Legal
Privacy Policy
Last updated: 2026-06-30

Overview
Expedia Solutions LLC operates alignheart.com as AlignHeart. This Privacy Policy explains what personal information we collect, why we use it, and the choices you have.
For safety practices and verification, see also our Safety & Privacy page at /safety.
Information we collect
Account data: email, password hash, session identifiers, and optional profile fields you provide.
Assessment and compatibility data: pillar scores, preferences, journal entries, and coaching conversation content.
Verification media: photos you submit for authenticity review (processed per our verification workflow).
Technical data: IP address, browser type, device identifiers, and standard server logs for security and performance.
Event registration: name, email, ticket tier, and check-in metadata for workshops you book.
How we use information
Provide compatibility reports, coaching features, event ticketing, and customer support.
Improve product quality, safety moderation, and fraud prevention.
Send transactional email (confirmations, security alerts) and, with your consent, product updates.
We do not sell personal information. We do not use your private coaching content to train third-party foundation models.
Sharing
Service providers: hosting (e.g. Vercel), email delivery, analytics when enabled, and payment processors when billing is live — under contractual confidentiality.
Legal: when required by law, to protect rights and safety, or to respond to valid legal process.
Other members see only what your privacy toggles allow (profile previews, comparison invites).
Retention, export, and deletion
You can review retention settings and export or delete assessment data from Dashboard → Settings where available.
We retain records as needed for legal compliance, dispute resolution, and backup integrity, then delete or anonymize per our retention schedule.
Cookies
Essential cookies: session authentication (httpOnly) and security.
Analytics cookies: only when enabled in production — aggregated metrics, no cross-site ad profiling.
Your rights
California (CCPA/CPRA) and GDPR/UK GDPR: you may request access, correction, deletion, or portability by emailing [email protected]. We verify identity before fulfilling requests.
We will respond within a reasonable timeframe as required by applicable law.
Changes
We update this policy when features, processors, or legal requirements change. The Last updated date reflects the current version.