← Back

Privacy Policy

Last updated: February 2026

1. Who We Are

Athro Goals is operated by Athro AI Ltd, registered in Wales, United Kingdom. We are the data controller for your personal data. Contact: support@athrogoals.co.uk

2. What Data We Collect

We collect the following data:

  • Account data: email address, name (optional), password (hashed, stored by Supabase)
  • Conversation data: messages you exchange with the AI about your goals
  • Pathway data: generated life-goal pathways, steps, and associated metadata
  • Payment data: processed by Stripe — we store your Stripe customer ID but never your card details
  • Usage data: number of pathways generated, subscription tier

3. How We Use Your Data

We use your data to:

  • Provide and improve the life-goal pathway service
  • Generate personalised pathways based on your conversations
  • Process payments and manage subscriptions
  • Send essential service communications (e.g., email confirmation)
  • Comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

4. AI Processing

Your conversation messages are sent to Anthropic's Claude AI to generate responses and pathways. Anthropic processes this data under their data processing agreement and does not use your data to train their models. See Anthropic's Privacy Policy for details.

5. Data Storage & Security

Your data is stored in a PostgreSQL database hosted by Supabase (EU/UK data centres). Authentication is handled by Supabase Auth. All data is encrypted in transit (TLS) and at rest. Payments are processed by Stripe, which is PCI-DSS compliant.

6. Third-Party Processors

  • Supabase: authentication and database hosting
  • Anthropic: AI processing for conversations and pathway generation
  • Stripe: payment processing
  • Vercel/Netlify: application hosting
  • Resend: transactional email delivery

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access: request a copy of your data (available via "Download my data" in Settings)
  • Rectification: correct inaccurate personal data
  • Erasure: delete your account and all associated data (available via "Delete my account" in Settings)
  • Portability: receive your data in a structured, machine-readable format (JSON export)
  • Object: object to processing of your data
  • Complaint: lodge a complaint with the ICO (Information Commissioner's Office)

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all data is permanently removed within 30 days. Backup copies may persist for up to 90 days before being purged.

9. Cookies

We use essential cookies only for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Children

The Service is intended for users aged 13 and over. Users under 13 must have parental or guardian consent. We do not knowingly collect data from children under 13 without such consent.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email.

12. Contact

For privacy-related queries, contact support@athrogoals.co.uk