Privacy Policy

• Account: email and password hash (via our authentication provider).
• Profile: alias, current stage, language preference (you control these).
• App content you create: plan items, milestones, journal entries, gratitude entries, safe contacts, saved places, calendar events, service log, evidence files.
• Limited diagnostics: anonymized error logs and aggregate usage counts. No advertising IDs. No fingerprinting.
• ZIP code at search time: sent only when you tap "Find safe options," not stored or attributed to you.

We do not collect: precise location, device contacts, photos library, microphone, advertising ID, or browsing history.

Real PIN, duress PIN, safe phrase, disguise mode setting, Quick Exit destination, recent ZIP searches, blocked-author list, and any "demo mode" content. None of this leaves your device.

You can wipe local safety data anytime from Privacy settings.

We share data only with the limited set of vendors required to run HavenPath:

• Authentication & database: Lovable Cloud (powered by Supabase) — stores your account and app content.
• AI companion: Lovable AI Gateway routes Haven chat messages to the underlying model provider (Google or OpenAI). Messages are not used to train external models.
• Payments: Stripe — processes subscription billing. We never see or store your full card number.
• Resource directories: SAMHSA findtreatment.gov, HUD, LSC, DomesticShelters, Zippopotam — receive your ZIP at search time only.
• Maps: Mapbox — used for resource maps. ZIP / region only, no persistent identifier.
• Email: our email infrastructure provider sends transactional and auth emails (no marketing).
• Push notifications: the operating system push service (Apple Push, FCM) for opt-in check-ins.

We do not sell, rent, or trade personal information. We do not allow third parties to use your data for their own advertising.

• To run the features you use (plan, journal, milestones, contacts, rooms, companion).
• To keep the service safe (detect abuse, enforce Terms).
• To send transactional and safety email (account, password, check-in).
• To compute anonymized aggregate impact totals (only published once a privacy floor is reached so no individual can be re-identified).

We keep your data only as long as your account is active. When you delete your account from Delete my account, we permanently erase profile, plan, journal, gratitude, milestones, contacts, places, calendar, service log, evidence, and credentials within 30 days. Anonymized aggregate counts that already rolled into public impact totals stay aggregated — they cannot be traced back to you.

Backups containing deleted records are rotated within 90 days.

Wherever you live, you may:

• Access your data — visit Account or email privacy@thehavenpath.com.
• Correct or update profile and content from inside the app.
• Delete your account and all associated data via Delete my account.
• Opt out of non-essential email and push.
• Lodge a complaint with your local data-protection authority.

California residents (CCPA/CPRA), EU/UK residents (GDPR), and Canadian residents (PIPEDA) have additional rights including the right to know what personal information we collect, the right to opt out of "sale or sharing" (we do not sell or share for cross-context advertising), and the right to non-discrimination for exercising rights.

HavenPath is intended for adults aged 18 and older. We do not knowingly collect data from children under 13 (COPPA) or under 18 generally. See our Children's Policy.

Data is encrypted in transit (TLS) and at rest. Sensitive content like evidence files and journal entries are encrypted with keys derived from your account. Row-level security limits every database query to your own rows. We follow least-privilege access for staff.

No system is perfectly secure. Use a strong, unique password and consider a private/incognito browser if your device may be monitored.

"Haven" is an AI chat companion powered by third-party language models. It is not a therapist, counselor, doctor, lawyer, or crisis worker. Replies may be inaccurate. Do not rely on Haven for medical, legal, psychiatric, or emergency decisions. If you mention self-harm, suicide, overdose, or active danger, Haven will surface 988, 911, and the National DV Hotline.

HavenPath is a navigation tool. It is not emergency services, legal advice, medical advice, or therapy. If someone is in immediate danger and it is safe to call, dial 911. For confidential 24/7 support, call 1-800-799-7233 (DV Hotline) or text START to 88788. For emotional crisis, call or text 988.

Quick Exit (top-right or Shift+Esc) hides this site fast, but it cannot fully erase browser history, screenshots, notifications, or spyware. If your device may be monitored, please use a friend's phone, a public library computer, or a private/incognito window. See our device safety check.

HavenPath is operated from the United States. If you access HavenPath from outside the U.S., your information is transferred to and processed in the U.S. We rely on Standard Contractual Clauses where required.

We will post material changes here and prompt you to re-accept on next visit.

Privacy: privacy@thehavenpath.com