Privacy Policy

Effective Date: January 8, 2026

ConsistencyForge ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. This policy applies to both Adult Accounts and Minor Sub-Accounts.

Data Controller

The data controller responsible for your personal data is:

Quantum Media Technologies sp. z o.o.

Slezna 104 / #2A

53-111 Wroclaw, Poland

Tax ID: PL8971768021

Contact: privacy@qmt.email

Summary

We collect data necessary to provide and improve our service
We may share data with business partners, affiliates, and marketing partners
We use Stripe for payments and Resend for emails
Minor Sub-Accounts require verifiable parental consent
You have rights to access, correct, delete, and port your data

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our service:

Data Type	Purpose	Required
Email address	Account creation, authentication, notifications	Yes
Display name	Personalization, communications	No
Timezone	Scheduling check-ins at appropriate times	No (defaults to UTC)
Contract titles & descriptions	Service functionality	Yes (for contracts)
Special dates (birthday, etc.)	Excluding check-ins on special days	No
Gender preference	Rank name personalization	No
Minor's information (for Sub-Accounts)	Supervised account functionality, task certificates	Yes (for Minor Sub-Accounts)
Shared commitment data	Group participation, comments, check-ins, invitations	Yes (for shared commitments)

1.2 Information Collected Automatically

We automatically collect certain information when you use our service:

Session data: Login timestamps, session expiration
Activity data: Check-in completions, streaks, points earned, task certificates
Behavioral data: Usage patterns, feature interactions, engagement metrics
Email interaction: Email send timestamps

1.3 Payment Information

When you make a payment, Stripe (our payment processor) collects payment card information directly. We receive only:

Transaction confirmation status
Payment amount
Stripe transaction IDs

We never receive, store, or have access to your full credit card number.

2. How We Use Your Information

2.1 Service Provision

We use your information to:

Provide and maintain the service
Send authentication emails (magic links)
Send check-in reminders and notifications
Process payments through Stripe
Track your progress (streaks, points, ranks)
Display leaderboard rankings
Generate and deliver task completion certificates (for Minor Sub-Accounts)
Respond to your support requests
Facilitate group accountability through shared commitments
Display your check-in status and comments to other group members

2.2 Business and Commercial Purposes

We may also use your information for:

Marketing and promotional communications (where permitted)
Analytics, performance measurement, and service optimization
Personalization and content customization
Business development and growth initiatives
Product improvement and new feature development
Fraud prevention and security

4. Automated Decision-Making and Profiling

4.1 Profiling Activities

We engage in the following automated processing activities:

Gamification: Calculating points, streaks, ranks, and leaderboard positions
Scoring: Evaluating consistency, performance, and milestone achievements
Behavioral analysis: Understanding usage patterns to improve the Service
Personalization: Customizing content, recommendations, and communications
Contract status: Determining contract success, failure, and milestones

4.2 Application to Minor Sub-Accounts

Profiling, scoring, gamification, and behavioral analysis apply to both Adult Accounts and Minor Sub-Accounts. For minors, this processing occurs under the supervision and with the consent of the Supervising Adult, who has full visibility into the minor's data and can manage preferences.

4.3 Your Rights (GDPR Art. 22)

If you are in the EEA, UK, or Switzerland, you have rights regarding automated decision-making that produces legal or similarly significant effects:

Right to obtain human intervention
Right to express your point of view
Right to contest the decision

Most of our automated processing (gamification, scoring) does not produce legal or similarly significant effects, but we provide these safeguards for transparency. Contact us to exercise these rights.

5. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your data based on:

Processing Activity	Legal Basis
Account creation and management	Contract performance
Check-in reminders and notifications	Contract performance
Payment processing	Contract performance
Gamification and scoring	Contract performance / Legitimate interest
Marketing and promotions	Legitimate interest / Consent (where required)
Analytics and optimization	Legitimate interest
Data sharing with partners	Legitimate interest / Consent (where required)
Minor Sub-Account processing	Parental consent (GDPR Art. 8)
Shared commitment participation	Contract performance / Consent
Data sharing with group members	Consent (by joining the commitment)
Invitation email disclosures	Consent (by sending invitations)
Legal compliance	Legal obligation

6. Data Retention

We retain your data based on the following criteria:

Data Type	Retention Period
Account data	Duration of account + 3 years after deletion request
Contract data	Duration of account + 3 years (for analytics and disputes)
Check-in and activity history	Duration of account + 3 years
Points and rank history	Duration of account + 3 years
Task completion certificates	Duration of account + 3 years
Magic link tokens	15 minutes (auto-deleted)
Session tokens	30 days (auto-deleted)
Payment records	7 years (legal requirement)
Analytics data	5 years (for product improvement)
Shared commitment data	Duration of membership + 3 years
Comments in shared commitments	Duration of membership + 3 years
Shared commitment invitations	24 hours (auto-deleted if not accepted)

We may retain data longer where required for legal compliance, dispute resolution, fraud prevention, or legitimate business purposes such as analytics and product improvement.

7. International Data Transfers

Your data may be processed in countries outside your residence to support our global business operations. This includes transfers to:

United States: Where many of our service providers and partners operate
Other jurisdictions: Where our business partners and affiliates operate

We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with service providers and partners
Other legally recognized transfer mechanisms where applicable

8. Cookies and Session Management

8.1 Session Cookie

We use an essential cookie for authentication:

Name:session

Purpose:Keep you logged in

Duration:30 days

Type:HTTP-only, Secure, First-party

This cookie is strictly necessary for the service to function.

9. Data Security

We implement appropriate security measures including:

Encryption in transit (HTTPS/TLS)
Secure password-less authentication
HTTP-only, secure session cookies
Webhook signature verification for payments
Rate limiting on API endpoints
Regular security updates

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

10. Minor Sub-Accounts and Children's Privacy

10.1 Minor Sub-Account Framework

A "Minor Sub-Account" is an account for a user under 18 years of age, created and controlled by a verified Adult Account holder (the "Supervising Adult") who is the minor's parent or legal guardian.

Minors cannot create independent accounts
Minor Sub-Accounts operate only under adult supervision
The Supervising Adult has full access to all minor account data

10.2 Parental Consent Requirements

GDPR (EU/UK)

Parental consent required under Article 8 for children under the applicable age of digital consent (13-16 depending on member state).

COPPA (US)

Verifiable parental consent required for children under 13 before collecting personal information.

10.3 Data Collected from Minors

For Minor Sub-Accounts, we collect and process:

Name or identifier (provided by Supervising Adult)
Task assignments and progress data
Check-in completions and activity logs
Points, streaks, and achievement data
Daily task completion certificates

10.4 Task Completion Certificates

Minor Sub-Account users may generate daily certificates confirming completion of tasks assigned by the Supervising Adult. These certificates are automatically shared with and delivered to the Supervising Adult as a core feature of the Service.

10.5 Supervising Adult Rights

The Supervising Adult may, on behalf of the minor:

Access all personal data in the Minor Sub-Account
Request correction or deletion of data
Export data in a portable format
Withdraw consent and terminate the Minor Sub-Account

Important: All data processing for Minor Sub-Accounts occurs only with and under the authorization of the Supervising Adult. Privacy rights for minors are exercised by the Supervising Adult.

11. Your Rights

11.1 Rights for All Users

You have the right to:

Access: Request a copy of your personal data
Correction: Update inaccurate or incomplete data
Deletion: Request deletion of your account and data
Portability: Receive your data in a structured format

11.2 Additional Rights (EEA/UK/Switzerland - GDPR)

If you are in the European Economic Area, UK, or Switzerland, you also have:

Right to object: Object to processing based on legitimate interests
Right to restriction: Request limited processing in certain cases
Right to withdraw consent: Where processing is based on consent
Right to lodge a complaint: With your local supervisory authority

EU Supervisory Authorities: You have the right to lodge a complaint with a data protection authority in the EU member state where you reside, work, or where the alleged infringement occurred. A list of supervisory authorities is available at edpb.europa.eu.

11.3 Rights for Minor Sub-Accounts

For Minor Sub-Accounts, all privacy rights are exercised by the Supervising Adult on behalf of the minor. The Supervising Adult may access, correct, delete, or export the minor's data at any time.

11.4 How to Exercise Your Rights

To exercise any of these rights, contact us at support@qmt.email. We will respond within 30 days (or sooner if required by law).

12. California Privacy Rights (CCPA/CPRA)

Notice at Collection

If you are a California resident, this section provides additional disclosures required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

12.1 Categories of Personal Information

We collect the following categories of personal information:

Identifiers: Email address, display name, public name
Commercial information: Payment history, contract value
Internet activity: Usage data, check-in history, engagement metrics
Inferences: Scores, ranks, behavioral patterns
Minor information: Data in Minor Sub-Accounts (with parental consent)

12.2 Purposes of Collection and Use

We use personal information for:

• Providing the Service and customer support
• Marketing, advertising, and promotional communications
• Analytics, research, and product improvement
• Personalization and customization
• Business operations and commercial purposes
• Security, fraud prevention, and legal compliance

12.3 Sale and Sharing of Personal Information

"Sale" under CCPA means exchanging personal information for monetary or other valuable consideration.

"Sharing" under CPRA means disclosing personal information for cross-context behavioral advertising.

We may share personal information with marketing and advertising partners for targeted advertising purposes. This sharing may constitute "sharing" under CPRA. We do not "sell" personal information in exchange for monetary compensation.

12.4 Your California Rights

As a California resident, you have the right to:

Know: Request disclosure of personal information collected and shared
Delete: Request deletion of your personal information
Correct: Request correction of inaccurate personal information
Opt-out: Opt out of the sharing of personal information
Non-discrimination: Not be discriminated against for exercising your rights

12.5 Opt-Out of Sharing

Do Not Sell or Share My Personal Information

To opt out of the sharing of your personal information for cross-context behavioral advertising, contact us at support@qmt.email.

We recognize Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for sharing.

Note: Opting out may reduce the personalization and relevance of marketing communications you receive.

12.6 Retention

We retain personal information as described in Section 6 (Data Retention) above. Retention periods are based on the category of data and the purposes for which it was collected.

12.7 Other US State Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have similar rights. Contact us to exercise these rights.

13. Public Information

If you appear on our leaderboard ("Hall of Fame"), the following information is publicly visible:

Your public name (auto-generated pseudonym like "Marcus Maximus")
Your total points
Your streak statistics
Your rank

Your email address, contract details, and other personal information are never publicly displayed. Minor Sub-Accounts do not appear on public leaderboards.

13.1 Shared Commitment Visibility

In PUBLIC shared commitments, your membership and activity may be visible to anyone browsing public commitments
In PRIVATE shared commitments, your data is only visible to invited and accepted members

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

Posting the new policy on this page
Updating the "Effective Date" at the top
Sending an email notification for material changes

For material changes that require consent under applicable law, we will request your explicit consent before implementing those changes. Continued use of the Service after notice of non-material changes constitutes acceptance.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

General Support

support@qmt.email

Data Protection Inquiries

privacy@qmt.email

By using ConsistencyForge, you acknowledge that you have read and understood this Privacy Policy.

← Back to Home Terms of Service →