This Privacy Policy describes how Istin Journey Companions LLC ("Estin," "we," "us," or "our") collects, uses, and protects your personal information when you use Shapenly (the "Service"). By using Shapenly, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information: When you create an account, we collect your name, email address, and role (trainee or supervisor). You may also provide your BACB ID, state, certification track, fieldwork type, and fieldwork start date.
Fieldwork and Academic Data: This includes fieldwork hours, supervision logs, task list progress, study performance, mock exam scores, AI scenario transcripts, and monthly verification records that you enter into the platform.
Payment Information: Payments are processed through Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles all payment data in compliance with PCI DSS standards. We store your Stripe customer ID and subscription status.
Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and session duration. This helps us improve the platform.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Track your certification progress and generate compliance reports
- Power AI features (scenario practice, adaptive learning, mock exam generation)
- Process payments and manage subscriptions
- Connect you with your supervisor (when you share your invite code)
- Send transactional emails (account confirmation, password resets)
- Respond to support requests
3. AI-Powered Features
Shapenly uses AI (powered by Anthropic's Claude) for scenario practice, study question generation, and mock exams. When you use these features, your prompts and scenario responses are sent to Anthropic's API for processing. Anthropic does not use your data to train their models. AI-generated content is for educational practice only and does not constitute clinical, ethical, or professional advice.
4. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
- With your supervisor: If you generate an invite code and a supervisor connects to your account, they can view your hours, task list progress, supervision agendas, and scenario completion data. Scenario transcripts require your explicit approval before a supervisor can access them.
- Service providers: We use Supabase (database hosting), Stripe (payments), Vercel (hosting), and Anthropic (AI processing). These providers access data only as needed to perform their services.
- Legal requirements: We may disclose information if required by law, court order, or government regulation.
5. Data Storage and Security
Your data is stored on Supabase infrastructure with PostgreSQL databases and row-level security policies. All data transmission uses HTTPS/TLS encryption. We implement access controls to limit who can access your information within our systems.
6. Data Retention
We retain your account and fieldwork data for as long as your account is active. Fieldwork records are retained for a minimum of 7 years in alignment with BACB documentation requirements. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law or BACB compliance standards.
7. Your Rights
You have the right to:
- Access and download your personal data
- Correct inaccurate information in your profile
- Delete your account and associated data (subject to retention requirements)
- Withdraw consent for optional data processing
To exercise any of these rights, contact us at the email below.
8. Cookies
We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. Your authentication state is managed through Supabase's secure cookie-based sessions.
9. Children's Privacy
Shapenly is designed for adult professionals pursuing BACB certification. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, contact us at:
Istin Journey Companions LLC
Email: support@estin.io