§ THE FINE PRINT, IN PLAIN VOICE

Terms & Privacy.

LAST UPDATED MAY 2025 · COVERS TERMS, PRIVACY POLICY & DATA SECURITY

Contents

Acceptance of Terms
About the Service
Accounts & Access
Acceptable Use
Privacy Policy
Data Security
Your Data Rights (GDPR)
AI Features
Limitation of Liability
Changes to These Terms
Contact

§ 01 Acceptance of Terms

By creating an account on Your Pillars ("the Service", "we", "us"), you agree to be bound by these Terms & Conditions and our Privacy Policy. If you do not agree, do not use the Service.

These terms form a legally binding agreement between you and the operator of Your Pillars (an individual operator based in the UK/EU). By ticking the acceptance checkbox at registration you confirm you have read and understood these terms.

§ 02 About the Service

Your Pillars is a personal growth and goal-tracking application. It allows you to define life pillars, set goals, track habits, keep a journal, and optionally receive AI-generated insights on your entries.

The Service is provided as-is. Access is granted by invitation only and requires admin approval. We reserve the right to decline or revoke access at our discretion.

§ 03 Accounts & Access

You must provide a valid email address and verify it before access is granted.
You are responsible for keeping your password secure. Use a strong, unique password.
You may not share your account with others or create accounts on behalf of others.
You must be at least 16 years old to use the Service (18 in some jurisdictions).
We may suspend or delete accounts that violate these terms or are inactive for an extended period.

§ 04 Acceptable Use

You agree not to:

Use the Service for any unlawful purpose or in violation of any applicable law.
Attempt to gain unauthorised access to other users' data or the server.
Upload malicious content, spam, or content that infringes third-party rights.
Attempt to reverse-engineer, scrape, or disrupt the Service.

All data you enter is your own personal content. You retain ownership of your data.

§ 05 Privacy Policy

What data we collect

Account data: your name, email address, and hashed (encrypted) password.
Content data: journal entries, goals, pillars, to-dos, check-ins, and ethos statements that you create.
Usage data: server access logs (IP, timestamp, route) retained for up to 30 days for security purposes.
Session cookies: a session token stored in your browser to keep you signed in.

How we use your data

To provide the core functionality of the Service (storing and displaying your personal growth content).
If AI features are enabled for your account: your journal entries and goals are sent to the Anthropic Claude API to generate insights and writing prompts. Anthropic's data processing terms apply. We send only the content necessary — no personal identifiers are included in API payloads.
To send you transactional emails (email verification, password reset) via Gmail SMTP.

What we do NOT do

We do not sell, rent, or share your personal data with third parties for marketing.
We do not use your data for advertising profiling.
We do not use third-party analytics or tracking scripts on the Service.

Data retention

Your data is retained for as long as your account is active. If you request account deletion, all your personal data is permanently deleted from our database within 30 days.

§ 06 Data Security

We take your data seriously. Here is a plain-voice summary of the protections in place.

Passwords

Your password is never stored in plain text. When you set a password it is hashed using bcrypt (via Werkzeug's generate_password_hash), a deliberately slow algorithm that resists brute-force attacks. The salt is unique per user and embedded in the hash. Even if the database were compromised, recovering your original password from the stored hash would be computationally infeasible.

Transport encryption

All traffic between your browser and the server is encrypted using HTTPS / TLS (Let's Encrypt certificate, automatically renewed). Unencrypted HTTP requests are redirected to HTTPS.

Database

The SQLite database is stored on a private server. Direct database access is restricted to server-level access via SSH key authentication. The database file is not accessible via the web.

Data isolation

Every record — journal entries, goals, pillars, to-dos, check-ins — is linked to your user_id. Every query filters by your user ID. You cannot access another user's data, and no data from other users is ever returned to your session.

Session security

Sessions are managed server-side using a cryptographically random secret key. Session cookies are HTTP-only (not readable by JavaScript) and scoped to the domain.

Email tokens

Verification and password-reset tokens are generated using secrets.token_urlsafe(32) (256-bit entropy, URL-safe base64). Tokens are single-use and time-limited (email verification: 24 hours; password reset: 1 hour). Once used, a token is invalidated.

Server security

The application server runs on a private VPS with SSH key-based access, a firewall restricting inbound traffic to HTTPS (443) and SSH (22), and processes running as a non-root service user via systemd.

Limitations

While we take reasonable precautions, no system is 100% secure. This is a personal-use service and does not yet implement measures appropriate for high-risk sensitive data (e.g., health records, financial data). Please do not store critically sensitive information.

§ 07 Your Data Rights (GDPR)

If you are based in the UK or EU, you have the following rights under GDPR:

Access: You can request a copy of the personal data we hold about you.
Rectification: You can ask us to correct inaccurate data.
Erasure ("right to be forgotten"): You can request that we delete your account and all associated data.
Portability: You can request your data in a machine-readable format.
Objection: You can object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at the email address in the Contact section. We will respond within 30 days.

The legal basis for processing is contract performance (providing the Service) and legitimate interest (security logging).

§ 08 AI Features

Your Pillars optionally uses the Anthropic Claude API to generate journal insights and writing prompts. This feature is enabled or disabled per account by the administrator.

When AI features are active:

The text of your journal entries and your goals/pillars list are sent to the Anthropic API to generate a personalised response.
No name, email, or other directly identifying information is included in these API calls.
Anthropic's own privacy and data handling policies apply.
You can ask for AI features to be disabled at any time by contacting the administrator.

AI-generated insights are provided for personal reflection only and do not constitute professional advice (medical, psychological, financial, or otherwise).

§ 09 Limitation of Liability

The Service is provided "as is" without warranty of any kind. To the fullest extent permitted by law, we are not liable for any indirect, incidental, or consequential damages arising from your use of the Service, including but not limited to data loss.

We make reasonable efforts to maintain service availability but do not guarantee uninterrupted access.

§ 10 Changes to These Terms

We may update these Terms & Conditions from time to time. Material changes will be communicated by email or a notice on the Service. Continued use after changes take effect constitutes acceptance of the revised terms.

§ 11 Contact

For any questions about these terms, your data, or to exercise your data rights:

Email: russell.histon@gmail.com

Service: Your Pillars — yourpillars.com