Last updated: March 21, 2026
Palaestra is a judgment training system for founders. Your decision data is the core of the product — it’s how the system learns your patterns and helps you improve. This policy explains exactly what we collect, why, and what we will never do with it.
We do not sell your data to third parties. Ever.
We do not share your data with advertisers.
We do not use your data to train AI models.
Your reflections, decisions, and Ledger entries are encrypted before they leave your device. They are stored in encrypted form on our servers. We cannot read them. When you request an AI Judgment Report, your device decrypts the data temporarily and sends it to our analysis system, which processes it and discards the input. At no point is your unencrypted text stored on our servers or accessible to Palaestra staff.
We do not track your location, contacts, or any data outside the app.
| Data | What It Includes | Why |
|---|---|---|
| Trial decisions | Which option you chose, how long you hesitated, whether your choice matched the historical outcome | To compute your accuracy patterns across decision domains |
| Reflections | The text you write in response to decision scenarios | To identify recurring patterns in your decision psychology |
| Ledger entries | Real-life decisions you log, your conviction score, temperature, pressure tags, expected outcome, domain, and settlement outcome after 90 days | To assess your conviction calibration over time |
| Decision patterns | Statistical analysis of your accuracy across domains and cognitive traps | To generate your Judgment Report and adapt your training |
| Protocol answers | Your responses to guided Decision Protocol questions | To structure your thinking and create documented, pre-registered decisions |
| Account info | Display name, email address, identity selection | Authentication and personalization |
Sensitive text — your reflections, Ledger entries, and protocol answers — is encrypted using AES-256-GCM before it reaches our servers. Even in a worst-case database breach, an attacker would get ciphertext, not your actual decisions and fears.
Your data is stored on Supabase (US data center) with row-level security ensuring that only your authenticated session can access your records. Authentication tokens are stored in your device’s secure enclave, not in general app storage.
| Service | What It Receives | Purpose |
|---|---|---|
| Supabase | Account info, encrypted decisions and reflections | Authentication and data storage |
| RevenueCat | Anonymous purchase events | Subscription management |
| PostHog | Anonymous event counts only — no personal text, no reflections, no decisions | Usage analytics |
| Apple / Google | Standard app store analytics | App distribution |
No other third parties receive any data. We do not use advertising SDKs, tracking pixels, or data brokers.
Your data is retained as long as your account is active. If you cancel your premium subscription, your data remains — the free tier continues working with your accumulated history.
If you delete your account, all data is permanently and irreversibly removed from all systems within 30 days. This includes decisions, reflections, Ledger entries, protocol answers, and your profile. Deletion is real. We do not soft-delete or deactivate.
You can export all your data at any time. The “Download Your Data” option in the app produces a complete JSON file containing every decision, reflection, Ledger entry, and protocol answer associated with your account.
You can delete your account at any time from the Profile screen. Deletion is permanent and cannot be reversed.
If you are in the EU, you have additional rights under GDPR including the right to access, rectify, restrict processing, and lodge a complaint with your local data protection authority. If you are in California, you have rights under CCPA including the right to know, delete, and opt out of the sale of personal information (we never sell personal information).
We use PostHog in privacy-first mode. Autocapture is disabled. We receive only explicitly defined events: event type, timestamp, numeric identifiers, and categorical values (like decision domain or trap tag). We never receive the text of your reflections, decisions, or protocol answers through analytics.
Palaestra is designed for adult founders and business operators. We do not knowingly collect data from anyone under the age of 16. If you believe a child has provided us with data, contact us and we will delete it immediately.
If we make material changes, we will notify you through the app before the changes take effect. Continued use after notification constitutes acceptance.
Questions about your data? Email privacy@getpalaestra.com