Privacy Policy

Last Updated: December 7, 2024

At Slope, your privacy is fundamental to everything we build. This Privacy Policy explains how Hensonism LLC (doing business as "Slope," "we," "us," or "our") collects, uses, and protects your information when you use our service at https://slope.fit.

Our Privacy-First Commitment

Before diving into the details, here's what makes Slope different:

  • No passwords to steal: We use magic link authentication—no passwords stored, ever
  • No selling your data: We will never sell your personal information to third parties
  • AI without identity: Your weight and health data sent to AI models is completely anonymized—no names, emails, or locations attached
  • Your data, your control: Export or delete your data anytime

Information We Collect

Information You Provide

Account Information

  • Email address (for authentication and communications)
  • Name (optional)
  • Timezone, weight unit preference, and weekly cycle settings

Health & Wellness Data

  • Weight entries and notes
  • Weekly reflections
  • Personal context (your diet, exercise preferences, and lifestyle notes)
  • Health metrics: age, sex, height, activity level (optional, for calorie calculations)
  • Goals (target weight, target date)
  • Calorie tracking entries (optional feature)

Payment Information

  • Processed securely by Stripe (PCI-compliant)
  • We store only your Stripe customer ID and subscription status—we never see or store your credit card details

Information Collected Automatically

Usage Analytics

  • We use PostHog to understand how our service is used and improve it
  • Analytics data includes user actions, page views, and feature usage
  • PostHog identifies you by email address or user ID to track your journey
  • PostHog uses cookies for session tracking and analytics

Technical Information

  • Browser type and version
  • Device information
  • IP address (for security and rate limiting)
  • Session data

How We Use Your Information

We use your information to:

  1. Provide Our Service

    • Authenticate you with magic links (no passwords!)
    • Store and display your weight tracking data
    • Generate AI-powered weekly summaries and coaching insights
    • Calculate calorie recommendations based on your health metrics

  2. AI Coaching (Privacy-First)

    • Your weight data, reflections, and personal context are sent to OpenAI's GPT models for coaching insights
    • Critical: This data is sent without any personally identifiable information (PII)
    • OpenAI receives only: weights, dates, health metrics, your written reflections, and goals
    • OpenAI does NOT receive: your name, email, location, or any identifying information
    • AI-generated calorie estimates are approximate and may be inaccurate

  3. Communications

    • Send magic link authentication emails (via SendGrid)
    • Send optional journey summary emails (you can unsubscribe anytime)
    • Send transactional emails about your account or subscription
    • Respond to your support requests

  4. Improve Our Service

    • Analyze usage patterns through PostHog analytics
    • Fix bugs and improve features
    • Monitor service performance and reliability

  5. Process Payments

    • Handle subscriptions and billing through Stripe
    • Manage your Slope+ subscription status

Third-Party Services We Use

We work with trusted partners to provide our service. Here's exactly what each one sees:

OpenAI (AI Coaching)

  • What they receive: Anonymized weight data, health metrics, reflections, personal context, goals
  • What they DON'T receive: Your name, email, location, or any identifying information
  • Purpose: Generate weekly summaries, goals, and coaching insights
  • Their policy: OpenAI Privacy Policy

PostHog (Analytics)

  • What they receive: User actions, page views, feature usage, email address or user ID
  • Cookies: Yes, for session tracking and analytics
  • Purpose: Help us understand product usage and improve the experience
  • Their policy: PostHog Privacy Policy

Stripe (Payments)

  • What they receive: Email, payment information, billing details
  • Purpose: Process Slope+ subscriptions securely (PCI-compliant)
  • What we store: Only Stripe customer ID and subscription status
  • Their policy: Stripe Privacy Policy

SendGrid (Email Delivery)

  • What they receive: Your email address, name (if provided)
  • Purpose: Send magic links, journey summaries, and transactional emails
  • Unsubscribe: You can opt out of specific email types anytime
  • Their policy: SendGrid Privacy Policy

Helicone (LLM Monitoring - Optional)

  • What they receive: Anonymized AI request logs for monitoring
  • Purpose: Track AI usage, performance, and costs
  • Their policy: Helicone Privacy Policy

Cookies and Tracking

We use cookies for:

  • PostHog Analytics: Session tracking and usage analytics
  • Authentication: Secure session management
  • Preferences: Remember your settings

We do NOT use:

  • Advertising cookies or pixels
  • Third-party tracking for marketing purposes

You can disable cookies in your browser, but some features may not work properly.

Data Retention

While Your Account is Active

  • We retain your data as long as your account exists to provide our service

After Account Deletion

  • Personal data is deleted within 30 days of account deletion
  • Anonymized analytics data may be retained for service improvement
  • Financial records retained as required by law (typically 7 years for tax purposes)

Subscription Data

  • Stripe retains payment records per their data retention policy and legal requirements

Your Rights and Choices

You have complete control over your data:

Access Your Data

  • View all your weight entries, reflections, and settings in your account
  • Contact us for a complete data export

Export Your Data

  • Request a complete export of your account data anytime
  • Contact us to request a data export

Delete Your Data

  • Delete your account and all associated data from your account settings
  • Deletion is permanent and processed within 30 days

Email Preferences

  • Unsubscribe from journey summary emails using the link in any email
  • Magic link and transactional emails cannot be disabled (required for service operation)

Opt Out of Analytics

  • Contact us to opt out of PostHog analytics while still using the service

Data Security

We take security seriously:

  • HTTPS Encryption: All data transmitted over secure, encrypted connections
  • Server-Side API Keys: Sensitive keys never exposed to browsers or clients
  • No Password Storage: Magic link authentication eliminates password breach risks
  • Regular Updates: We keep our systems patched and up to date
  • Access Controls: Strict employee access policies (only as needed to provide support)

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security but work continuously to protect your data.

Children's Privacy

Slope is not intended for use by anyone under 18 years of age. We do not knowingly collect information from children. If you believe a child under 18 has provided us with personal information, please contact us immediately and we will delete it.

GDPR (European Users)

If you're in the European Economic Area, you have additional rights:

  • Right to access, correct, or delete your personal data
  • Right to data portability
  • Right to restrict or object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

CCPA (California Residents)

California residents have the right to:

  • Know what personal information we collect and how we use it
  • Request deletion of personal information
  • Opt out of the sale of personal information (note: we never sell your data)
  • Non-discrimination for exercising your rights

HIPAA

Slope is a wellness and coaching tool, not a medical device or covered health entity. The health information you provide is not protected health information (PHI) under HIPAA. Always consult with healthcare professionals for medical advice.

International Data Transfers

Slope is operated from the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our service providers operate. By using Slope, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of material changes by:

  • Posting the new policy on this page with an updated "Last Updated" date
  • Sending an email to your registered email address (for significant changes)

Your continued use of Slope after changes become effective means you accept the updated policy.

Contact Us

If you have questions, concerns, or requests about your privacy or this policy:

Hensonism LLC (DBA Slope)
Contact us

For data access, export, or deletion requests, please use our contact form with "Privacy Request" in the subject line. We'll respond within 30 days.

We built Slope with privacy at its core because your health journey is personal. If you have feedback on how we can improve our privacy practices, we'd love to hear from you.