Privacy Policy

1. Introduction

Wonders of Wisdom, LLC (“WOW,” “we,” “us,” or “our”) operates the Codessence platform (the “Service”), a personal transformation application that helps users discover their unique creative identity through assessment, guided journeys, AI mentoring, and voice interaction.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read it carefully. By creating an account or using the Service, you consent to the practices described herein.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full name
• Email address
• Password (stored in hashed form only)
• Date of birth (used to calculate your Creator Blueprint)

2.2 Assessment & Profile Data

As you use the Codessence assessment and 12 Keys program, we collect:

• Assessment question responses
• Your Codessence profile (Creator Blueprint, Creative Muse, Essence Code)
• Dream Vision and Legacy Vision statements
• Book of Life entries (beliefs, strengths, shadows, talents, desires, backstory)
• Journal entries, daily goals, and reflections
• Circle of Creation reports and Five Paths to Purpose responses
• Module progress and activity data

2.3 Voice & Audio Data

If you use the Voice Mentor feature, your microphone audio is transmitted in real time to our voice AI provider (ElevenLabs) for processing. We do not store raw audio recordings on our servers. ElevenLabs may retain conversation logs for up to 90 days per their policies.

2.4 SMS Data

If you opt in to SMS mentoring, we collect your phone number (stored in E.164 format) and use it to send daily practice messages and personalized guidance. You may opt out at any time.

2.5 Payment Information

Payments are processed by Stripe. We never store your full credit card number. We retain only Stripe customer and subscription identifiers to manage your account status. Stripe is PCI-DSS Level 1 compliant.

2.6 Automatically Collected Data

• IP address and user agent (stored with your session for security)
• Session authentication cookie (expires after 7 days)
• Local storage data for assessment progress (browser-only, not transmitted to our servers until you submit)

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — calculate your Codessence profile, track your 12 Keys journey, and generate personalized content
• Power AI Mentoring — send your profile context, journey progress, and messages to our AI provider to generate personalized guidance (see Section 4)
• Enable Voice Interaction — transmit audio to our voice AI provider for real-time conversational mentoring
• Deliver SMS Mentoring — send daily practice messages and guidance to your phone number
• Process Payments — manage subscriptions and billing through Stripe
• Improve the Service — analyze usage patterns (in aggregate) to enhance features
• Send Transactional Emails — account verification, password resets, and important service updates
• Ensure Security — detect and prevent abuse, enforce rate limits, and protect your account

4. AI Data Processing

The Codessence Mentor uses artificial intelligence to provide personalized guidance. When you interact with the AI mentor (text or voice), the following data may be sent to our AI providers:

• Your full name (for personalized addressing)
• Your Codessence profile (Blueprint, Muse, Essence Code)
• Book of Life data (beliefs, strengths, shadows, desires, backstory)
• 12 Keys journey progress and responses
• Your chat messages and conversation history
• Journal entries (recent entries for context)

AI Providers: We use Langbase for text-based AI mentoring (including RAG memory retrieval) and ElevenLabs for voice-based conversational AI. Your data is transmitted securely via HTTPS.

Important: AI-generated responses are for personal reflection and creative exploration only. They do not constitute professional therapy, medical advice, or counseling. The AI mentor uses your data solely to provide personalized guidance within the Codessence framework.

We implement prompt injection defenses and input sanitization to protect your data during AI processing. User data in AI memory is isolated per user — other users cannot access your personal information through AI queries.

5. Third-Party Service Providers

We share your information with the following service providers who process data on our behalf:

Each provider processes your data in accordance with their own privacy policies. We encourage you to review them.

6. Data Retention

• Account data: Retained until you delete your account, plus 90 days for backup purposes
• Journey & assessment data: Retained until account deletion
• Journal entries: Retained until account deletion
• Payment records: Retained for 7 years for tax and legal compliance
• Session logs: Automatically expire after 7 days
• AI conversation threads: Retained per Langbase’s data policies; can be cleared via your mentor settings
• Voice recordings: Not stored by WOW; ElevenLabs may retain logs per their policy (typically up to 90 days)
• SMS logs: Not stored by WOW beyond delivery confirmation; Vonage retains per their policy

7. Data Security

We implement the following security measures to protect your data:

• All data transmitted over HTTPS/TLS encryption
• Passwords stored using industry-standard hashing (never in plain text)
• Authentication via secure, HttpOnly session cookies
• Rate limiting on API endpoints (AI, mutations, and queries)
• Input sanitization to prevent injection attacks
• Per-user data isolation in AI memory systems
• Ownership verification on all data access (prevents unauthorized access to other users’ data)
• Security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information via your profile settings
• Deletion: Request deletion of your account and associated data
• Portability: Request your data in a portable format
• Withdraw Consent: Disable AI mentoring, SMS features, or delete your account at any time
• Opt Out of SMS: Text STOP to unsubscribe from SMS messages

To exercise any of these rights, contact us at privacy@wondersofwisdom.org.

9. Children’s Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly.

10. Cookies & Local Storage

We use the following:

• Session cookie: A single, essential authentication cookie that keeps you signed in (expires after 7 days). This is strictly necessary and cannot be disabled.
• Local storage: We store assessment progress in your browser’s local storage so you don’t lose your work if you navigate away. This data stays on your device until you complete the assessment or clear your browser data.

We do not use advertising cookies, analytics trackers, or third-party tracking pixels.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the effective date at the top of this page and, where appropriate, by requiring you to re-accept the updated policy. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at: