Legal
Privacy Policy
Last updated: 2026-05-27.
Draft for review — final wording confirmed before public launch.
This Privacy Policy explains how FalconBridge Partners FZC LLC (“FalconBridge”, “we”, “us”, or “our”) collects, uses, stores, discloses, and protects personal data in connection with the Stay With The Question platform, website, applications, and related services (collectively, the “Service”).
FalconBridge Partners FZC LLC is registered in the Ajman Free Zone, United Arab Emirates.
This Privacy Policy is intended to support compliance with:
-
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”);
-
applicable implementing regulations;
-
and, where applicable, certain international privacy obligations including the EU General Data Protection Regulation (GDPR) and UK GDPR.
By using the Service, you acknowledge the practices described in this Privacy Policy.
1. Who We Are
Controller:
FalconBridge Partners FZC LLC Ajman Free Zone United Arab Emirates
Contact Email: privacy@stwtq.com Website: https://stwtq.com
For privacy-related requests, you may contact us using the details above.
2. Scope of This Policy
This Privacy Policy applies to personal data collected when you:
-
create an account;
-
use the coaching or inquiry features;
-
communicate with us;
-
subscribe to paid services;
-
access our website or applications; or
-
otherwise interact with the Service.
This Privacy Policy does not apply to third-party websites, services, or platforms that may be linked through the Service.
3. Categories of Personal Data We Collect
3.1 Information You Provide Directly
We may collect:
-
name and preferred name;
-
email address;
-
authentication credentials;
-
account preferences;
-
journal entries and coaching-session content;
-
inquiry responses and written reflections;
-
reminder settings and communication preferences;
-
support requests and communications;
-
subscription and billing-related metadata; and
-
information voluntarily disclosed during use of the Service.
3.2 Authentication and Login Information
If you use third-party authentication providers (such as Google OAuth), we may receive:
-
your account identifier;
-
profile name;
-
email address; and
-
authentication metadata.
We do not receive your third-party account passwords.
3.3 Automatically Collected Information
We may automatically collect:
-
IP address;
-
browser type;
-
operating system;
-
device identifiers;
-
login timestamps;
-
usage events;
-
feature interactions;
-
session duration;
-
error logs;
-
security events; and
-
approximate geolocation derived from IP address.
3.4 Sensitive or Special-Category Data
Although the Service is not intended for healthcare or therapeutic use, users may voluntarily disclose information relating to:
-
mental or emotional wellbeing;
-
relationships;
-
personal challenges;
-
religious or philosophical beliefs;
-
work-related stress;
-
political opinions; or
-
other sensitive personal matters.
Where required by applicable law, we process such information based on your consent and/or where necessary to provide the Service requested by you.
You should avoid submitting information you do not wish to disclose.
4. How We Use Personal Data
We use personal data for the following purposes:
4.1 Providing the Service
Including:
-
account creation and authentication;
-
coaching and inquiry interactions;
-
AI-generated response delivery;
-
session continuity;
-
user support; and
-
subscription management.
4.2 AI Processing
User-submitted content may be processed through third-party AI providers to generate coaching responses and facilitate Service functionality.
AI systems are used solely to support reflective inquiry functionality and user interactions.
4.3 Safety and Crisis Protocols
We may process certain user interactions for safety-related purposes, including:
-
automated detection of potential crisis-related language;
-
temporary coaching-session restrictions;
-
delivery of support-resource information; and
-
maintenance of crisis-event logs where reasonably necessary for safety, legal, or operational purposes.
4.4 Communications
We may use personal data to:
-
send transactional emails;
-
provide service notifications;
-
send authentication or security communications;
-
deliver support communications; and
-
send marketing communications where permitted by law or based on consent.
You may opt out of marketing communications at any time.
4.5 Security and Fraud Prevention
We use data to:
-
maintain platform integrity;
-
prevent abuse or misuse;
-
investigate suspicious activity;
-
enforce our Terms of Service; and
-
comply with legal obligations.
4.6 Analytics and Service Improvement
We use privacy-friendly, cookieless analytics to understand how the Service is used in aggregate:
-
Vercel Web Analytics measures aggregate usage and performance across the Service. It is cookieless, uses no cross-site tracking, collects no personally identifiable information, and builds no individual user profiles.
-
Plausible Analytics measures aggregate traffic on our public marketing website only (not the authenticated app). It is cookieless and does not track individuals across sites.
We may use the resulting aggregated, anonymized, or de-identified data to:
-
understand Service usage;
-
improve user experience;
-
monitor performance;
-
develop new features; and
-
support operational decision-making.
We do not use analytics to identify individual users, and we do not sell or share analytics data for advertising.
5. Legal Bases for Processing
Depending on your jurisdiction, we process personal data based on one or more of the following grounds:
-
performance of a contract;
-
consent;
-
compliance with legal obligations;
-
legitimate business interests;
-
protection of vital interests; and/or
-
other lawful grounds permitted under applicable law.
Examples include:
| Processing Activity | Legal Basis | | --- | --- | | Account creation | Contract performance | | Coaching interactions | Contract performance and consent | | AI response generation | Contract performance and consent | | Transactional emails | Contract performance | | Marketing communications | Consent | | Safety and crisis interventions | Legitimate interests and vital interests | | Security monitoring | Legitimate interests | | Compliance obligations | Legal obligation |
6. AI Processing and Automated Systems
The Service uses artificial intelligence systems, including third-party large language model providers, to generate coaching and inquiry responses.
You acknowledge that:
-
user-submitted content may be processed by AI providers;
-
AI-generated responses may be inaccurate or inappropriate;
-
AI outputs are not human-reviewed in real time;
-
the Service does not make legally binding or similarly significant automated decisions about users; and
-
AI systems are used solely to facilitate reflective inquiry functionality.
We currently use AI processing providers including Anthropic.
We do not intentionally provide identifying account information (such as your name or email address) to AI providers when generating coaching responses.
7. Cookies and Similar Technologies
The Service uses cookies, local storage, and similar technologies for:
-
authentication;
-
session management;
-
security;
-
functionality; and
-
performance monitoring.
Our analytics are cookieless and do not rely on cookies or similar tracking technologies (see Section 4.6).
We do not use advertising cookies or sell personal data for behavioral advertising.
Where required by applicable law, we will obtain consent before using non-essential cookies or similar technologies.
8. Third-Party Service Providers
We may share personal data with trusted service providers supporting operation of the Service.
These may include providers for:
-
cloud hosting;
-
database infrastructure;
-
AI processing;
-
authentication;
-
analytics;
-
customer communications;
-
payments;
-
monitoring; and
-
security.
Current providers may include:
-
Anthropic;
-
Supabase;
-
Vercel;
-
Resend;
-
Stripe;
-
Sentry;
-
Google OAuth; and
-
Plausible Analytics.
These providers may process data in jurisdictions outside your country of residence, including the United States.
9. International Transfers
Because the Service operates globally, personal data may be transferred to and processed in countries outside your jurisdiction, including jurisdictions that may not provide the same level of data-protection rights.
Where required by applicable law, FalconBridge implements appropriate safeguards for international transfers, which may include:
-
contractual protections;
-
standard contractual clauses;
-
vendor data-processing agreements;
-
security measures; and/or
-
user consent where required.
By using the Service, you acknowledge that international transfers may occur.
10. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:
-
providing the Service;
-
maintaining user accounts;
-
complying with legal obligations;
-
resolving disputes;
-
enforcing agreements; and
-
protecting platform integrity.
Retention periods may include:
| Data Category | Typical Retention Period | | --- | --- | | Active account information | Duration of account activity | | Coaching-session content | While account remains active | | Crisis-event logs | As reasonably necessary for safety and compliance | | Transaction records | As required by law | | Security and audit logs | Operationally necessary periods | | Aggregated anonymized analytics | Indefinite |
Where feasible, data may be anonymized rather than deleted.
11. Data Security
We implement technical and organizational measures designed to protect personal data, including:
-
encryption in transit;
-
encryption at rest where applicable;
-
access controls;
-
authentication protections;
-
database isolation mechanisms;
-
logging and monitoring; and
-
vendor security controls.
However, no security system is completely secure.
We cannot guarantee absolute security of information transmitted or stored through the Service.
12. User Rights
Depending on your jurisdiction and applicable law, you may have rights including:
-
access to personal data;
-
correction of inaccurate data;
-
deletion of personal data;
-
restriction of processing;
-
portability of personal data;
-
withdrawal of consent;
-
objection to certain processing activities; and
-
complaint rights with applicable regulators.
You may submit requests by contacting privacy@stwtq.com.
We may request verification of identity before responding.
We will respond within legally required timeframes where applicable.
13. Data Breach Response
FalconBridge maintains internal processes for identifying, assessing, and responding to potential security incidents and data breaches.
Where legally required, we may notify:
-
regulators;
-
affected users; and/or
-
relevant authorities
regarding serious personal-data breaches.
14. Children’s Privacy
The Service is intended solely for users aged 18 years or older.
We do not knowingly collect personal data from children.
If we become aware that a child has submitted personal data, we may delete the information and terminate associated accounts.
15. Third-Party Links and External Services
The Service may contain links to external websites or third-party resources.
We are not responsible for the privacy practices, security, or content of third-party services.
Users should review the privacy policies of third-party providers independently.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically.
When material changes are made, we may provide notice through:
-
email;
-
in-app notifications; or
-
publication within the Service.
Continued use of the Service after updates become effective constitutes acknowledgment of the revised Privacy Policy.
17. Contact Information
FalconBridge Partners FZC LLC Ajman Free Zone United Arab Emirates
Privacy Contact: privacy@stwtq.com General Contact: legal@stwtq.com Website: https://stwtq.com