Privacy Policy

The Fires Within™ ("we," "us," or "our"), a sole proprietorship based in New Jersey, USA, operates this website at www.the-fires-within.com (the "Site") and the GUIDO behavioral companion platform. This Privacy Policy describes what information we collect, how we use it, who we share it with, and the rights you have over your data. Contact: info@the-fires-within.com.

1. Information We Collect

We collect three categories of information:

• Information you provide directly: name, email, phone number, behavioral check-in responses, journal entries, and Guardian Ring contact information you designate.
• Information collected automatically: device type, IP address, browser type and version, operating system, pages visited, app usage, and — with your explicit opt-in — biometric data from connected smartwatches and location data.
• Information from third parties: when you are enrolled through an institutional program such as a probation department, the supervising agency provides your contact and assignment information.

Age verification data: The Site is restricted to users aged 18 and older. We collect age confirmation when you enter the Site.

2. How We Use Your Information

We use the information we collect to provide and operate the GUIDO service, maintain your account, process payments, build your Personal Pattern Profile, detect behavioral escalation and trigger interventions and Guardian Ring alerts, maintain compliance audit trails for institutional enrollments, improve the Site and the service, respond to your inquiries, and comply with legal obligations.

We do not sell your personal data. We do not use your behavioral data for advertising. We do not share raw conversation transcripts with anyone, including your guardians.

3. SMS Text Messaging Communications

The Fires Within™ uses SMS text messaging for two purposes only: (a) account-related notifications such as verification, password reset, and billing receipts; and (b) Guardian Ring alerts to phone numbers that you have explicitly designated and that the recipient has explicitly accepted.

Opt-In: You opt in to receive SMS during account creation by providing your phone number and confirming consent on the communication preferences screen. You opt in to send SMS alerts to your guardians by adding their phone numbers during Guardian Ring setup and confirming the alert consent statement. Each guardian then receives an invitation link they must accept before any alerts are sent to their number.

Frequency: Account-related SMS are infrequent and triggered only by your actions. Guardian Ring alerts are triggered only by behavioral escalation events meeting Critical or Red severity thresholds; we expect 0 to 5 messages per month for most users.

Carrier Charges: Message and data rates may apply. Check with your wireless carrier.

STOP and HELP: Reply STOP to any of our SMS to opt out of further messages to that number. Reply HELP for assistance. You may also manage SMS preferences in Settings within the app.

Recipient Consent: Phone numbers added as guardians receive a one-time invitation message and must explicitly accept the Guardian Agreement before any further SMS is sent. They may opt out at any time by replying STOP.

SMS Provider: SMS is delivered via Twilio. Phone numbers and message content are processed by Twilio under their privacy and security terms.

We do not share SMS opt-in data with any third parties for marketing purposes. We do not sell phone numbers or SMS content. SMS data is used solely to deliver the alerts you authorized. We do not send promotional, marketing, or advertising SMS — all SMS is transactional or safety-related.

4. How Your Information Is Stored

The Personal Pattern Profile (PPP) is stored on your device, encrypted at rest. Conversation history is encrypted in cloud storage so you can access conversations across devices, secured with AES-256 at rest and TLS 1.3 in transit. Account, billing, and audit data are stored in secure cloud databases within the United States. Biometric data, if opted in, is encrypted in transit and at rest and visible only to you and GUIDO unless you explicitly grant access. We retain data for as long as your account is active and for up to 30 days after deletion, except where longer retention is required by law or by your supervising agency under institutional enrollment.

5. Who We Share Information With

We share information only as follows:

• Designated guardians — receive Guardian Ring alerts at the level you configure (Summary Only, Detailed Mood, or Full Alert Context) and never see raw conversation transcripts.
• Institutional supervisors — if you are enrolled through a probation, parole, drug court, or court-ordered treatment program, your assigned officer or therapist receives behavioral summaries, compliance data, and red-flag alerts as configured by the institution.
• Service providers who help us operate the service: Anthropic for AI conversations, AWS for cloud infrastructure, Stripe for payments, Twilio for SMS and voice, Firebase for push notifications and hosting.
• Legal authorities when required by law, court order, or lawful agency request.
• Aggregated anonymized research data, with your separate opt-in, contributed to the Large Behavioral Model research dataset.

We do not sell or rent your personal data.

6. Your Rights and Controls

You have the right to access and export your full behavioral record, correct your profile and preferences, delete the local PPP from your device or request full account and server-side data deletion (completes within 30 days), revoke consent for location tracking, smartwatch sync, LBM contribution, or specific guardians at any time, and opt out of marketing communications (we do not send marketing SMS or email; only transactional service messages).

Important exception for institutional users: If you are enrolled through a probation, parole, drug court, or court-ordered treatment program, your behavioral data and audit trail may be retained by the supervising agency for the duration of your supervision, regardless of your individual deletion request. The Settings screen will clearly indicate this restriction. Once your supervision ends, full data control is restored.

To exercise any of these rights, please contact us at info@the-fires-within.com.

7. Age Requirement and Children's Privacy

The Site and the GUIDO platform are intended exclusively for adults aged 18 years and older. By accessing the Site, you confirm that you are at least 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from someone under 18, we will take steps to delete that information and terminate the account.

8. Security

We use commercially reasonable technical and organizational measures to protect your information, including AES-256 encryption at rest, TLS 1.3 encryption in transit, salted password hashing, role-based access controls, and audit logging on all sensitive data access. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you in accordance with applicable law.

9. California, Virginia, and Other State Rights

Residents of California (under CCPA/CPRA), Virginia (under VCDPA), Colorado, Connecticut, and other states with comprehensive privacy laws have additional rights, including the right to know, delete, correct, opt out of sale or sharing (we do not sell), and limit use of sensitive personal information. Submit requests via info@the-fires-within.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this Policy indicates when it was last revised. Material changes will be notified to you via in-app notice or email at least 30 days before they take effect.

11. Contact

Questions, complaints, or data requests should be sent to:

The Fires Within™
Attn: Privacy Officer
Email: info@the-fires-within.com
Website: www.the-fires-within.com

We respond to data subject requests within 30 days.