⚠️ Privacy Guarantee: Your EEG data and code content are NEVER shared without explicit consent. We are GDPR compliant and working toward ISO 27001, SOC 2 Type 2 certification.
1. Information We Collect
Account Information
- GitHub username and email (via GitHub OAuth)
- Subscription tier (Individual, Professional, Enterprise, Copilot)
- API key (generated for authentication)
- Billing information (processed by GitHub Marketplace)
Usage Metrics
- API call counts and timestamps
- Session history (Professional+ tier)
- Learning velocity metrics across 7 domains
- Gate efficiency scores (Gate 1/2/3, system efficiency)
- Accuracy, latency, SNR measurements
EEG Data (Copilot Tier Only)
- Real-time EEG signals (8 channels, 250 Hz sampling)
- Processed cognitive metrics (focus, stress, engagement)
- Neural encoding vectors (user_traits: 64-dimensional)
- Retention: 24 hours only, encrypted at rest
- ⚠️ NEVER shared with managers, leadership, or third parties
Code Context (With Consent)
- Current file path and programming language
- Code snippets (only when you submit for optimization)
- Git history (optional, for context-aware suggestions)
- Default: Code content PRIVATE (metrics only visible to leadership)
- Opt-in sharing: User-controlled, time-limited access for mentoring
2. How We Use Your Information
| Data Type |
Purpose |
Who Can Access |
| Account Info |
Authentication, billing, support |
You + L.I.F.E Platform admins |
| Usage Metrics |
Personal learning reports, platform optimization |
You + org leaders (aggregated only) |
| EEG Data |
Real-time neuroadaptive optimization |
You ONLY (never shared) |
| Code Content |
Optimization suggestions, mentoring |
You + opt-in mentors (time-limited) |
3. Data Sharing & Privacy Protection
What's ALWAYS Private (NEVER Shared)
- ❌ EEG data - Protected by law, encrypted, 24-hour retention only
- ❌ Code content - Private by default, opt-in sharing required
- ❌ Personal cognitive insights - "Best learning time Tuesday 10 AM" stays private
- ❌ Neural encoding vectors - Your 64-dimensional user_traits profile is private
What Leaders Can See (Metrics Only)
- ✅ Performance metrics (accuracy, velocity, gate scores)
- ✅ Team/department aggregates (Enterprise tier)
- ✅ KPIs and improvement trends
- ❌ NO personal EEG data
- ❌ NO code content (unless you opt-in share)
Opt-In Code Sharing (User Controlled)
You can share code for mentoring/guidance with:
- Who: Manager, senior dev, team lead, or specific person
- Duration: 24 hours, 7 days, until resolved, or permanent
- Purpose: Code review, mentoring, optimization guidance
- Revocable: You can revoke access anytime
- Audit trail: You see exactly who viewed your code and when
Anonymous Aggregates
We share anonymous platform-wide statistics:
- Average system efficiency: 99.3% (your data contributes anonymously)
- Benchmark percentiles: "You're in top 32%" (no names/usernames)
- Best practices insights: Derived from aggregate patterns, not individuals
4. Data Retention by Tier
| Tier |
Session History |
EEG Data |
Neural Profiles |
| Individual |
View-only (no storage) |
N/A |
N/A |
| Professional |
30 days |
Optional hardware (if used: 24 hours) |
30 days |
| Enterprise |
1 year org data, 30 days individual |
Optional hardware (24 hours) |
1 year |
| Copilot |
Permanent (for learning) |
24 hours only |
Permanent |
Post-Termination: You have 30 days to export data via API. After 30 days, data is permanently deleted.
5. Your Rights (GDPR)
- Right to Access: Request copy of all your data via
GET /api/user/{user_id}/export
- Right to Deletion: Request permanent deletion via
DELETE /api/user/{user_id}
- Right to Export: Download data in JSON format (portable)
- Right to Opt-Out: Stop processing (terminates subscription)
- Right to Rectification: Correct inaccurate data via dashboard
- Right to Object: Object to specific processing (e.g., marketing emails)
Exercise your rights: privacy@lifecoach-121.com
6. Security Measures
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Multi-tenant isolation: Dedicated Cosmos DB partitions (Enterprise tier)
- Access controls: RBAC with Team Lead, Director, VP roles
- Audit logging: 7-year compliance trail (SOC 2, HIPAA ready)
- Regular audits: Quarterly security scans, annual penetration tests
- Incident response: 24-hour breach notification (GDPR compliant)
7. Third-Party Services
We use these third-party services:
- GitHub Marketplace: Billing and subscription management
- Railway.app: Application hosting (US/EU data centers)
- Azure Cosmos DB: Database storage (encrypted, multi-region)
- Emotiv/OpenBCI: EEG hardware (data processed locally, not uploaded)
Data Processing Agreements (DPA): All third parties have signed DPAs with GDPR compliance clauses.
8. International Data Transfers
L.I.F.E Platform is based in the UK. Data may be transferred to:
- EU: Azure Cosmos DB (Europe West region)
- US: Railway hosting (optional, you can choose EU-only)
- Safeguards: Standard Contractual Clauses (SCCs) for non-EU transfers
9. Children's Privacy
L.I.F.E Platform is NOT intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact us immediately for deletion.
10. Changes to Privacy Policy
We may update this Privacy Policy with 30 days notice via:
- Email to registered address
- GitHub Marketplace notification
- Dashboard banner on login
Continued use after changes constitutes acceptance.