Stint Privacy Policy
Last Updated: June 26, 2026
This Privacy Policy explains how Stint LLC, a Virginia limited liability company ("Stint," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information when you use the Stint mobile application, our website at stint.tech, and any related services (collectively, the "Service"). This Privacy Policy is incorporated into, and forms part of, our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.
By creating an account or using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree with it, do not use the Service.
Privacy at a glance
This summary is for convenience only and does not replace the full policy below.
| Topic | The short version |
|---|---|
| What Stint is | An AI coach that turns your goals into daily tasks and chats with you about your progress. It learns about you over time to personalize what it suggests. |
| What we collect | Your account info (from Apple, Google, or an email code), the goals and messages you share, voice you dictate (we keep the text, not the audio), a personalized "memory" profile, your tasks and progress, subscription status, an optional creator/referral code, and usage/diagnostic data. |
| Where it goes | Your content is stored in our cloud database and sent to third-party AI model providers (currently OpenAI, Google, and Anthropic) to generate responses. Brain-dump voice audio is sent transiently to a speech-to-text provider (currently OpenAI) for transcription and is not retained. Chat dictation audio is transcribed by your device's platform speech-recognition service (Apple). We use third-party providers for product analytics and crash reporting. |
| Payments | Handled by Apple. We never receive or store your card number. |
| Selling data | We do not sell your personal information, and we do not use it for cross-context behavioral advertising targeting. We are not currently sharing any data with advertising partners. If and when we enable advertising measurement, we may share a limited set of subscription-conversion events with Meta — for adult users only (18+), under Limited Data Use, never for users under 18. See Section 6.6, and you can opt out anytime via Section 11. |
| Your controls | View what Stint remembers and wipe it; delete your account (and your data) from in-app Settings; email us to exercise privacy rights or opt out of analytics or AI-improvement use where offered. |
| Sensitive info | Please do not put Social Security numbers, payment cards, health records, passwords, or other secrets into the Service. |
| Contact | legal@stint.tech (privacy & legal) · hello@stint.tech (help) |
1. Who This Policy Covers and Your Acknowledgement
This Privacy Policy applies to all users of the Service. The Service is an individual personal-use productivity tool; it is not designed for, and you may not use it for, Enterprise Use, regulated enterprise deployment, clinical purposes, or other organizational high-stakes purposes (see the Terms of Service, Section 1.1, for the full definition of permitted individual personal use).
2. Eligibility and Children
The Service is intended for individuals at least thirteen (13) years of age. We do not knowingly collect personal information from anyone under 13. If we learn that we have collected personal information from a child under 13, we will delete it as soon as practicable. A parent or guardian who believes their child under 13 has provided personal information should contact us at legal@stint.tech.
COPPA (Children Under 13). In compliance with the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. § 6501 et seq., we do not knowingly collect, use, disclose, or retain personal information from children under 13. The Service is not directed to children under 13. If we discover that a child under 13 has provided personal information, we will delete that information and terminate the associated account promptly.
EU/UK Users Ages 13–15. If you are located in the European Economic Area or the United Kingdom and are between the ages of 13 and 15, the processing of your personal information requires the consent of your parent or legal guardian under Article 8 of the General Data Protection Regulation ("GDPR") or the equivalent provision of the UK GDPR. By using the Service, you represent that a parent or legal guardian has reviewed and provided such consent. Parents or guardians may contact us at legal@stint.tech to request deletion of their child's account and associated data.
At account setup we present a neutral age screen that asks for your age solely to verify that you meet our minimum-age requirement. We do not ask for, or store, your full date of birth. We keep a server-side record of (i) confirmation that you met the age requirement, (ii) whether you confirmed you are 18 or older, and (iii) the date on which that confirmation occurred. The age you enter is also stored locally on your device and used as a personalization input — for example, to help tailor your plan to your life stage. Collecting a single age value rather than a full date of birth is a deliberate part of Stint's data-minimization approach (see Section 12.4). If your response indicates that you do not meet the minimum age, we block account creation and access — no account is created and no personal information is collected from a self-identified under-age visitor. The Service is rated and marketed for an age-appropriate audience and is not directed to children under 13.
3. Information We Collect
3.1 Information You Provide Directly
- Account Information. When you create an account using Sign in with Apple, Sign in with Google, or an email one-time passcode (OTP), we collect identifiers such as your email address, your name (where the authentication provider supplies it), and a unique account identifier. If you use Sign in with Apple's private email relay, we receive a relayed Apple email address rather than your personal email.
- Age Confirmation. At account setup we ask your age to confirm you meet our minimum age. We do not collect your full date of birth. We keep a server-side confirmation that you met the requirement (and whether you are 18 or older) and the date you confirmed it; the age you enter is also stored on your device and used to personalize your plan (see Section 2).
- Onboarding Inputs. Information you provide about your goals, ambitions, blockers, current situation, timelines, and self-described traits (collectively, your "Goal Inputs"), including any free-form "brain dump" you record or type during onboarding.
- Chat and Coaching Messages. The text of messages you exchange with the Service — your prompts and the AI's responses — and associated metadata (timestamps, the conversation surface, the model used, and token counts).
- Voice Dictation and Transcripts. The Service uses voice input on two surfaces, each transcribed differently:
- Brain-dump dictation (the foundational voice input during onboarding and goal setup): your device's microphone records audio that is transmitted through our backend to a third-party speech-to-text provider (currently OpenAI) for high-accuracy transcription. The audio is not stored by us or retained by the provider under our agreement.
- In-app chat dictation ("Hold to Talk" in the coach chat): audio is transcribed by your device's platform speech-recognition service, server-side by default (with on-device fallback when offline), meaning your audio is sent to the platform provider (Apple) for transcription under that provider's terms.
- In both cases, we store only the resulting transcript text; we do not store the audio recording itself on our servers. See Section 5.
- Personalization and Memory Data. Facts and inferences the Service maintains about you over time (your identity, ambitions, working style, constraints, resources, recurring blockers, recent decisions, and the people and projects you discuss), kept as a structured "memory" profile and used to tailor AI Output.
- Tasks, Plans, Progress, and Logs. Tasks and milestones generated for you, your completion status, streaks, scheduling, and feedback you give on tasks.
- Subscription and Purchase Data. Whether you have an active subscription, your plan tier, and your payment/trial status. We do NOT receive or store your full payment-card number, bank-account number, or similar payment credentials; those are handled by Apple and StoreKit.
- Referral and Creator Codes. If you enter a creator or referral code during onboarding (an optional, skippable step), we store that code on your account so the creator who referred you receives attribution. If you later subscribe, we record the transaction so the referring creator can be credited a commission. The creator receives transaction metadata only — the fact that a subscription attributed to their code occurred, the product purchased, and the resulting commission amounts and timestamps — and does not receive your name, email address, account identifier, messages, goals, memory, or any other content. See Sections 4 and 6.1.
- Support and Feedback. Information you send us when you contact support, make a privacy request, or share suggestions, ideas, or feedback.
3.2 Information Collected Automatically
- Device and Technical Data. Device model, operating-system version, app version, language, time zone, coarse location inferred from IP address (country/region only — not precise GPS location), and diagnostic events.
- Usage and Interaction Data. Events tracked by our product-analytics provider — for example, which screens you view, which actions you take, when you complete onboarding steps, submit prompts, start or complete tasks, and change plans. In our analytics we identify you by a random account identifier (UUID), and we also attach your email address and display name to your analytics profile so we can recognize your account and provide support. We do not link this analytics profile to any advertising identifier, and we do not sell it.
- Session Replay. We use session replay to record your on-device interactions for product improvement, debugging, support, and security. These recordings capture what is shown on your screen during a session — including screens, taps, and scrolls, and the on-screen content you view or enter, such as the messages you type, the AI's responses, and your memory, goals, tasks, and brain-dump text, together with on-screen images and identifiers such as your email and display name. Recordings are associated with your analytics profile, which is identified by your random account identifier (UUID) and also carries your email address and display name (as described above). We do not capture your device passcode, payment-card details, or other inputs that the operating system shields from screen capture. You can turn off analytics and session recording at any time in the app under Settings → Privacy (or by emailing us; see Section 11). We do not sell your data, and we use these recordings only for the purposes described in this Policy.
- Error and Performance Data. When an error occurs, our error-monitoring provider collects diagnostic information such as stack traces, breadcrumbs (recent interaction events), and failed-request metadata. We configure it to attach only your random account identifier (UUID); we disable the collection of your email and IP address and disable screenshot and view-hierarchy capture, and we strip authorization and cookie headers from captured requests.
- Subscription Telemetry. Our subscription-management provider and Apple StoreKit emit events describing paywall presentations, plan selections, purchase attempts, trial state, and subscription status. These events include purchase identifiers but not payment credentials.
- Authentication Provider Data. When you sign in via Apple or Google, we receive the identifiers and basic profile fields those providers return (e.g., a stable user ID, an email or relay email, and a display name on first sign-in).
- Push Notification Tokens. If you grant notification permission, the operating system provides a push-notification token, which we store to deliver notifications (e.g., reminders, streak prompts) to your device.
3.3 Information We Do NOT Collect
We do not embed third-party advertising or marketing SDKs or pixels inside the iOS application, and we do not collect or use the App Tracking Transparency (ATT) advertising identifier (IDFA). We are not currently transmitting any data to advertising partners. If and when we enable advertising measurement (as described in Section 6.6), we may transmit a limited set of subscription-conversion events to Meta from our server (under Limited Data Use), for adult users only — keyed to your random account identifier, not a device advertising ID, and never applied to users under 18. We do not collect precise geolocation or biometric identifiers (such as voiceprints or facial scans used for identification). While we process voice audio transiently for transcription (brain-dump audio via a third-party speech-to-text provider; chat dictation audio via your device's platform speech-recognition service), we do not perform acoustic modeling, voice authentication, emotion analysis, or create or store biometric voiceprints. If we add any such feature in the future, we will update this Privacy Policy and obtain any explicit opt-in consent required by applicable biometric-privacy laws (such as the Illinois Biometric Information Privacy Act, "BIPA").
3.4 Creator Program Participants
If you apply to or participate in the Stint Creator Program (separate from ordinary app use), we collect the information needed to administer that program and pay you: your contact and identity details, your social or content-platform handles, the tax information required to issue payments and required filings (such as a Form W-9 or W-8), the payout details you provide, your unique creator code(s), and the performance and attribution data associated with your code (referrals, conversions, and commissions). We process this information to operate the Program, calculate and remit commissions, meet tax and recordkeeping obligations, and prevent fraud and abuse, as further described in the Stint Creator Program Terms. This data is used for the Program and is not combined with another user's personal content.
4. How We Use Information
We use the information described above to:
(a) provide, operate, personalize, and maintain the Service, including generating tasks, plans, summaries, and chat responses ("AI Output"); (b) build and update your personalized memory profile so the Service can tailor future AI Output to your goals, context, and preferences; (c) authenticate you, manage your account, and provide customer support; (d) process subscriptions, free trials, billing, renewals, cancellations, and refunds (in conjunction with Apple and our subscription-management provider), and, where you entered a creator or referral code, attribute the subscription to the referring creator and calculate their commission; (e) send you transactional communications (account, billing, security, and service messages) and, where permitted, product updates; (f) deliver push notifications you have authorized; (g) monitor, analyze, secure, debug, and improve the Service and develop new features (including via our product-analytics and error-monitoring providers); (h) improve the quality, safety, and performance of the Service and the AI features within it, including our prompts and configurations, as further described in Section 5; (i) detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms; (j) comply with legal obligations and enforce our agreements; and (k) for any other purpose disclosed to you at the point of collection or to which you consent.
5. AI Processing, Providers, Memory, and Improvement
How AI works in Stint. The Service is built on generative AI. When you interact with it, your prompts, voice transcripts, relevant memory excerpts, Goal Inputs, active goal and tasks, and related conversation context are transmitted to third-party AI model providers — currently OpenAI, Google, and Anthropic — for inference (generating a response). We may select among these providers under their applicable API and business terms and may add, change, or remove providers at any time. An updated list of our material sub-processors is also available on request by emailing legal@stint.tech.
Speech. The Service uses two transcription paths depending on the surface:
- Brain-dump voice input (onboarding and goal setup): audio is transmitted through our backend to a third-party speech-to-text provider (currently OpenAI) for higher-accuracy transcription. This is the foundational input that seeds your plan and memory, so accuracy is prioritized. The audio is sent transiently and is not retained by us or by the provider under our agreement.
- In-app chat dictation: audio is transcribed by your device's platform speech-recognition service, server-side by default (with on-device fallback when offline), meaning audio is sent to the platform provider (Apple) under that provider's terms.
In both cases, we receive and store only the transcript text, not the audio recording.
Memory. The Service builds and stores a personalized memory profile from your interactions to tailor future AI Output. In the app you can view what Stint remembers about you and wipe your entire memory (Settings → "What Stint remembers"). Wiping memory is prospective: AI Output already generated using earlier memory states cannot be retroactively unwound. Deleting your account deletes your memory (see Section 8).
Improvement and training. We may use your content to operate, evaluate, debug, secure, and improve the Service and its AI features (for example, to refine our prompts and configurations and to diagnose poor responses). Under our Terms of Service you also grant us a broad license that permits, among other things, the future development and training of AI models and the creation of de-identified and aggregated datasets. Where we offer an opt-out from use of your content for AI model training or improvement, you may exercise it through any in-app control we provide or by emailing legal@stint.tech, which will prospectively stop such use; opting out does not undo processing that already occurred.
Human and automated review. You should assume that content you submit may be reviewed — by automated systems or, where necessary, by authorized personnel — for quality, safety, abuse detection, debugging, security, or improvement purposes.
Provider training. We access AI models through enterprise API products — not consumer-facing interfaces — whose standard terms are designed to prevent providers from using API customers' content to train their general-purpose foundation models. We make commercially reasonable efforts to use these APIs in that intended manner. We do not control these providers and cannot guarantee their practices. Once your content is transmitted to a provider, it is also governed by that provider's terms and privacy practices.
Please do not submit information you consider confidential, secret, privileged, or sensitive to the Service. See Section 7.5 of the Terms of Service.
6. How We Share Information
We do not sell your personal information for money. We do not "share" your information for cross-context behavioral advertising targeting. We are not currently sharing your information with any advertising partner. If we enable advertising measurement in the future (described in Section 6.6), the only such sharing will be — for adult users only — a limited set of subscription-conversion events transmitted to Meta to measure the effectiveness of our own advertising. We disclose information only as described below, in each case under written agreements where required and only as needed.
6.1 Service Providers and Processors
| Category of provider | Role | What it processes |
|---|---|---|
| Enterprise AI model providers — OpenAI (incl. voice transcription); Amazon Web Services (Amazon Bedrock — Anthropic Claude models); Google Cloud (Vertex AI — Gemini, currently inactive) | Generate AI Output (inference) | Prompts, conversation context, memory excerpts, Goal Inputs sent for inference |
| Speech-to-text provider (currently OpenAI) | Transcribe brain-dump voice input | Brain-dump voice audio sent transiently for transcription (audio not retained by us or the provider under our agreement) |
| Cloud infrastructure & database provider | Database, authentication, edge functions, storage | Your account, messages, memory, goals, tasks, subscription status |
| Product-analytics & session-replay provider | Product analytics and session replay | Usage events and session recordings of your on-screen interactions and content, associated with your account UUID together with your email and display name |
| Error- & performance-monitoring provider | Crash and error monitoring | Stack traces, breadcrumbs, failed-request metadata, account UUID |
| Subscription-management provider | Paywall presentation and subscription-state telemetry | Purchase and subscription events (no payment credentials) |
| Creator Program participants (if you used a creator/referral code) | Referral attribution and commission payout | Transaction metadata for an attributed subscription (the fact of the sale, product, and commission amounts and timestamps) — not your name, email, account identifier, or content |
| Apple Inc. | App Store, Sign in with Apple, the platform speech-recognition service (chat dictation), push notifications, StoreKit/in-app purchases | Authentication identifiers, chat dictation audio for transcription, purchase processing |
| Google LLC (if you sign in with Google) | Authentication provider | Sign-in identifiers and basic profile |
A current list of our material sub-processors — including the specific entities within each category above — is available on request by emailing legal@stint.tech, and is provided to business customers under a data processing addendum where applicable. These providers process your information under their own terms of service, privacy practices, and (where applicable) data-processing terms. We seek to use established providers whose terms are designed to protect your information in a manner consistent with this Privacy Policy and applicable law, and to limit their use of your content to providing their services rather than their own independent purposes. We do not control these providers and are not responsible for their practices; once your data is transmitted to a provider, it is also governed by that provider's terms and privacy practices.
6.2 Legal, Safety, and Compliance
We may disclose information to law-enforcement agencies, regulators, courts, or other parties: (a) to comply with applicable law, legal process, or governmental requests; (b) to enforce our Terms; (c) to protect the rights, property, safety, or security of Stint, our users, or others; or (d) to investigate, prevent, or address fraud, security, or technical issues.
6.3 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of the Service to another provider, your information may be transferred as part of that transaction, subject to applicable law. If a successor or acquiring entity intends to materially change how your personal information is used, shared, or processed in a way that conflicts with this Privacy Policy, it will provide notice and obtain any consent, authorization, or opt-out required by applicable law before those new practices take effect. You may delete your account and data before or after any such transaction, subject to the retention exceptions in Section 8.
6.4 With Your Consent or at Your Direction
We share information for other purposes when you direct us to or otherwise consent.
6.5 Aggregated or De-Identified Data
We may create, use, and share aggregated, anonymized, or de-identified data that does not reasonably identify you, for any lawful purpose.
6.6 Advertising Measurement (Adults Only) — Planned, Not Currently Active
We are not currently performing advertising measurement, and no advertising-measurement data is being shared today. This Section describes a feature we may enable in the future; when we do, we will make sure it operates exactly as described here, and we will update this Section to confirm it is active.
If we enable it, to measure the effectiveness of our own advertising we would transmit a limited set of subscription-conversion events — for example, that a free trial started or a subscription was purchased, together with the product and a hashed account identifier — to Meta Platforms, Inc. ("Meta") through its server-to-server Conversions API. We would do this only for users who have confirmed they are 18 or older at our age screen; we would never transmit the data of users under 18.
If enabled, this sharing would be limited in the following ways:
- It would be server-side measurement, not an in-app advertising SDK or pixel; we would not collect or transmit your device advertising identifier (IDFA), and we do not use ATT-based tracking identifiers.
- We would send it under Meta's Limited Data Use setting, which directs Meta to process these events for restricted measurement purposes rather than to build cross-context behavioral advertising profiles.
- We would share only conversion metadata and a hashed identifier — not your messages, goals, memory, voice transcripts, name, or email.
Depending on your jurisdiction, this activity (if enabled) may be considered "targeted advertising" or a "share" of personal information under certain state privacy laws (see Section 12). You may opt out at any time by emailing legal@stint.tech (subject "Opt Out — Advertising") or, on our website, via a Global Privacy Control (GPC) signal where required by law. Opting out is prospective. This Section 6.6 does not apply to, and we would not perform, any advertising sharing for users under 18.
7. Analytics, Session Replay, and Cookies
Our website at stint.tech may use cookies, local storage, and similar technologies to operate the site, remember preferences, and measure usage; you can manage these through your browser settings. Within the iOS application, we use device-level identifiers and SDK-managed local storage (managed by our analytics, error-monitoring, subscription-management, and backend providers) rather than browser cookies.
We use a third-party provider for product analytics and session replay (which records your on-screen interactions and content, associated with your account UUID together with your email and display name, as described in Section 3.2, and which you can turn off in Settings → Privacy) and another for error monitoring (with email/IP and view-hierarchy capture disabled, as described in Section 3.2). Because there is no common industry standard for "Do Not Track" (DNT) browser signals, we do not currently respond to them; however, we honor Global Privacy Control (GPC) signals on our website where required by applicable law. Other than the adults-only advertising-measurement described in Section 6.6 (which is not currently active and which you may opt out of), we do not engage in cross-context behavioral advertising.
You may opt out of analytics and session recording at any time in the app under Settings → Privacy, or by emailing legal@stint.tech with the subject "Opt Out — Analytics."
8. Data Retention and Deletion
We retain personal information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, prevent fraud and abuse, and enforce our agreements.
- While your account is active. Your account data, messages, memory, goals, tasks, and subscription status are stored in our backend for the life of your account.
- When you delete your account. You can delete your account at any time from in-app Settings. When you do, we permanently delete your profile, chats, messages, memory, goals, tasks, brain-dump transcripts, and push-notification tokens from our active systems. Before deletion, we copy your chat messages and AI-usage records into internal history records in de-identified form — your account identifier is replaced with a one-way salted hash, and we apply automated redaction to remove detected emails, phone numbers, and links from the free-text content. We retain these de-identified records for security, abuse-prevention, analytics, and service-improvement purposes, and for no longer than ninety (90) days, after which an automated process permanently deletes them. De-identified AI-usage records (which contain usage metadata such as model, token counts, and cost, but not message text) are retained no longer than three hundred sixty-five (365) days. Automated redaction is best-effort and does not remove every possible identifier (for example, names you typed), so we again ask that you not submit sensitive information to the Service.
- Abuse-prevention identifier. To prevent abuse — such as repeatedly deleting and recreating accounts to evade usage limits or trial restrictions — we retain, after deletion, a one-way (irreversible) hashed identifier derived from your authentication-provider account. This identifier cannot be reversed to reveal your identity, is not linked to your content, and is used solely to enforce limits and deter abuse.
- Backups. Encrypted backups maintained by our infrastructure providers may persist for a limited additional period (typically up to thirty (30) days) before being overwritten in the ordinary course of backup rotation.
- Analytics and error data. Analytics events and error data are retained according to our providers' configured retention settings, after which they are deleted by the provider.
- Aggregated/anonymous data. Truly aggregated or anonymized data that cannot reasonably be re-linked to an individual may be retained indefinitely.
You may request deletion of specific data, to the extent we can identify it, by emailing legal@stint.tech.
9. Security
We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, role-based access controls, row-level security on our database, and least-privilege credentials for AI providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding access to your account and device.
Breach Notification. If a security breach involving your personal information occurs, we will notify affected users and applicable regulators to the extent, and within the timeframes, required by applicable law.
10. International Data Transfers
We are based in the United States, and our infrastructure and AI providers operate in the United States and other jurisdictions. By using the Service, you understand that your personal information will be transferred to, stored in, and processed in the United States and other jurisdictions whose data-protection laws may differ from those of your country. Where required by law, we rely on appropriate transfer mechanisms (such as the Standard Contractual Clauses) for cross-border transfers.
11. Your Choices and Rights (All Users)
- Account settings. View and update certain account information, manage notification preferences, view and wipe your memory, and delete your account from within the app.
- Device permissions. Grant or revoke microphone, speech-recognition, and notification permissions at any time in iOS Settings. Revoking microphone access disables voice features prospectively.
- Analytics / session recording. Opt out as described in Section 7.
- AI improvement / training. Opt out where offered, as described in Section 5.
- Marketing communications. If we send marketing emails, you may opt out using the unsubscribe link or by contacting legal@stint.tech. Transactional and service messages may continue.
- Access, correction, deletion, portability. Request a copy of, correction of, or deletion of your personal information, or a portable copy, by emailing legal@stint.tech. We will respond within the time required by applicable law and may need to verify your identity.
- Authorized agents. You may designate an authorized agent to submit a request on your behalf. We may require proof of authorization and may still ask you to verify your identity directly.
Appeals. If we decline to act on your privacy request, we will tell you why. Where applicable law provides a right to appeal, you may appeal our decision by replying to our response or by emailing legal@stint.tech with the subject "Privacy Appeal." We will review the appeal and respond within the time required by applicable law. If you remain unsatisfied, you may contact your state attorney general or applicable data-protection authority.
12. U.S. State Privacy Rights
12.1 Virginia (VCDPA)
To the extent the VCDPA applies to Stint, Virginia residents may have the right to: confirm whether we process your personal data and access it; correct inaccuracies; delete it; obtain a portable copy; and opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions producing legal or similarly significant effects. You may also appeal a decision on a rights request. Other than the limited, adults-only advertising-measurement described in Section 6.6 — which is not currently active, and which you may opt out of by emailing legal@stint.tech — we do not sell personal data or engage in profiling producing legal or similarly significant effects as defined by the VCDPA. If we enable that measurement and it constitutes "targeted advertising" under the VCDPA, you may opt out as described above; it would never apply to users under 18. To exercise these rights, email legal@stint.tech.
12.2 California (CCPA/CPRA)
To the extent the CCPA/CPRA applies to Stint, the following supplements this policy for California residents.
Categories collected (last 12 months): identifiers (name, email, account ID, IP address, device identifiers, Apple/Google provider IDs, and any creator/referral code you enter); customer records and commercial information (subscription/billing status — no card numbers; and, for Creator Program participants, payout and tax information); internet/network activity (usage and error events); audio information (voice processed transiently for transcription) and the resulting transcripts; inferences (your memory profile); and other information you provide (Goal Inputs, chat content). We collect this from you directly, automatically from your device and interactions, from your authentication provider, and from our service providers, for the business purposes in Section 4 and shared with the recipients in Section 6.
We do not knowingly collect "sensitive personal information" as defined under the CCPA/CPRA except to the extent you choose to include it in your messages, voice input, or memory; we ask that you not submit such information, and we do not use it for purposes that would trigger the right to limit.
No sale; limited measurement share is planned, not active. We do not "sell" personal information for monetary consideration. We do not "share" personal information for cross-context behavioral advertising. The only exception is the adults-only advertising-measurement described in Section 6.6, which is not currently active. If we enable it, to the extent that activity is a "share" under the CPRA you may opt out by emailing legal@stint.tech (subject "Do Not Share") or via a Global Privacy Control signal on our website. That sharing would never apply to users under 18, and we have no actual knowledge of selling or sharing the personal information of consumers under 16.
Your rights (to the extent the CCPA/CPRA applies to us): these may include the right to know/access, delete, and correct your personal information; to opt out of sale/sharing (inapplicable, but we will honor requests); to limit use of sensitive personal information (inapplicable as above); and to non-discrimination for exercising your rights. To exercise rights, email legal@stint.tech with the subject "California Privacy Request." You may use an authorized agent with proof of authorization. We may verify your identity. Shine the Light: we do not disclose personal information to third parties for their own direct-marketing purposes. Financial incentives: we do not offer financial incentives, or charge different prices or provide a different level of service, in exchange for the collection, retention, sale, or sharing of personal information.
12.3 Other U.S. States
Residents of other states with comprehensive privacy laws (such as Colorado, Connecticut, Texas, Oregon, Montana, and others) may have rights similar to those above, including rights to access, correct, delete, and obtain a copy of their personal data and to opt out of targeted advertising, sale, and certain profiling. We extend these rights to residents of such states to the extent required by their laws. To exercise them, email legal@stint.tech.
12.4 California Age-Appropriate Design Code (CAADC)
The Service is rated 13+ on the Apple App Store and may be accessed by users under 18. Consistent with the California Age-Appropriate Design Code (Cal. Bus. & Prof. Code § 22949.10 et seq.), we have completed a Data Protection Impact Assessment prior to launch and have designed the Service with the following minor-protective defaults that apply to all users:
- No behavioral advertising or profiling of minors. We do not use the data of any user under 18 to serve or target advertising, and we do not share minors' data with advertising partners. The adults-only advertising-measurement described in Section 6.6 is not currently active; if enabled, it would be restricted to adults (18+), gated on a verified 18+ confirmation at our age screen, and never performed for users under 18.
- No sale of personal information; minors' data never shared for advertising. We do not sell personal information, and we do not share the personal information of users under 18 for cross-context behavioral advertising or advertising measurement.
- Data minimization. We collect only the personal information reasonably necessary to provide the Service. We do not collect contacts, precise geolocation, calendar data, photos, camera images, or biometric identifiers.
- Analytics controls. Product analytics and session replay are associated with a random account UUID together with your email and display name, and you can turn them off at any time in Settings → Privacy; error monitoring excludes your email address, IP address, and screen contents.
- User control. All users can view and wipe their memory profile and permanently delete their account and data from within the app at any time.
- No dark patterns. We do not use manipulative design to encourage users to share more personal information than is necessary for the Service.
- Neutral age screen. At account setup we present a neutral age screen that asks for your age solely to confirm the minimum age. We do not collect a full date of birth. We keep confirmation that the requirement was met (and whether you are 18 or older) and the date of confirmation; the age you enter is stored on your device and used to personalize your plan.
We do not knowingly profile users under 13 for any purpose. Parents or guardians who have concerns about their child's use of the Service may contact us at legal@stint.tech.
12.5 Minor User Protections (All Jurisdictions)
Regardless of where you are located, if you are under 18, the following protections apply:
- The AI coach is informational and motivational only. It is not a licensed therapist, counselor, or medical professional. If you are in crisis, contact your local emergency services or, in the United States, the 988 Suicide & Crisis Lifeline (call or text 988).
- The Service is prohibited from being used for mental-health crisis intervention or as a substitute for licensed therapy (see Terms of Service Section 6).
- You can delete your account and all associated data at any time from in-app Settings.
- A parent or legal guardian may contact legal@stint.tech to request deletion of their minor child's account and data.
- We do not use your content for behavioral advertising or sell your personal information.
13. European Economic Area, United Kingdom, and Similar Jurisdictions
If you are located in the EEA, the UK, or a jurisdiction with similar protections, you have the rights to access, rectify, erase, restrict, and port your personal data, and to object to processing (including processing based on legitimate interests and direct marketing). You may withdraw consent at any time (without affecting prior processing) and lodge a complaint with your local data-protection authority.
Data Controller. Stint LLC is the controller responsible for the processing of your personal data described in this Privacy Policy. You can reach us at legal@stint.tech.
Legal bases. We process your personal data on the bases of: (a) performance of our contract with you (providing the Service); (b) your consent (e.g., for optional features); (c) compliance with legal obligations; and (d) our legitimate interests in operating, securing, improving, and developing the Service, where not overridden by your rights.
EU/UK Representatives (GDPR / UK GDPR Article 27). Stint LLC is established in the United States. The Service is offered for download only in the App Store storefronts we have enabled, which do not include the EEA or the UK; we do not offer, market, or make the Service available to individuals in the EEA or UK. Before we begin offering or marketing the Service to individuals in the EEA or UK, we will appoint EU and UK representatives under Article 27 and publish their contact details here. In the interim, EEA/UK residents may contact us at legal@stint.tech for any data-protection inquiry.
To exercise these rights, contact legal@stint.tech. We may verify your identity.
14. Automated Decision-Making
The Service uses automated processing (including large language models and rule-based logic) to generate tasks, summaries, suggestions, and other AI Output. This processing is informational and motivational and does not produce legal or similarly significant effects concerning you. You are responsible for all decisions and actions you take, whether or not informed by AI Output.
15. Third-Party Links and Policies
The providers identified in Section 6, and any third-party sites or services we link to, maintain their own privacy policies. We encourage you to review them. We are not responsible for their practices except as set out in our agreements with them.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above and, for material changes, provide additional notice by reasonable means (such as in-app notice, push notification, or email). Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy.
17. Contact Us
Stint LLC 8401 Mayland Dr Ste A, Richmond, VA, 23294 Commonwealth of Virginia, United States
| Purpose | |
|---|---|
| Privacy questions, rights requests, and legal notices | legal@stint.tech |
| General support | hello@stint.tech |
Do Not Sell or Share My Personal Information. We do not sell or share personal information as those terms are defined under applicable law. California and other residents who nonetheless wish to submit a request may email legal@stint.tech with the subject "Do Not Sell or Share," and we will process it.