Legal & Trust
What we collect, why we collect it, and how we protect it. Written plainly, because you deserve to understand it.
Your goals, your progress, and your story belong to you. Momentum52 exists to help you build momentum toward transformation — not to monetize your personal data. We collect what we need to make the platform work, we protect it carefully, and we never sell it.
— The Momentum52 Privacy CovenantMomentum52 is a transformation platform that helps individuals and groups pursue 52-week journeys of intentional growth. The platform is operated by Momentum52 and is currently in private beta. Our contact address is privacy@momentum52.com.
For privacy law purposes, the data controller for this platform is Momentum52. If you require full legal entity details (registered entity name and mailing address), request them at the contact address above and we will provide them in writing.
If you are in the EEA, UK, or another jurisdiction with local privacy rights, this policy applies together with any mandatory rights provided by your local law.
We collect only what is necessary to provide you with a working, personalized experience.
| What | Why | When |
|---|---|---|
| Email address | Account creation, identity verification, platform notifications | Registration |
| Name (first & last) | Personalization within the platform | Registration |
| Username | Public identity within journeys | Registration |
| Dreams & goals | Powering your journey setup and narrative arc | Onboarding & profile |
| Journey & activity data | Tracking your progress; showing it to you | Active use |
| IP address & device info | Security, fraud prevention, session management | Every login |
| Login timestamps | Security monitoring and rate limiting | Every login |
We do not collect payment information (we have no paid tier at this time), biometric data, location data beyond IP address, or any data from third-party advertising networks.
Your data is used for one purpose: operating Momentum52 for you.
Specifically, we use it to:
Authenticate your account and keep your session secure. Personalize your dashboard, journey experience, and progress tracking. Send you transactional emails — verification links, password resets, and journey notifications you have opted into. Display your progress to you (and, where applicable, to collaborators in journeys you have joined). Improve platform stability and diagnose technical issues.
We do not use your data for advertising. We do not build behavioral profiles for sale. We do not share your goals, progress, or story with third parties for commercial purposes.
Where required by applicable law, we process personal data on one or more lawful bases: to provide the services you request (contract), for legitimate interests in operating and securing the platform, to comply with legal obligations, and where applicable, based on your consent (which you may withdraw at any time).
We share data only with service providers that make the platform function. These providers operate under their own privacy policies and are contractually bound to use your data only to provide their services to us.
Brevo (email delivery) — receives your email address to deliver transactional messages you have requested (verification, notifications, password resets).
Google Cloud (infrastructure) — your data is stored on Google Cloud Run (application hosting) and Google Cloud SQL (database). Google processes data on our behalf under a data processing agreement and does not use your data for its own purposes.
We will disclose data if required by law, to protect the safety of users, or to enforce our terms of service. We will notify you of legal demands where permitted to do so.
We maintain appropriate contracts with service providers that process personal data on our behalf, including confidentiality and security obligations.
Depending on your location, your data may be processed in countries other than your own. When we transfer personal data across borders, we use appropriate safeguards required by applicable law, such as contractual commitments with our processors and technical controls to protect data in transit and at rest.
Momentum52 supports three journey formats, each with different visibility defaults:
Solo journeys are private by default. Only you can see them. They do not appear on the Discover page or to other users.
Collaborative journeys are visible to enrolled participants. The journey title, description, and participant list are shared among members.
Guided journeys are visible to the facilitator and enrolled participants. The facilitator may see participant progress as part of their facilitation role.
Your individual activity completions and personal notes within any journey are not shared with other participants unless you explicitly share them.
Momentum52 includes an AI persona system — a council of named AI characters (e.g., Jamie Chen, John Benak, Taylor Morgan) that generate narrative content within supported journeys. These personas are language models, not human advisors. Any sense of relationship, growth, or evolving voice you experience reflects structured narrative accumulation, not genuine character development or independent thought.
What the AI system accesses: When the AI persona system is active for a journey you are enrolled in, it may access your journey title, current week, activity completion records, and any response text you have submitted. This context is used solely to generate relevant narrative content for that journey.
What is generated and stored: AI-generated journal entries and narrative responses produced for your journey are stored in your journey record and visible to you. They are not shared with other participants unless you explicitly share them.
Claude (Anthropic): AI persona content is generated using Claude, an AI model operated by Anthropic. Journey context passed to Claude is processed under Anthropic's then-current contractual and policy commitments applicable to our account configuration. We send only the minimum context needed to generate a response.
You will always know when content has been AI-generated — it is attributed to the named persona, not presented as human-authored. If a journey you are enrolled in does not use AI personas, this section does not apply to you.
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.
Session logs and login attempt records are retained for 90 days for security purposes and then deleted.
Typical retention windows by category are: account profile and journey records while your account remains active; AI-generated journey content as part of your journey record until deletion; security and access logs for approximately 90 days; and backup copies for a limited rolling period consistent with disaster recovery operations.
Deletion requests are processed by first disabling account access, then removing or de-identifying personal data from active systems, and finally expiring backup data according to backup lifecycle schedules.
Passwords are hashed using bcrypt — we never store them in plain text and cannot read them. Sessions use secure, HttpOnly cookies. We enforce rate limiting on login attempts to prevent brute-force attacks. Access to production data is restricted to authorized personnel only.
No system is perfectly secure. If we become aware of a breach that affects your data, we will notify you promptly and take immediate steps to contain it.
Where notification obligations are defined by law, we will provide notices within legally required timelines and include known impact, containment actions, and recommended protective steps.
You have the following rights regarding your data:
To exercise any of these rights, email us at privacy@momentum52.com. We will respond within 30 days.
To protect your account, we may need to verify your identity before completing certain requests. If we cannot verify the requestor, or if an exception applies under law, we may limit or deny the request and will explain why.
We use a single session cookie to keep you logged in. We use
localStorage
to remember your theme preference (light/dark mode). We do not use
advertising cookies, analytics cookies, or third-party tracking pixels.
If we introduce additional cookies or local storage uses in the future, we will update this section before those changes become effective.
Momentum52 is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it promptly.
If we make material changes to this policy, we will notify you by email or by a prominent notice on the platform before the changes take effect. The effective date at the top of this document reflects the most recent revision.
We may also maintain a change summary for major revisions so you can quickly review what changed between versions.
If you have questions about this policy or want to exercise your data rights, we want to hear from you.
privacy@momentum52.com