Authentic Badass Privacy Policy
Effective Date: April 1, 2026
1. Introduction
Authentic Badass ("we," "us," "our") is operated by Authentic Badass LLC, a Virginia limited liability company. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our personal development platform and services.
Our Corporate Structure: Authentic Badass is part of the Badass Platform family of brands. Our platform technology, artificial intelligence systems, and de-identified data analytics are provided by Badass Platform LLC, a Virginia limited liability company that serves as our technology licensor. This structure is explained in Section 4.
Contact Us:
Authentic Badass LLC
11921 Freedom Drive, Reston, VA 20190
Privacy Inquiries: privacy@authenticbadass.com
2. Information We Collect
2.1 Information You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Email address, password (hashed), username | To create and maintain your account |
| Profile Information | Timezone, notification preferences, practice time preferences | To personalize your experience |
| Consent Records | Terms acceptance timestamp, Privacy Policy acceptance, marketing opt-in | To comply with legal requirements |
2.2 Personal Development Data (Power Matrix)
| Category | Examples | Purpose |
|---|---|---|
| Power Spark Sessions | Your responses to debate statements, conversation exchanges with Alice AI | To surface your personal growth edge and personalize your journey |
| Power Transform Practices | Daily energy ratings (1-10), wins, Edge reflections, Focus conversations | To track your transformation journey and provide insights |
| Power Goals | Goal conversations, extracted themes, check-in summaries | To support your goal-setting and progress |
| Power Chats | On-demand conversations with Alice AI | To provide personalized support |
| CBO Unfiltered | Direct messages to the Chief Badass Officer (founder) | To enable direct communication with the business |
| Power Profile | AI-generated understanding of your patterns, clarity levels, discoveries | To enable Alice to provide personalized guidance |
| Power Insights | Narrative summaries of your journey (moments, sets, waves, dimensions) | To help you understand your growth |
Note on Power Spark: Power Spark conversations are retained indefinitely. By using the Power Spark service, you consent to this retention. Do not include special category data (Article 9 GDPR) such as health information, political opinions, religious beliefs, or other sensitive information in Power Spark conversations. You are responsible for the information you choose to share.
Important: Your personal development data contains your reflections, thoughts, and self-assessments. We treat this data with the highest care. See Section 4 for how this data is handled within our corporate structure.
2.3 Community Data (Arena)
| Category | Examples | Purpose |
|---|---|---|
| Public Posts | Arena posts, Power Drop responses, comments | To enable community features |
| Username | Your chosen @handle | To identify you in the community (publicly visible) |
| Engagement | Power Props given/received, poll votes | To enable community interaction |
Note: Arena content you post is visible to other users. Your username remains associated with your posts even if you delete your account.
Note on CBO Communications: Messages you send through CBO Unfiltered are direct communications to the business. Like any business correspondence, these messages may be retained in anonymized form (with your identity removed) for legitimate business purposes such as improving the service, understanding user needs, and maintaining business records. Your user ID and account information are removed from retained communications.
2.4 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device Information | Device type (iOS, Android, web), operating system, platform | To ensure compatibility and optimize experience |
| Usage Data | Features accessed, session duration, practice completion | To improve the service |
| Log Data | IP address, access timestamps, error logs | For security, debugging, and fraud prevention |
2.5 Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| Stripe | Payment confirmation, subscription status | To verify transactions (we do not store your card details) |
3. How We Use Your Information
3.1 To Provide and Maintain the Service
- Create and manage your account
- Deliver the Power Matrix experience (practices, goals, insights)
- Process payments and manage your subscription
- Provide customer support
- Send service-related communications (password resets, subscription updates)
3.2 To Personalize Your Experience
- Power Alice AI to provide personalized guidance based on your profile
- Generate insights and narratives about your journey
- Recommend practices and content relevant to your growth
3.3 AI Processing
How Alice AI Works:
- Alice AI is powered by Google's Gemini API
- Your conversations with Alice are processed by Gemini to generate responses
- Alice maintains context through your Power Profile (stored in our database)
- AI-generated assessments (clarity levels, patterns, discoveries) are used to personalize your experience
What This Means:
- Your conversation text is sent to Google's servers for AI processing
- Google's Gemini API is subject to Google's data processing terms
- We use de-identified user IDs when possible to minimize data exposure
- AI outputs (Alice's responses, assessments) are stored in your account
AI Is For Self-Education Only: Alice facilitates self-reflection by mirroring your words and asking questions. Alice does NOT provide advice, recommendations, or professional services. Alice is not a therapist, medical provider, financial advisor, or attorney. Any patterns or insights identified are for your educational consideration only. You are solely responsible for any decisions you make.
3.4 To Improve the Service
- Analyze usage patterns to improve features
- Develop new capabilities
- Fix bugs and technical issues
- Train and improve AI models using de-identified data (see Section 4)
3.5 To Communicate With You
- Service updates and important notices (no opt-out - these are essential)
- Marketing communications (only with your consent; you can opt out anytime)
3.6 To Comply With Legal Obligations
- Respond to legal process (subpoenas, court orders)
- Comply with regulatory requirements
- Protect our legal rights
4. Data Sharing and Our Corporate Structure
4.1 The Badass Platform Structure
Authentic Badass LLC licenses its platform technology (including the Power Matrix methodology and Alice AI) from Badass Platform LLC pursuant to a Brand License Agreement. These are separate legal entities connected by contract.
For data protection purposes:
- Authentic Badass LLC is the Controller — we collect and control your personal data
- Badass Platform LLC is our Processor — they process data on our behalf to provide the platform technology
| Your Data Type | Who Holds It | What Happens |
|---|---|---|
| Your PII (email, username, account) | Authentic Badass LLC (Controller) | Stays with us. Used only for your account. Never shared with Badass Platform LLC. |
| Your Personal Development Data (conversations, practices, profile) | Authentic Badass LLC (Controller) | Stays with us. Powers your personalized experience. |
| De-identified Data (patterns that cannot identify you) | Badass Platform LLC (Processor) | Used to improve AI and platform. Cannot be linked to you. |
Important: Badass Platform LLC does NOT receive your personal information (email, username, account details). They receive only de-identified behavioral patterns that cannot identify you. This arrangement is governed by a Data Processing Agreement that requires them to process data solely on our instructions and maintain appropriate security measures. For CCPA purposes, Badass Platform LLC acts as a "service provider" processing data on our behalf, not a third party to whom we sell or share data.
4.2 How De-identification Works
When we de-identify your data:
- We remove identifying information: Your name, email, and account details are stripped
- We hash your user ID: A one-way cryptographic hash creates a masked ID that cannot be reversed
De-identified data is NOT personal data. It cannot be linked back to you. We use it to:
- Improve Alice AI's responses across all brands
- Identify patterns that help users (e.g., "what leads to breakthroughs")
- Generate platform-wide statistics
4.3 Third-Party Service Providers
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Firebase | Database, authentication, hosting | Encrypted user data | United States |
| Google Gemini API | Alice AI processing | Conversation text, de-identified context | United States |
| Anthropic Claude API | Platform development and administration | De-identified data for development purposes only | United States |
| Stripe | Payment processing | Payment details, subscription data | United States |
| Slack | Internal team communication, support | Support inquiries (if you contact us via Slack) | United States |
| Cognition (Devin) | Customer support and technical assistance | Support inquiries, de-identified technical data | United States |
| Resend | Email delivery | Email address, email content | United States |
All service providers are bound by data processing agreements that require them to protect your data and use it only for the purposes we specify.
4.4 We Do NOT Sell Your Personal Information
We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising.
4.5 Other Disclosures
We may disclose your information:
- With your consent: When you direct us to share with a third party
- For legal reasons: To comply with law, respond to legal process, or protect rights
- Business transfers: If we merge with or are acquired by another company (you will be notified)
- Safety: To protect the safety of our users or the public
5. Your Privacy Rights
5.1 Rights for All Users
| Right | How to Exercise |
|---|---|
| Access | Email privacy@authenticbadass.com to request a copy of your data |
| Correction | Update your information in account settings or email privacy@authenticbadass.com |
| Deletion | Delete your account from settings or email privacy@authenticbadass.com |
| Marketing Opt-Out | Unsubscribe link in any marketing email or update preferences in settings |
5.2 California Residents (CCPA/CPRA)
You have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information (subject to exceptions)
- Correct inaccurate personal information
- Opt-out of sale/sharing (we don't sell, but you can still exercise this right)
- Non-discrimination for exercising your rights
- Limit use of sensitive personal information (we only use it for the service)
Categories We Collect: Identifiers, commercial information, internet activity, inferences drawn from your information.
Sensitive Personal Information: Through your reflections and conversations with Alice, we may collect information that reveals philosophical beliefs or draw inferences about your personal patterns. We use this information solely to provide the Service (your personalized Power Matrix experience). We do not use sensitive personal information for advertising, profiling for third parties, or any purpose beyond service delivery. You have the right to limit use of sensitive personal information. Because we already limit use to service delivery, exercising this right would not change how we process your data. To inquire, email privacy@authenticbadass.com with "Sensitive PI Inquiry" in the subject line.
To Exercise Rights: Email privacy@authenticbadass.com with "California Privacy Request" in subject.
Response Time: 45 days (may extend to 90 for complex requests)
5.3 Virginia Residents (VCDPA)
You have the right to:
- Access your personal data
- Correct inaccuracies
- Delete your personal data
- Data portability (receive your data in a usable format)
- Opt-out of targeted advertising, sale, or profiling (we don't do these)
- Appeal if we deny your request
To Exercise Rights: Email privacy@authenticbadass.com with "Virginia Privacy Request" in subject.
Response Time: 45 days
Appeal: If denied, you may appeal within 60 days. We respond to appeals within 60 days.
5.4 European Economic Area, UK, and Switzerland Residents (GDPR/UK GDPR)
You have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure ("right to be forgotten") (Art. 17)
- Restrict processing in certain circumstances (Art. 18)
- Data portability (Art. 20)
- Object to processing based on legitimate interests (Art. 21)
- Withdraw consent at any time where processing is based on consent (Art. 7)
- Lodge a complaint with your local supervisory authority
Legal Basis for Processing:
| Purpose | Legal Basis |
|---|---|
| Providing the service | Performance of contract (Art. 6(1)(b)) |
| AI personalization | Performance of contract (Art. 6(1)(b)) |
| Service improvements | Legitimate interests (Art. 6(1)(f)) |
| Marketing | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
To Exercise Rights: Email privacy@authenticbadass.com with "GDPR Request" in subject.
Response Time: 30 days (may extend for complex requests)
Data Protection Officer: For GDPR inquiries, contact privacy@authenticbadass.com. We will designate a DPO if required by processing volume.
5.5 Other Jurisdictions
We strive to honor reasonable privacy requests regardless of your location. If your jurisdiction provides privacy rights not specifically addressed above, contact privacy@authenticbadass.com. We will review your request and respond based on applicable legal requirements. Our ability to fulfill specific requests may depend on your jurisdiction's laws and the nature of your request.
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until you delete your account + 30 days | To allow account recovery and complete deletion |
| Personal development data | Until you delete your account + 30 days | Part of your account |
| Usage logs | 2 years | Security, debugging, product improvement |
| Payment records | 7 years | Tax and legal requirements |
| De-identified data | Indefinitely | Cannot be linked to you; used for platform improvement |
| CBO communications (anonymized) | Indefinitely | Business correspondence retained with identity removed |
| Legal hold data | As required | When litigation or investigation requires preservation |
When You Delete Your Account:
- Your PII is deleted within 30 days
- Your personal development data is deleted within 30 days
- De-identified data (which cannot identify you) is retained
- Backups are purged within 90 days
- Data subject to legal hold is retained as required
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Secure password hashing (bcrypt)
- Access controls and authentication
- Regular security assessments
- Intrusion detection and monitoring
Organizational Measures:
- Data minimization (we collect only what we need)
- Access limited to those who need it
- Security training
- Incident response procedures
- Vendor security assessments
Your Responsibilities:
- Use a strong, unique password
- Don't share your account credentials
- Notify us immediately of unauthorized access
No system is 100% secure. While we take extensive precautions, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by law.
8. Cookies and Tracking Technologies
8.1 What We Use
| Type | Purpose | Duration | Required? |
|---|---|---|---|
| Essential | Authentication, security, core functionality | Session | Yes - service won't work without |
| Functional | Your preferences (timezone, settings) | 1 year | No - but improves experience |
| Analytics | Understanding usage patterns | 2 years | No - you can opt out |
8.2 Your Choices
- Browser settings: You can block or delete cookies through your browser
- Essential cookies: Cannot be disabled (required for login and security)
- Analytics opt-out: Contact privacy@authenticbadass.com
Note: Our mobile apps use local storage similarly to cookies for the same purposes.
Do Not Track Signals: Our web Service operates cookieless and uses minimal tracking. We do not currently respond to "Do Not Track" browser signals as there is no industry standard for implementation. Because we operate without traditional tracking cookies, such signals would not materially change our data practices.
9. Children's Privacy
Authentic Badass is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
If we learn we have collected data from someone under 18, we will delete it promptly. If you believe we have data from someone under 18, contact privacy@authenticbadass.com.
Parents/guardians: If your child has provided us information without your consent, contact us and we will delete it.
10. International Data Transfers
Our servers are located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.
For EEA Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).
For UK Users: We rely on the UK International Data Transfer Addendum to the EU SCCs, as approved by the UK Information Commissioner under Section 119A of the UK Data Protection Act 2018.
For Swiss Users: We rely on the Swiss-approved version of the Standard Contractual Clauses.
For All International Users: All our processors maintain appropriate transfer mechanisms for their respective jurisdictions. The United States may not have the same data protection laws as your country. By using our Service, you acknowledge this transfer. We take steps to ensure your data remains protected consistent with this Privacy Policy.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will notify you by email and/or prominent notice in the app
- We will update the "Effective Date" at the top
- For significant changes, we may ask you to re-accept the policy
Your continued use after changes constitutes acceptance. If you disagree with changes, you may delete your account.
12. Contact Us
Authentic Badass LLC
11921 Freedom Drive, Reston, VA 20190
United States
Privacy Inquiries: privacy@authenticbadass.com
Owner: Megan Kendal Eunpu, Chief Badass Officer
Response Times:
- General inquiries: 5 business days
- Privacy rights requests: Per applicable law (see Section 5)