Privacy Policy

ZURGEON Privacy Policy

Effective date: August 27, 2025
ZURGEON (“we,” “us,” “our”) builds practical apps that help you plan your time and habits, including SobrietyGPT and AllSched (collectively, the “Services”). We take privacy seriously and design our products to collect only what’s needed to deliver value. We do not sell your personal information.

If you have questions, contact: privacy@zurgeon.com

1) Scope & Who controls your data

This policy applies to zurgeon.com, app subdomains, our mobile apps, and related services.
For all Services, ZURGEON is the data controller.

2) Personal data we collect

We collect the minimum necessary to operate the Services.

A. Data you provide

  • Account & identity: name, email, password (hashed), profile photo (optional).
  • Payment: plan, subscription status, and limited payment metadata. Card data is handled by our payment processor (e.g., Stripe)—we do not store full card numbers.
  • Support & feedback: messages, ratings, bug reports.
  • Marketing preferences: opt-ins/outs for emails or notifications.

B. App content (you choose what to store)

  • SobrietyGPT: sober day counts, milestones, money-saved estimates, health impact estimates, journal entries/reflections (optional), check-ins, goals, reminders. These may reveal sensitive information; see §10.
  • AllSched: proposed time slots, event titles/descriptions/locations, invitee names/emails/phone numbers (if you enter them), and calendar availability/metadata you connect (see §2C).

C. Data from integrations/third parties (only with your permission)

  • Calendars & identity providers: If you connect Google/Microsoft/Apple calendars or sign in with an identity provider, we receive tokens and data necessary to show availability, create events, or keep you signed in.
  • Communication providers: If you use email/SMS invites or reminders, we transmit necessary contact and message data via our providers.
  • Analytics (first-party/limited): Page/app usage, feature engagement, and diagnostics to improve stability and usability. We do not use cross-site ad trackers.

D. Automatically collected

  • Device & log data: IP address, device type, OS, app version, timestamps, crash/diagnostic logs.
  • Cookies & similar tech: Essential cookies for login/session; optional analytics cookies if you consent (see §9).

3) How we use your data

  • Provide the Services: account creation, authentication, core features (journals, counters, scheduling, invites), notifications.
  • Integrations you enable: calendar reads/writes, availability matching, identity federation.
  • Security & fraud prevention: abuse detection, threat mitigation, auditing.
  • Improve and support: troubleshooting, analytics, research and development (aggregated/anonymized where possible).
  • Legal compliance: tax, accounting, responding to lawful requests.
  • Marketing (optional): product updates and tips. You can unsubscribe anytime.

4) Legal bases (EEA/UK only)

We process data under: Contract (to provide the Services), Legitimate Interests (security, improvement), Consent (optional analytics/marketing), and Legal Obligation (compliance).

5) Sharing & disclosure

We share data only with:

  • Service providers / processors: hosting, storage, analytics, email/SMS delivery, error logging, payments, authentication, AI model provider(s) for features that generate or analyze text you request.
  • Integrations you authorize: calendar providers and identity providers.
  • Legal & safety: to comply with laws or protect rights, safety, and integrity.
  • Business transfers: if we undergo a merger/acquisition, your data may transfer with notice.

We do not sell or “share” your personal information for cross-context behavioral advertising.

6) Data retention

  • Account data: kept while your account is active.
  • App content: kept until you delete it or your account, subject to backups/transaction logs for a limited period.
  • Transactional & legal records: retained as required by law (e.g., tax/accounting).
    We aim to minimize retention and delete or anonymize data when no longer needed.

7) Your rights & choices

  • Access, correct, delete: You can view, edit, export, or delete your data (including app content) in-app or by contacting us.
  • Consent withdrawal: You can disable integrations, decline optional analytics, and unsubscribe from marketing.
  • EEA/UK: You may request restriction/objection and lodge a complaint with your local authority.
  • US state privacy laws (e.g., CA/CO/CT/VA/UT): You may request access, deletion, correction, and opt-out of sale/sharing (we don’t sell/share). Appeal options provided if we deny a request.
    Submit requests at privacy@zurgeon.com. We will verify identity before fulfilling requests.

8) Security

We use industry-standard safeguards: encryption in transit (TLS) and at rest (where supported), least-privilege access, audit logging, and routine backups. No method is 100% secure; we work to continuously improve. If we detect a breach that affects you, we will notify you as required by law.

9) Cookies & tracking

  • Essential cookies: required for login/session and basic functionality.
  • Analytics cookies (optional): help us understand usage to improve the product.
  • No third-party ads.
    You can manage cookies in your browser and via our banner/preferences where offered.

10) Sensitive information (Sobriety & health-related data)

SobrietyGPT may process information that can be considered sensitive. We use it only to provide the features you request (e.g., counters, journals, reminders).
We are not a healthcare provider and ZURGEON is not a HIPAA covered entity. Do not submit medical records or emergency information. For emergencies, call local services.

11) Children’s privacy

Our Services are not directed to children under 13 (or older, where local law requires). We do not knowingly collect personal data from children. If you believe a child provided data, contact privacy@zurgeon.com to remove it.

12) International data transfers

We may process and store data in countries other than yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for transfers.

13) Do Not Track & automated decisions

Browsers’ “DNT” signals aren’t consistently honored by industry standards; we currently don’t respond to DNT. We do not make automated decisions that produce legal or similarly significant effects without human involvement.

14) Third-party links

Our sites/apps may link to third-party sites. Their privacy practices are governed by their own policies.

15) Changes to this policy

We may update this policy. We’ll post changes with a new effective date and, when material, provide prominent notice.

16) Contact

ZURGEON
Email: privacy@zurgeon.com

Appendix A — SobrietyGPT (data categories & purposes)

Data we process (you control what you store):

  • Sober day counts & milestones
  • Money-saved and health-impact estimates
  • Daily check-ins, prompts, goals, reminders
  • Optional journal entries/reflections
  • Basic account/profile and subscription status
  • Device, log, and diagnostic data

Purposes: core features, reminders, syncing across devices, security, troubleshooting, analytics (aggregated/limited), compliance.

Sharing: service providers (hosting, storage, messaging, analytics, error logging, payments), optional AI model provider(s) to process prompts you request. No selling or cross-context ad sharing.

Retention: until you delete entries or your account, plus limited backup/log windows.

Controls: in-app deletion of journals/entries; export on request; disable notifications; opt-out of analytics where available.

Appendix B — AllSched (data categories & purposes)

Data we process (as provided/authorized by you):

  • Event details: title, description, location
  • Proposed time slots and availability windows
  • Invitee info (names, emails, phone numbers) you enter
  • Connected calendar availability and event metadata (read/write as authorized)
  • Account/profile and subscription status
  • Device, log, and diagnostic data

Purposes: time-slot matching, invitations and reminders (email/SMS), calendar sync, security, troubleshooting, analytics (aggregated/limited), compliance.

Sharing: calendar providers you connect (e.g., Google/Microsoft/Apple), email/SMS providers, hosting/storage/analytics/error logging/payments. No selling or cross-context ad sharing.

Retention: event/invite data retained for as long as needed to operate the feature and meet legal obligations. You can remove connected calendars and delete events/invites where applicable.

Controls: disconnect integrations; manage permissions with your calendar provider; delete events/invites; opt-out of reminders.

How to exercise your rights or delete your account

Email privacy@zurgeon.com from your signed-in address with the subject “Privacy Request.” Tell us if you want to access, export, correct, or delete your data (and which product). We’ll verify your identity and respond within the timelines required by law.

US state-specific disclosures (CPRA/CPA and similar)

Categories collected (past 12 months): identifiers (name, email), customer records (subscription), internet activity (usage logs), geolocation (approximate IP-based region), in-app content (as you enter), and in AllSched, professional/contact info for invitees (as you provide).
Sensitive data: sobriety-related content (SobrietyGPT) is used only to provide the requested features.
Sale/Share: We do not sell or share your data for cross-context behavioral advertising.
You may designate an authorized agent to make requests. We will not discriminate for exercising rights.