This Privacy Policy explains how The Masterbook ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our platform at themasterbook.live (the "Service"). We are committed to protecting your privacy in accordance with the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), and the UK General Data Protection Regulation (UK GDPR).
By creating an account and using the Service, you acknowledge that you have read and understood this policy.
The Masterbook is operated by an individual based in Sydney, New South Wales, Australia. For all privacy-related matters: privacy@themasterbook.live
This data is the core of the Service. It is stored securely in your account and used only to provide you with analytics, AI coaching, and your personal journal. It is never shared with other users or sold.
When you request AI coaching, a structured summary of your relevant journal data is sent to the Anthropic API to generate a coaching response. This data is transmitted securely and is not stored by Anthropic beyond the processing of your request. See Section 5.3.
Your data is stored in a PostgreSQL database hosted by Supabase on servers in the United States. Row-level security ensures no other user can access your data. Access is restricted to: you (through your account), us (for support and maintenance only), and our sub-processors (only as needed to provide their services).
We do not sell, rent, or trade your personal data. All data in transit is encrypted via TLS/HTTPS. Passwords are hashed and never stored in plain text.
Role: Database hosting and authentication. Data processed: all account, profile, and journal data. Location: United States. Privacy Policy ↗
Role: Subscription billing. Data processed: email address and subscription status (we do not receive card data). Location: United States / EU. Privacy Policy ↗
Role: AI coaching via the Claude API. Data processed: a structured summary of your journal data at the time of a coaching request. Not retained by Anthropic beyond processing. Privacy Policy ↗
Role: Application hosting. Data processed: IP addresses, request logs, and browser metadata. Location: United States / global CDN. Privacy Policy ↗
We use one cookie: an authentication session cookie set by Supabase when you log in. This cookie is strictly necessary for the Service to function. It is not used for advertising or tracking and is not shared with any advertising network. We do not use analytics, advertising, or tracking cookies.
Some preferences are stored in your browser's localStorage. This data stays on your device and is not transmitted to our servers.
| Purpose | Lawful Basis (GDPR) |
|---|---|
| Providing and maintaining the Service | Performance of contract |
| Authentication and account security | Performance of contract / Legitimate interests |
| AI coaching (sending journal data to Anthropic) | Performance of contract |
| Processing subscription payments | Performance of contract |
| Service-related emails | Performance of contract / Legitimate interests |
| Improving the Service | Legitimate interests |
| Complying with legal obligations | Legal obligation |
We do not use your data for advertising. We do not sell or share your data with data brokers.
This section applies to users in the European Economic Area (EEA) and the United Kingdom.
You have the right to: access a copy of your data; correct inaccurate data; erasure ("right to be forgotten"); restriction of processing; data portability (receive your data in a machine-readable format); object to processing; and rights related to automated decision-making (we do not make solely automated decisions with legal effects on you). To exercise any right, email privacy@themasterbook.live. We will respond within 30 days.
Your data is processed in the United States by our sub-processors. These transfers are made on the basis of Standard Contractual Clauses (SCCs) and the sub-processors' own compliance frameworks.
If you are in the EEA and believe your GDPR rights have been violated, you may contact your local data protection authority. If you are in the UK, contact the ICO at ico.org.uk.
We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We collect personal information only by lawful and fair means and only where reasonably necessary. We use and disclose your information only for the purposes for which it was collected.
For access, correction requests, or complaints: privacy@themasterbook.live. If unsatisfied with our response, you may complain to the OAIC at oaic.gov.au.
| Data Type | Retention Period |
|---|---|
| Account and journal data | For the lifetime of your account |
| Subscription records | 7 years from end of subscription (tax obligations) |
| Email correspondence | 2 years |
| Server / access logs | 90 days |
Upon account deletion, we will delete or anonymise your personal data within 30 days, except where required by law.
The Service is for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. Contact us immediately if you believe a minor has provided us with personal data.
We may update this policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect.
Email: privacy@themasterbook.live — Response time: within 30 days.