On Deck Society - Privacy Policy

Plain English Summary

On Deck Society collects the data you give us and the data we need to run our products. For Love On Deck, that means your account info, your deck content, your filter settings, your messages, and any emails or phone numbers you add to your Invisibility List to pre-exclude specific people from ever seeing your deck. For Forge On Deck, that means your account info, your goals, your habits, your coaching conversations, and your scores. We also use third-party advertising pixels (Snap, Reddit, Pinterest) to measure ad performance and reach the right audiences. These pixels receive hashed identifiers and event data, never your plaintext email or any directly identifying information. We do not sell your data. We do not use your coaching conversations to train AI models. You can delete your account and all your data at any time.

1.1 Account Information

When you create an account, we collect your email address, password, and birthdate. If you sign up through a third-party authentication provider, we collect the information that provider shares with us (typically your name and email address).

1.2 Love On Deck Profile Data

If you use Love On Deck, you provide personal information when building your deck. This includes your photos, selfie verification image, biographical details, preferences, and responses to profile questions. You also set Silter (search filter) and Vilter (visibility filter) preferences, which may include demographic criteria.

We collect the data you choose to include in your deck. You control what you share. The more complete your deck, the better the platform works, but you are never required to disclose any specific piece of information beyond the minimum required fields.

1.3 Forge On Deck Profile and Coaching Data

If you use Forge On Deck, you provide personal information to your coaches. This includes your personal mission, vision, and values statements, your goals and quests, your habits and habit tracking data, your life area scores, your weekly review responses, and anything else you share during coaching conversations.

We store the full text of every coaching conversation you have with all five coaches, including your messages and the AI-generated responses. We also generate and store rolling summaries of your conversations to maintain coaching context across sessions.

1.4 Image Uploads

For Love On Deck, we store the photos you upload to your deck and your selfie verification image. For Forge On Deck, if you upload images to a coaching conversation (such as nutrition tracking screenshots), we process those images to extract relevant data. The extracted data is stored in our database.

1.5 Messages

If you use messaging features on Love On Deck, we store your messages to facilitate the service. Messages are visible only to the sender and recipient.

1.6 Purchase and Payment Data

When you make a purchase, payment processing is handled by our payment provider (currently PayPal). We do not store your full payment card details. We store transaction records including what you purchased, the amount, and the date.

1.7 Usage Data and Advertising Tracking

We collect standard usage data including which features you use, how often you visit, basic device and browser information, and pages viewed. We use Fathom Analytics for privacy-friendly website analytics. Fathom does not use cookies and does not collect personally identifiable information.

We also use three third-party advertising tracking pixels: Snap Pixel, Reddit Pixel, and Pinterest Tag. When you visit On Deck Society pages, each of these pixels may transmit the following information to its respective platform:

• The page you visited
• The action you took (page view, signup, purchase)
• A SHA-256 cryptographic hash of your email address (only when you are logged in)
• A SHA-256 cryptographic hash of your unique account ID (for cross-event correlation)
• Your IP address and basic browser/device information (collected by the platform receiving the data, not by us)

We do not transmit your plaintext email address, your name, your deck contents, your messages, your coaching conversations, or any other directly identifying information through these pixels. The hashes we transmit are one-way and cannot be reversed to reveal your underlying information.

These pixels enable us to measure the effectiveness of our paid advertising campaigns, attribute conversions to specific ad creative, and reach interested audiences with more relevant ads. Section 3 below provides more detail on each pixel.

1.8 Invisibility List Data (Love On Deck)

The Invisibility Vilter feature allows Lovers to pre-exclude specific people from ever seeing their deck. Excluded individuals become structurally invisible to the Lover across every surface of the platform. They receive no notification. They experience no error. From the excluding Lover's perspective, they do not exist. From their own perspective, nothing has changed.

Manual Entries. When you manually add an email address or phone number to your Invisibility List, we store that entry and associate it with your account. These entries are used solely to filter visibility on your behalf.

Bulk Contact Import. If you choose to use the optional bulk contact import feature, you may upload your device's contact list to pre-populate your Invisibility List. When you do, your contacts are cryptographically hashed (either on your device or immediately upon upload, depending on your platform) and the raw contact data is discarded. The hashes are retained against your account so that the Invisibility Vilter continues to work as your contacts change over time and as new people join On Deck Society.

Forward-Matching. When any new Citizen creates an On Deck Society account, we hash the email address and phone number they provide at signup and check whether those hashes match any hash on any existing Lover's Invisibility List. If a match is found, the new Citizen is automatically made invisible to the Lover or Lovers whose list contains the match. This happens silently and automatically. The new Citizen is never informed. The Lover is never notified that a match occurred.

What We Do Not Do With Invisibility List Data. We do not use exclusion entries to contact, identify, profile, or market to any person. We do not share exclusion entries with third parties. We do not use exclusion entries for analytics beyond aggregate statistics like average list size. We do not use exclusion entries to train AI models. We do not use exclusion entries for any purpose other than the visibility filter it exists to serve.

2.1 To Operate Our Products

Your primary data use is product functionality. For Love On Deck, we use your data to display your deck to eligible Lovers (those who pass your Vilter settings), apply your Silter and Vilter preferences, facilitate matches and messaging, and verify your identity through selfie verification.

For Forge On Deck, we use your data to provide coaching. When you open a conversation with a coach, Forge On Deck assembles a context package that includes the coach's system instructions, your personal mission/vision/values, your current dashboard data, recent summaries from the other four coaches, a rolling summary of your past conversations with this coach, and your most recent messages. This context package is sent to our AI provider's API to generate the coach's response.

2.2 Cross-Coach Context Sharing (Forge On Deck)

After each Forge On Deck coaching conversation, we generate a brief summary and make it available to the other four coaches. This means information you share with one coach may inform advice from another. This sharing happens only within your account. No other user can see your coaching data.

2.3 To Process Payments

We use your purchase data to manage your subscriptions (Love On Deck), your coaching credit balance (Forge On Deck), and to maintain transaction records for accounting and tax purposes.

2.4 To Communicate With You

We may send you service-related emails, including account verification, security alerts, billing confirmations, and product updates. You can manage notification preferences in your account settings. You may opt out of promotional emails by clicking “unsubscribe” in any promotional email.

2.5 To Improve Our Products

We use aggregated, anonymized usage data to understand how users interact with our products, identify popular features, diagnose technical issues, and plan improvements. We do not use individual coaching conversations or personal messages for product development unless they are fully anonymized.

2.6 To Filter Visibility (Invisibility List)

Invisibility List data (both manual entries and bulk import hashes) is used exclusively to filter who can see your deck and who cannot. When any Citizen loads your profile, our systems first check whether they appear on your Invisibility List. If they do, your deck is not shown to them and no record of the check is surfaced to either party. Invisibility List data is never used to make recommendations, inform algorithmic decisions, enrich your profile, or produce behavioral inferences.

2.7 To Measure and Optimize Advertising

We use the hashed identifiers and event data transmitted through our advertising pixels to measure how well our paid advertising campaigns are performing, which creative is working, and how to reach interested audiences more efficiently. The advertising platforms (Snap, Reddit, Pinterest) use this data to attribute conversions to ads, build audiences for retargeting, and optimize delivery of our future campaigns.

We do not use the hashed identifiers transmitted to advertising platforms to make decisions about you on our platform. They flow outbound for advertising attribution only.

3.1 Database and Authentication

Our data is stored using Supabase, a cloud database provider. Your data is stored in a Supabase-hosted PostgreSQL database with row-level security, meaning each user can only access their own data at the database level. Authentication is handled by Supabase Auth.

3.2 AI Provider (Forge On Deck Only)

Forge On Deck's coaching responses are generated by Anthropic's Claude API. When you send a message to a coach, your message and the assembled context are sent to Anthropic's servers for processing. Anthropic returns the generated response in real time. Under Anthropic's current API terms, customer inputs and outputs are not used to train Anthropic's models. Your coaching conversations will not be used to improve or train the AI. If we change AI providers in the future, this policy will be updated. The commitment that your data will not be used for AI training will remain.

3.3 Payment Processing

Payment processing is handled by PayPal. PayPal's privacy policy governs how they handle your payment information. We do not have access to your full payment card details.

3.4 Hosting

Our products are hosted on Vercel.

3.5 Email

Transactional emails are sent through Resend.

3.6 Analytics

We use Fathom Analytics for privacy-friendly website analytics. Fathom does not use cookies, does not track individual users, and does not collect personally identifiable information.

3.7 Snap Pixel (Advertising Attribution)

We use the Snap Pixel from Snap Inc. to measure the performance of our paid advertising on Snapchat and to enable retargeting of interested audiences. When you visit On Deck Society pages, the Snap Pixel transmits to Snap:

• A page view event with the URL you visited
• Conversion events when you sign up or make a purchase
• A SHA-256 hash of your email address when you are logged in
• A SHA-256 hash of your account ID for event correlation

Snap may set cookies on your device for the purpose of attributing conversions to ads and building retargeting audiences. We do not transmit your plaintext email, name, or any other directly identifying information through this pixel.

Snap's privacy practices are governed by Snap's Privacy Policy, available at https://snap.com/en-US/privacy/privacy-policy.

3.8 Reddit Pixel and Reddit Conversions API (Advertising Attribution)

We use the Reddit Pixel from Reddit, Inc. to measure the performance of our paid advertising on Reddit and to enable retargeting of interested audiences. We use a hybrid implementation: a browser-side pixel and a server-side Reddit Conversions API integration.

The browser-side Reddit Pixel transmits to Reddit:

• A page view event with the URL you visited
• A SHA-256 hash of your email address when you are logged in
• A SHA-256 hash of your account ID for event correlation

The server-side Conversions API transmits conversion events (such as signups) directly from our server to Reddit, with the same hashed identifiers. The server-side route does not rely on browser cookies.

Reddit may set cookies on your device through the browser-side pixel for the purpose of attributing conversions to ads and building retargeting audiences. We do not transmit your plaintext email, name, or any other directly identifying information through either route.

Reddit's privacy practices are governed by Reddit's Privacy Policy, available at https://www.reddit.com/policies/privacy-policy.

3.9 Pinterest Tag (Advertising Attribution)

We use the Pinterest Tag from Pinterest, Inc. to measure the performance of our paid advertising on Pinterest and to enable retargeting of interested audiences. When you visit On Deck Society pages, the Pinterest Tag transmits to Pinterest:

• A page view event with the URL you visited
• Conversion events when you sign up or make a purchase, including Forge On Deck checkout events
• A SHA-256 hash of your email address when you are logged in
• A SHA-256 hash of your account ID for event correlation

Pinterest may set cookies on your device for the purpose of attributing conversions to ads and building retargeting audiences. We do not transmit your plaintext email, name, or any other directly identifying information through this tag.

Pinterest's privacy practices are governed by Pinterest's Privacy Policy, available at https://policy.pinterest.com/en/privacy-policy.

• We do not sell your personal data to anyone, ever.
• We do not share your coaching conversations or Love On Deck messages with other users (beyond the intended recipient for messages).
• We do not use your coaching conversations to train AI models.
• We do not share your plaintext email address, name, deck contents, messages, coaching conversations, or any other directly identifying personal information with advertisers or advertising platforms. We do share SHA-256 hashed identifiers and event data with our advertising platforms (Snap, Reddit, Pinterest) for the limited purposes of conversion attribution and audience targeting, as described in Sections 1.7, 2.7, and 3.7 through 3.9.
• We do not use your data for purposes other than those described in this policy.
• We do not create behavioral inferences about you. We store and display only the data you explicitly provide.

We do not use your Invisibility List to contact, identify, profile, or market to anyone on it. We do not sell, rent, or disclose Invisibility List data to third parties, except where required by law or court order as described in Section 3.

Your account data, deck content, messages, coaching conversations, and Forge On Deck dashboard data are retained for as long as your account is active. If you delete your account, we will delete all your personal data within 30 days of your request. Some data may be retained in encrypted backups for up to 90 days after deletion, after which it will be permanently removed.

Transaction records may be retained for up to 7 years after your account deletion for tax and legal compliance purposes. These records contain purchase amounts and dates but do not contain coaching conversations, messages, or personal profile data.

When you delete your account, all associated data is cascade-deleted from the database, including your deck, Silter and Vilter settings, messages, matches, coaching conversations, goals, habits, scores, Invisibility List entries and hashes, and profile information.

Data transmitted to advertising platforms (Snap, Reddit, Pinterest) is retained by those platforms according to their own retention policies, not ours. We do not control how long Snap, Reddit, or Pinterest retain the hashed identifiers and event data we transmit. You can review their retention policies via the privacy policy links in Sections 3.7 through 3.9.

5.1 Invisibility List Retention

Invisibility List entries and hashes are retained for as long as your account is active so that the feature continues to work across time as your own contacts evolve and as new Citizens join the platform.

When you delete a specific entry from your Invisibility List, that entry is removed immediately. There is no soft-delete or recovery period for individual entries.

When you delete your entire Invisibility List, all entries and hashes are removed immediately.

When you delete your account, all Invisibility List entries and hashes are cascade-deleted along with the rest of your account data.

We do not retain raw contact data uploaded through the bulk contact import feature. Raw contact lists are hashed and discarded in a single operation. Only hashes are retained, and only against your account.

We use the following categories of cookies and tracking technologies:

Authentication and session cookies (first-party, required). We set first-party cookies on the OnDeckSociety.com domain for authentication and session management. These cookies are necessary for the site to function and cannot be disabled without breaking core functionality (login, account access, secure communication).

Analytics (Fathom). We use Fathom Analytics, which does not use cookies and does not track individual users.

Advertising attribution and retargeting cookies (third-party). Our advertising tracking pixels (Snap Pixel, Reddit Pixel, Pinterest Tag) may set third-party cookies on your device to enable conversion attribution and audience retargeting. These cookies are set by the advertising platforms (Snap, Reddit, Pinterest) directly through their pixel scripts that we embed on our pages. You can opt out of these cookies through:

• Your browser settings (block third-party cookies)
• Each platform's opt-out tools (Snap, Reddit, Pinterest each provide their own opt-out mechanisms in their privacy controls)
• Industry opt-out tools such as the Network Advertising Initiative opt-out at https://optout.networkadvertising.org/ and the Digital Advertising Alliance opt-out at https://optout.aboutads.info/

Important note. Blocking third-party advertising cookies will not prevent you from using On Deck Society. It will only affect the relevance of advertising you see on Snap, Reddit, and Pinterest. The site's core functionality (login, deck building, messaging, Forge On Deck coaching) is unaffected by advertising cookie choices.

We do not use cookies for any purpose other than what is described in this section. We do not use cookies to track you across other websites for our own purposes.

7.1 Access

You can access your personal data through your account dashboard at any time. Your deck, filter settings, messages, coaching history, goals, habits, scores, and Invisibility List entries are visible to you in the product.

7.2 Deletion

You can request deletion of your account and all associated data by contacting support@OnDeckSociety.com. We will process your request within 30 days.

7.3 Portability

You can request a copy of your personal data in a machine-readable format by emailing support@OnDeckSociety.com. We will provide your data within 30 days.

7.4 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request deletion of your personal information, to opt out of the sale of your personal information (we do not sell your data, so this right is already satisfied), to opt out of the sharing of your personal information for cross-context behavioral advertising (see Section 7.7 below), and to not be discriminated against for exercising your rights.

To exercise these rights, email support@OnDeckSociety.com with the subject line “CCPA Request.”

7.5 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Our legal basis for processing your data is contract performance (providing the service you purchased or signed up for) and legitimate interest (improving our products and measuring the effectiveness of our advertising).

To exercise these rights, email support@OnDeckSociety.com with the subject line “GDPR Request.”

7.6 Rights Regarding Invisibility List Data

The Invisibility List is a preference setting operated by a Lover to control their own visibility on the platform. It is not a data processing operation performed on excluded persons.

If you are a Lover, you have full access, correction, and deletion rights over your own Invisibility List. You can view, edit, or delete individual entries at any time through your account settings. You can delete your entire list at any time.

If you believe your email or phone number may appear on another Lover's Invisibility List, On Deck Society does not and cannot confirm or deny whether any entry matching your identifiers exists in our system. This is because Invisibility Lists are a private preference belonging to individual Lovers, and in the case of bulk contact imports we retain only one-way cryptographic hashes that cannot be reversed to identify specific individuals. This posture is consistent with industry standard practice for block lists, exclusion lists, and contact filtering systems across communication and social platforms, and it aligns with the legitimate interests and privacy expectations of the Lover who created the list.

You retain all other rights under applicable law, including the right to request information about our general data practices, the right to request that we not sell or share your personal information (we do not sell, and we describe our advertising-related sharing in Section 7.7), and the right to not be subjected to automated decision-making that produces legal effects (Invisibility Lists are user-controlled preferences, not automated decisions that produce legal effects).

7.7 Opting Out of Advertising Tracking

We use third-party advertising pixels (Snap, Reddit, Pinterest) that may constitute “sharing” of personal information for cross-context behavioral advertising under the California Privacy Rights Act and similar laws. We do not receive payment for this sharing. The data shared is limited to hashed identifiers and event data, never plaintext PII.

If you are a California resident and you wish to opt out of this sharing, you can:

• Email support@OnDeckSociety.com with the subject line “Do Not Sell or Share My Personal Information”
• Use the opt-out controls provided by each advertising platform (Snap, Reddit, Pinterest each maintain their own privacy controls)
• Block third-party cookies in your browser settings
• Use industry opt-out tools at https://optout.networkadvertising.org/ and https://optout.aboutads.info/

If you are an EU/EEA resident, advertising tracking is governed by your jurisdiction's consent management requirements. We are working on implementing a consent management mechanism for EU users. Until that is in place, you can opt out using the methods described above.

We are evaluating implementation of a “Do Not Sell or Share My Personal Information” link directly on our site to make this easier. That link will be added in a future update.

We implement reasonable security measures to protect your data, including row-level security at the database level (each user can only access their own data), encrypted data transmission (HTTPS/TLS), secure authentication through Supabase Auth, access controls limiting which team members can access production data, and server-side storage of all API keys (never exposed to the client).

Invisibility List data is protected by the same row-level security controls as the rest of your account data. Only you can view your own Invisibility List. No other Lover, Citizen, or third party can view it. Cryptographic hashes used for bulk contact import matching are generated using industry-standard one-way hash functions that cannot be reversed to recover the original contact information.

Hashed identifiers transmitted through advertising pixels are SHA-256 hashes generated client-side or in our server-side code before transmission. The advertising platforms receive only the hash, not the underlying email or account ID. We do not store the hashes ourselves; they are generated at transmission time and not retained on our servers.

No system is perfectly secure. We cannot guarantee absolute security, but we take reasonable precautions to protect your information.

On Deck Society products are not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a user under 18, we will delete that data promptly.

We may update this privacy policy at any time. If we make material changes, we will notify you by email or through the product interface at least 30 days before the changes take effect. Your continued use of our products after the effective date constitutes acceptance of the updated policy.

For privacy questions, data requests, or concerns:

On Deck Society, PBC | OnDeckSociety.com