Skip to main content
If you're in crisis: 988 (call or text) · SAMHSA 1-800-662-4357
All crisis & recovery resources →
Brick by Brick Strategy

Privacy

What we do — and don’t — with your information.

This policy is plain-language. A counsel-reviewed formal version will be linked when finalized. Both versions hold.

Last updated: 2026-05-12 (draft pending counsel review).

The short version

The platform’s default is zero-retention beyond what you save. Free-text responses live in your account; nothing is shared with employers, insurers, courts, or any other organization without your explicit choice. No tracking pixels. No ad networks. No third-party cookies. Cookieless analytics (Plausible) only on public pages.

What we collect

On public pages

Plausible Analytics records anonymized page views (no IP, no fingerprint, no cookies). Resend records email opens and clicks for transactional messages you receive after creating an account.

On the platform (authenticated)

When you create an account we store:

  • Email address (for sign-in and account recovery)
  • The hashed password (we never see your actual password)
  • Your entitlement type — book buyer (12-month access), subscriber, or IHC program participant (free annual access)
  • The application responses you choose to save

When you use a platform application your in-progress work is held in your browser (auto-save). When you save the work it lives in the platform’s database tied to your account.

What we never collect

  • Geolocation
  • Device fingerprints
  • Cross-site browsing history
  • Information about your treatment provider, employer, sponsor, or family
  • Payment card numbers (Stripe handles payment; we receive only the confirmation)

What we never share

We do not share your data with employers, insurance companies, courts, regulators (absent court order), advertising networks, or any other party. We do not sell your information. We do not provide your responses to AI vendors for training. This is the entire point of the privacy posture.

Crisis events

When the platform’s active-use trigger fires in the Readiness Assessment or other crisis-aware applications, we log the event (your account ID, the application, the timestamp). We do this for safety pattern monitoring at the aggregate level — never for marketing, never for treatment recommendation, never shared externally. The trigger itself routes you to crisis resources and does not save the application session.

Your rights

You have the right to:

  • Download all data we hold about you
  • Correct or update any data
  • Delete your account, which deletes all associated data within 30 days
  • Cancel a subscription at any time via the Stripe Customer Portal

To exercise any of these, write to privacy@brickbybrickstrategy.com. We respond within 14 days.

Cookies

We use a session cookie when you are signed in (required for the platform to know who you are during your session). We do not use any other cookies — no tracking, no analytics, no advertising.

Updates

We may update this policy as the platform evolves or as counsel reviews proceed. Material changes are dated in the header above and will be notified by email to active accounts. Prior versions are retained for transparency.

← Home