Privacy Policy

Effective date: March 22, 2026

1. Introduction

Logixr Corp, doing business as HolosLabs ("HolosLabs," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share your personal information when you use the HolosCognitive application, website, and related services (the "Service").

2. Information We Collect

2.1 Information You Provide

Account data: name, email address, password (hashed)
Profile data: dopamine triggers, avoidant task types, age group
Content data: goals, tasks, calendar events, notes, SOP documents
Billing data: processed by Stripe, Apple, or Google — we do not store credit card numbers
Communication data: support requests, feedback

2.2 Biometric & Health-Related Data

Heart Rate Variability (HRV), sleep debt, cortisol levels, body temperature (from Apple Health / Health Connect, with your permission)
Somatic state assessments (PRISMATIC / FRAGMENTED / SHARDS)
Logixr Allostatic Load Index (LALI) scores
Ambient noise level — measured on-device in real time to detect environment context; the raw noise reading is never recorded or transmitted to our servers
Biometric authentication method (Face ID, Touch ID, or fingerprint) — used by your device's secure enclave only; we never receive or store your biometric templates

Biometric and health data is used exclusively for capacity assessment and is never sold, shared with advertisers, or used for insurance underwriting purposes.

2.3 Automatically Collected Data

Device information, browser type, operating system
IP address and approximate geolocation (for weather-aware scheduling)
WiFi network name (SSID) — read on-device when the app is in the foreground to automatically switch your task context when you arrive at a known location (e.g., home vs. office); the SSID is evaluated locally and is not transmitted to our servers
Usage analytics (feature usage, session duration)

3. How We Use Your Information

Provide, maintain, and improve the Service
Generate AI-powered cognitive scaffolds and task recommendations
Calculate capacity state, transition tax, and somatic assessments
Process subscription billing and prevent fraud
Send transactional emails (password resets, billing receipts, account alerts)
Maintain immutable audit trails for enterprise compliance (ISO 9001)
Comply with legal obligations

We never sell your personal information. We do not use your data for advertising or behavioral targeting.

4. Google API Services — Calendar Integration

HolosCognitive integrates with Google Calendar via OAuth 2.0 to read your calendar events and display them in a unified calendar view alongside events from other connected calendars. This section describes exactly how we access, use, store, and protect your Google data in compliance with the Google API Services User Data Policy.

4.1 Scopes Requested

https://www.googleapis.com/auth/calendar.readonly — Read-only access to your Google Calendar events. Used to import event data into the unified calendar view, compute your schedule density score, and generate scaffold transition buffers. We never create, edit, delete, or write calendar events.
https://www.googleapis.com/auth/userinfo.email — Read your Google account email address. Used solely to identify and link your Google Calendar integration to your HolosCognitive account.

4.2 What Google Calendar Data We Access

Event title, start time, end time, and recurrence rule
Event description (if present) — displayed to you in the unified calendar view
Event location (if present) — displayed to you in the unified calendar view
Calendar timezone
Your Google account email address (for account linking only)

We do not access attendee lists, video conference links, attachments, or any other calendar data beyond what is listed above.

4.3 How We Use Google Calendar Data

Google Calendar data is used exclusively for the following prominent, user-facing features:

Displaying your events in the unified calendar view alongside events from other connected calendars (Google, Microsoft, Apple)
Computing your daily schedule density score for the LALI allostatic load calculation
Generating transition buffer micro-steps around scheduled events in your cognitive scaffold
Triggering Governor alerts when schedule density approaches your allostatic threshold

We do not use Google Calendar data to train AI models, serve advertisements, build behavioral profiles, or for any purpose beyond the user-facing features listed above.

4.4 Token Storage and Security

OAuth access tokens and refresh tokens issued by Google are encrypted at rest using AES-256-GCM and stored in our PostgreSQL database with row-level access controls. Tokens are never logged, never transmitted to third parties, and are scoped exclusively to your HolosCognitive account. You may revoke access at any time by disconnecting the integration from Settings → Calendar Integrations, which immediately deletes all stored tokens and synced event data.

4.5 Google API Limited Use Compliance

HolosCognitive's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

Google user data is used only to provide or improve user-facing features visible within HolosCognitive
Google user data is not transferred to third parties except as necessary to provide the service (e.g., encrypted storage on our infrastructure)
Google user data is not used for serving advertisements
Google user data is not used to train generalized AI or ML models
Human access to Google user data is prohibited except for individual users acting on their own data, for security purposes, or when required by law

4.6 AI Processing of Calendar Data

Your goals and task inputs are sent to Google's Gemini AI API for scaffold generation. Calendar event data (titles, times, and descriptions) may be included in scaffold generation prompts to contextualize your daily capacity. This data is transmitted securely, is subject to Google's AI API data processing terms, and is not stored by the AI provider beyond the request lifecycle. We do not use your data to train AI models.

5. Google API Services — Ambient Photos Integration

HolosCognitive offers an optional ambient photo display feature for household TV devices. When enabled, it integrates with the Google Photos Ambient API via OAuth 2.0 using the Device Authorization Grant flow. This section describes exactly how we access, use, store, and protect your Google Photos data in compliance with the Google API Services User Data Policy.

5.1 Scope Requested

https://www.googleapis.com/auth/photosambient.mediaitems — Read-only access to your Google Photos library via the Ambient API, purpose-built for ambient display devices. Used exclusively to retrieve photo URLs for display on your household's TV ambient screen. We never upload, edit, delete, or modify your photos.

5.2 What Google Photos Data We Access

Temporary photo display URLs returned by the Ambient API for the current session
Photo metadata required for display (dimensions, orientation)

We do not store photo URLs or photo content beyond the active display session. Photo URLs expire and are never written to our database, cached to disk, or transmitted to third parties. When you disconnect the integration, all stored tokens are immediately and permanently deleted.

5.3 How We Use Google Photos Data

Google Photos data is used exclusively for the following prominent, user-facing feature:

Displaying your photos on your household's ambient TV screen as a screensaver/display mode within the HolosCognitive TV app

We do not use Google Photos data to train AI models, serve advertisements, build behavioral profiles, index your photo library, or for any purpose beyond the ambient display feature listed above.

5.4 Token Storage and Security

OAuth access tokens and refresh tokens are encrypted at rest using AES-256-GCM and stored per-household in our PostgreSQL database. Tokens are scoped to a single household, never logged, and never transmitted to third parties. The integration is authorized per household via the Device Authorization Grant flow on your TV device. You may revoke access at any time from Settings → Household → Ambient Display, which immediately deletes all stored tokens.

5.5 Google API Limited Use Compliance

HolosCognitive's use of data received from the Google Photos Ambient API adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

Google Photos data is used only to provide the ambient display feature visible within the HolosCognitive TV app
Photo URLs are never stored, cached, or persisted beyond the active display session
Google Photos data is not transferred to third parties
Google Photos data is not used for serving advertisements
Google Photos data is not used to train AI or ML models
Human access to Google Photos data is prohibited except for the household member who authorized the integration, for security purposes, or when required by law

6. Data Sharing

We share your data only in the following circumstances:

Service providers: Stripe (payments), Google Cloud (AI), Sentry (error monitoring), SMTP providers (email)
Organization members: If you join an organization, admins may see aggregate usage data and audit logs as required for their operational track
Family/household members: Somatic status and shared landmarks are visible to household members you explicitly approve
Legal compliance: When required by law, subpoena, or court order
Business transfer: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement industry-standard security measures including: encrypted data in transit (TLS), hashed passwords (bcrypt), AES-256-GCM encryption for SSO secrets, JWT-based authentication, rate limiting, and immutable audit logging. Biometric data is stored in our PostgreSQL database with row-level access controls.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, data is purged on the schedule below. You may request early deletion by contacting [email protected].

Data Category	Retention Period	Basis
Account & profile data	Deleted within 30 days of account deletion	User request / service provision
Goals, tasks, notes	Deleted within 30 days of account deletion	User request
Health & biometric data (HRV, sleep, LALI scores)	Deleted within 30 days of account deletion	User request; never retained longer than account lifetime
Calendar event data (synced from Google / Apple / iCloud)	Deleted within 30 days of account deletion or integration disconnect	User request / Google API Limited Use policy
Somatic state history & scaffold logs	Deleted within 30 days of account deletion	User request
Audit trail records (enterprise compliance)	Up to 7 years	ISO 9001 / legal obligation
Billing records	7 years	Tax / financial regulation
Anonymized, aggregated analytics	Indefinitely (non-identifiable)	Legitimate interest — product improvement

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Access, correct, or delete your personal data
Export your data in a portable format
Withdraw consent for optional data processing
Object to automated decision-making
Lodge a complaint with a data protection authority

To exercise these rights, contact us at [email protected].

9. Children's Privacy

Education track accounts for users under 13 are provisioned by parents, guardians, or authorized educational institutions in compliance with COPPA. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

10. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for cross-border data transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

12. Contact

For privacy inquiries, contact our Data Protection team at [email protected].

Logixr Corp · DBA HolosLabs · Operator of HolosCognitive