Legal

Privacy Policy

Effective 3 July 2026 · Applies to the Coherence program at coherenceframework.com

This policy explains what Coherence collects, how your journal is encrypted, who processes it to deliver the guidance, and the rights you have over your data. It is specific to the Coherence program; other Crossroads Ventures offerings may be covered by separate terms.

The short version. Your journal is encrypted at rest under a key derived from your own passphrase — we can't read your stored entries or sessions, and neither can our backups or staff. To produce each reflection, your words are processed in the moment by the third-party providers that power our automated guidance, under enterprise terms that prohibit using them for training and require deletion within 30 days. We never sell or rent your data.

Contents

  1. Who we are
  2. What we collect
  3. How your journal is encrypted
  4. How we use your information
  5. How your content is processed
  6. International transfers
  7. How long we keep it
  8. Your rights
  9. Security
  10. Age requirement
  11. Changes to this policy
  12. Contact

1. Who we are

The Coherence program is operated by Crossroads Ventures Desenvolvimento Organizacional e de Liderança Ltda, trading as Crossroads Ventures LTDA (CNPJ 41.816.436/0001-30), Porto Alegre, RS, Brazil ("Coherence", "we", "us"). Coherence is an interactive digital workspace providing personal guidance and instructional methodologies based on the copyrighted Coherence Framework. We are the controller of the personal data described in this policy. You can reach us at support@cameroncross.com.

2. What we collect

Account information

Your name, email address, and a securely hashed form of your password. We store a one-time recovery code only in a form we cannot read (see Encryption below).

Your journal content

The material you create in the program — session messages and transcripts, journal entries, reflections, your coherence profile and reading, and related notes. This content is encrypted at rest under your own key and is not readable by us in storage.

Voice audio

If you use voice mode, your spoken audio is captured to transcribe it to text. Audio is processed transiently for that purpose and is not retained by us as a stored recording.

Billing information

If you subscribe, our third-party payment processor collects and processes your payment details. We do not store your full card number — we retain only records of your plan, transactions, and status needed to run your subscription.

Technical and usage data

Standard server logs (such as IP address, device/browser type, timestamps), and limited operational and educational-performance evaluation information we use to run and secure the program, support your guidance and follow-up, and understand aggregate usage and cost. The program stores an authentication token in your browser's local storage to keep you signed in.

3. How your journal is encrypted

Your journal content is stored in a per-account encrypted database. Each account has its own encryption key, which is protected ("wrapped") by a key derived from your passphrase and a one-time recovery code. We store only the wrapped form — the server cannot unwrap it on its own.

Your key exists in readable form only in memory during an active, unlocked session, and is never written to disk. As a result, our database, our backups, and our staff see only ciphertext of your journal content.

Important trade-off. Because only you can unlock your content, if you lose both your password and your recovery code, we cannot recover your encrypted journal for you. Please keep your recovery code somewhere safe.

4. How we use your information

We collect and use your information strictly to provide operational support for the monitoring, personal guidance, and evaluation of your educational performance and development within the Coherence Framework — specifically:

We do not sell or rent your personal data, and we do not share it with third parties for their own marketing.

5. How your content is processed

Coherence delivers automated, conversational guidance. To produce a reflection, the program assembles the content that turn needs and sends it to the third-party providers that power that guidance. We work with the following categories of processors (sub-processors), under contractual terms that restrict how they may handle your data:

The specific providers we use may change as we improve the service. Where they process content on our behalf, they act as our processors under agreements that require appropriate security and confidentiality.

6. International transfers

We operate internationally, and our providers may process data on servers located outside Brazil, including in the United States and other countries. By using the service you understand that your data may be transferred to, and processed in, those countries, whose data-protection laws may differ from your own. Where required, we rely on appropriate safeguards for such transfers.

7. How long we keep it

We keep your account and journal content for as long as your account is active. You can delete individual content in the program, and you can ask us to delete your account. Encrypted backups are retained for a limited period and then cycled out. We may retain limited billing and transaction records for as long as required by law and tax obligations, even after account closure.

8. Your rights

Subject to applicable law — including Brazil's LGPD and, where relevant, the GDPR — you may have the right to:

To exercise these rights, contact support@cameroncross.com. Note that, because of the encryption described above, we are technically unable to access or reproduce the plaintext of your encrypted journal content — for that content, access and portability are available to you through the program while you can unlock it. Some records may be retained where the law requires.

9. Security

We protect your data with encryption at rest under client-held keys, encryption in transit, hashed passwords, and access controls. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security, but we work to protect your information and to keep the strong properties described in this policy true.

10. Age requirement

Coherence is intended for adults. It is not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a minor has provided us data, contact us and we will remove it.

11. Changes to this policy

We may update this policy as the service evolves or the law changes. We will update the effective date above and, for material changes, take reasonable steps to notify you. Continued use after an update means you accept the revised policy.

12. Contact

Questions or requests about your privacy: support@cameroncross.com, Crossroads Ventures Desenvolvimento Organizacional e de Liderança Ltda (Crossroads Ventures LTDA), Porto Alegre, RS, Brazil.