Services after a change takes effect constitutes acceptance of the revised policy.

14. Contact

Questions about this policy or about your data? Reach us at:

Divine Karma Institute
Email: hello@divinekarmainstitute.com
Web: divinekarmainstitute.com

Contents