Effective Date: March 28, 2025

Last Updated: December 2, 2025

PineWoodsAI LLC (“PineWoodsAI,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal information through:

• The PineWoodsAI website (https://pinewoodsai.com)

• The Relational Intelligence Fabric (RIF)

• Athena Prime

• Any applications, portals, or services that reference this Policy

This Policy applies only to individuals located in the United States.

We do not currently offer our Services to residents of the EU, UK, or other

jurisdictions with heightened privacy requirements.

1. Who We Are

PineWoodsAI LLC is the data controller for personal information processed through our Services.

Contact Information:

PineWoodsAI LLC

8 The Green #8292

Dover, DE 19901

Email: [email protected]

2. Information We Collect

We collect personal information in several ways:

• Directly from you

• Automatically through your use of the Services

• From optional third-party integrations you choose to connect

• Through derived insights generated by our systems

Below are the categories of information we collect.

2.1 Identity & Contact Information

• Name

• Email address

• Phone number (optional)

• Authentication credentials managed by Auth0 (We never see or store your password.)

2.2 Device & Technical Information

• IP address

• Browser and device type

• Operating system

• Session metadata (timestamps, load times, feature use)

• Error logs (scrubbed where possible)

2.3 Interaction & Communication Data

• Messages and prompts you send to Athena

• Advisor selections (Council of 7)

• Intake forms and system inputs

• Interaction frequency and usage patterns

• Chat history (stored to provide continuity)

This data is necessary for AI-powered features to function.

2.4 Emotional, Psychological & Identity Modeling Data (Derived)

Athena generates derived insights such as:

• Ousia constellation attributes

• Personality and communication patterns

• Emotional signatures or trends

• Values, goals, preferences

• Relational graph nodes & edges

• Behavioral patterns

These are derived from your interactions and used strictly for personalization.

2.5 Biometric & Wellness Data (Opt-In)

If you connect third-party wellness devices—such as Apple Health, Oura, Whoop,

8 Sleep, Dexcom, or Garmin—we may receive data via Rook or similar authorized middleware.

This may include:

• Heart rate, HRV, respiratory rate

• Body temperature

• Blood oxygen (SpO2)

• Blood glucose (Dexcom)

• Sleep duration, stages, and efficiency

• Activity, movement, VO2 Max

• Recovery and readiness scores

• Circadian rhythm indicators

You may disconnect biometric integrations at any time.

We do not share biometric data with AI model providers.

2.6 Payment Information

Handled exclusively by Stripe.

We never store card numbers or bank information.

We may receive:

• Subscription status

• Billing address

• Last 4 digits of payment method

2.7 Productivity & Communication Platform Data (Opt-In)

If you connect tools such as:

• Google Drive

• Gmail

• Google Calendar

• Slack

• Notion

• Microsoft Teams

• Similar productivity platforms

We may collect limited data required to provide Athena’s productivity or relational intelligence features.

This may include:

• Calendar event metadata

• Email metadata (sender, recipient, subjects)

• Document or file titles and summaries

• Slack channel metadata or message summaries

• Meeting, communication, or workflow metadata

We do not access:

• Full email bodies (unless explicitly authorized)

• Full Slack message histories

• Full document contents unless you directly open/analyze them in Athena

• Private channels, private calendars, or private files unless explicitly authorized

You may revoke access at any time via the connected platform’s permissions.

2.8 Voice, Audio & Video Data (If Enabled)

If you use voice or video features, we may process:

• Audio recordings

• Transcribed text

• Temporary video frames

• Emotional tone or expression inferences

We do not perform facial recognition or identity confirmation.

2.9 Information About Third Parties (Non-Users)

Some features allow you to input information about others—e.g., teammates, family members, coworkers, partners.

By entering such information, you warrant that:

• you have the right to share it;

• the information is accurate to the best of your knowledge.

PineWoodsAI does not:

• create independent profiles of non-users;

• use non-user data across accounts;

• contact or market to non-users.

You may delete this data at any time.

2.10 Derived Data, Aggregates & Embeddings

We may generate or store:

• De-identified insights

• Statistical patterns

• Anonymous cluster data

• Embeddings

• Graph structures

• System performance metrics

This information is not linked to individual identities and may be retained indefinitely.

3. How We Use Personal Information

We use personal data to:

• Deliver and operate Athena Prime

• Provide personalized insights, recommendations, and relational analysis

• Enhance communication and leadership insights

• Provide wellness insights (if biometric data is connected)

• Maintain secure authentication

• Conduct debugging, analytics, and internal research

• Improve performance and functionality

• Communicate updates and service notifications

• Enforce our Terms of Service

We do not sell personal information. In the event of a merger, acquisition, or similar transaction, user information may be transferred as part of the business assets. We may use aggregated, anonymized, or de-identified information to improve and market our Services, but never in a way that identifies individual users.

4. Legal Bases for Processing

Where required, we rely on:

• Contract performance

• Legitimate interests

• Consent (biometrics, wellness data, MCP integrations)

• Compliance with legal obligations

5. Cookies & Tracking

We use cookies and similar technologies for:

• Authentication

• Session management

• Security

• Performance analytics

For more information, review our Cookie Policy:

https://pinewoodsai.com/cookies

6. AI Processing & Multi-Model Routing

Athena routes requests across multiple AI providers, including:

• OpenAI

• Anthropic

• Google (Gemini)

• XAI (Grok)

We send only the minimum necessary text needed for the model to generate a response.

We do not send:

• biometric data

• wellness data

• Ousia constellation data

• emotional signatures

• relational graph structures

AI insights are informational and not suitable for clinical, legal, or therapeutic decisions.

7. Google OAuth Compliance

If you authenticate using Google:

• We receive your name and email

• We never see your Google password

• You may revoke access at any time

We comply with the Google API Services User Data Policy, including the Limited Use Policy.

8. Third-Party Processors

We share data with trusted service providers as necessary to operate the Services, including:

• Amazon Web Services (hosting)

• Auth0 (authentication)

• Stripe (payments)

• Rook (biometric middleware)

• LLM providers (text inputs only)

• PromptLayer (prompt instrumentation)

• Email service providers

Processors are contractually obligated to protect your data.

9. Data Security

We use industry-standard safeguards:

• TLS 1.2+ encryption

• AES-256 data encryption at rest

• VPC isolation

• MFA for administrative access

• Least-privilege access controls

• Monitoring and audit logging

• Regular secure backups

No system can guarantee absolute security.

10. Data Retention

• Active account data: kept for as long as your account remains active

• Ousia constellation / derived insights: deleted upon request or account closure

• Biometric / wellness data: removed upon disconnection and deleted upon account closure

• Backup data: retained 30–90 days after deletion

• De-identified / aggregated data: retained indefinitely

11. Your Rights

Depending on your state (e.g., CA, CO, CT, VA), you may have rights to:

• Access your data

• Correct inaccuracies

• Delete your data

• Opt out of certain processing

• Request data portability

• Limit use of sensitive information

We will respond to verified privacy requests within 45 days, with an optional 45-day extension when reasonably necessary.

Identity Verification:

For safety and security, we may request additional information to verify your identity before fulfilling any privacy request.

To submit a request: [email protected]

We do not sell personal data as defined under CCPA/CPRA.

12. Crisis or Safety Disclosures

Athena is not a crisis-management tool.

If the system detects indications of self-harm or harm to others, it may display supportive resources or encourage contacting emergency services.

We do not contact emergency responders unless legally required.

13. Your Data & Derived Data Ownership

Users may request:

• account deletion

• deletion of derived insights (e.g., Ousia constellation)

• deletion of third-party relationship data

• export of personal data, including derived insights

We do not delete de-identified or aggregated data that cannot be linked back to you.

All inference models, schemas, agent logic, and system architecture remain PineWoodsAI’s intellectual property.

14. Children’s Privacy

The Services are not intended for children under 13, and we do not knowingly collect personal information from children.

15. Changes to This Policy

We may update this Privacy Policy periodically.

The “Last Updated” date reflects the most recent version.

Continued use of the Services constitutes acceptance of updated terms.

16. Contact Us

PineWoodsAI LLC

8 The Green #8292

Dover, DE 19901

Email: [email protected]