Privacy Policy

Last updated: April 15, 2026

ThermaPath ("we", "us", or "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

We collect information you provide directly when you create an account or use the app:

• Account data: Email address, optional display name, and password (stored as a secure hash — we never store your plain-text password)
• Session data: Sauna type, duration, temperature, notes, and subjective feeling rating that you log in the app
• Usage data: Timestamps of when sessions were logged and which protocols you use
• Consent record: Timestamp of when you agreed to this Privacy Policy and our Terms of Service

We do not collect location data, biometric data, or health data beyond what you explicitly enter.

2. How We Use Your Information

• To provide and improve the ThermaPath service
• To sync your sessions across devices when you're logged in
• To calculate streaks, statistics, and progress dashboards
• To communicate important service updates (rarely, and only by email)
• To process payments through our payment processor (Stripe) if you subscribe to a paid plan

3. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to any third party, ever.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted by Neon and served via Render. Passwords are hashed with bcrypt (industry-standard). Authentication uses JWT tokens with a 30-day expiry. We use HTTPS for all data in transit.

5. Cookies & Local Storage

ThermaPath uses localStorage (not traditional cookies) in your browser to:

• Store your authentication token so you stay logged in
• Cache session data and stats for offline access
• Remember your temperature unit preference (°F or °C)
• Queue sessions logged while offline for sync when reconnected

We do not use third-party tracking cookies or advertising cookies.

6. Third-Party Services

We use the following third-party services:

• Stripe — payment processing for premium subscriptions. Stripe has its own privacy policy.
• Google Fonts — for typography (Space Grotesk, DM Sans). Font requests go to Google's servers.
• Render — application hosting infrastructure.
• Neon — database hosting.

7. Data Retention

We retain your account and session data for as long as your account is active. If you request deletion, we will delete your account and all associated session data within 30 days.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and data
• Export your session data

To exercise any of these rights, email us at support@thermapath.app.

9. Children's Privacy

ThermaPath is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us their information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We'll update the "last updated" date at the top and, for material changes, notify you by email. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Email us: support@thermapath.app

---

ThermaPath is operated by thermapath.app. See also our Terms of Service.