1 Information We Collect
Account Data
When you sign up through our Wix OAuth authentication, we collect:
- Your name and email address
- Phone number (if provided)
- Profile photo (if set through your Wix account)
Expert Profile Data
If you apply to become an expert on ENFIITY, we also collect:
- Professional biography and qualifications
- Profile photo and cover images
- Certification documents and credentials
- Area of practice and specialisations
- Consultation pricing and availability
AI Conversation Data
When you interact with ZETA AI, our coaching assistant, we store your conversation history. This is kept in our Redis database with a 90-day retention period. We store up to 50 messages per conversation thread.
Usage Data
We collect basic usage analytics to understand how people use the platform:
- Pages visited and features used
- Session duration and navigation patterns
- Device type, browser, and operating system
Payment Data
All payment processing is handled by Stripe. We never see, store, or have access to your full credit card number, CVV, or banking details. Stripe provides us with only a reference ID for each transaction and basic billing information needed for receipts.
Device Information
If you use our native app (built with Capacitor) or our progressive web app (PWA), we may collect device identifiers and push notification tokens to deliver a smooth mobile experience.
2 How We Use Your Information
We use the information we collect for the following purposes:
- ZETA AI Coaching — Your messages are sent to Anthropic's Claude API so ZETA can provide personalised wellness coaching across the mental, biological, and physical domains.
- ECLIPSE AI Strategy — Our internal AI system uses Claude to analyse expert applications, generate content, and manage platform operations.
- Personalisation — Our memory system stores your objectives, preferences, domain scores, and persona traits so ZETA can give you relevant, consistent guidance over time.
- Expert Matching — We use your profile and preferences to recommend the right experts for your needs.
- Booking Management — To process and manage your bookings, send confirmations, and provide reminders.
- Email Notifications — We send transactional emails (booking confirmations, account updates) through Resend. You can opt out of non-essential emails at any time.
- Platform Improvement — Aggregated, anonymised usage data helps us identify issues and improve the product for everyone.
3 AI & Data Processing
ENFIITY is an AI-powered platform. Here's exactly how AI processes your data:
ZETA AI (Your Coaching Assistant)
ZETA is powered by Anthropic's Claude. When you send a message to ZETA, your message along with relevant conversation history is sent to Anthropic's API for processing. Anthropic's own privacy practices apply to how they handle this data. We encourage you to review Anthropic's privacy policy.
AI-Generated Content
Some content on the platform is generated or enhanced by AI, including expert taglines, review summaries, and coaching insights. This content is clearly generated by our systems and should not be treated as a substitute for professional medical advice.
ECLIPSE AI (Expert Review System)
Our ECLIPSE system uses AI to review expert applications, assess qualifications, and help maintain platform quality. Applications scoring above our confidence threshold may be auto-approved, but all expert profiles are subject to ongoing review.
User Memory System
To provide continuity across your coaching sessions, ZETA maintains a memory of:
- Your stated objectives and goals
- Domain scores (mental, biological, physical)
- Streaks and engagement patterns
- Personal preferences and context you share
Important: This memory data is stored in Redis with a 90-day time-to-live (TTL). If you stop using the platform for 90 days, this data is automatically deleted. You can also request manual deletion at any time.
Conversation History
We retain your last 50 messages per conversation thread. Older messages are automatically removed. All conversation data has a 90-day retention period from your last interaction.
4 Third-Party Services
We rely on trusted third-party services to operate the platform. Each handles your data according to their own privacy policies:
Anthropic (Claude AI)
Powers ZETA AI and ECLIPSE. Processes conversation data for AI coaching responses.
Stripe
Handles all payment processing. PCI-compliant. We never store your card details.
Wix
Provides CMS for content, OAuth authentication, and media hosting for expert profiles.
Upstash Redis
Cloud database for user memory, conversation history, and session data.
Vercel
Hosting platform for the website and all serverless API functions.
Resend
Email delivery service for transactional notifications and booking confirmations.
5 Data Storage & Retention
Different types of data are stored for different periods:
- User Memory (Redis) — Retained for 90 days from your last interaction. Automatically deleted after the TTL expires.
- Conversation History (Redis) — Last 50 messages retained, with a 90-day TTL from the most recent message.
- Profiles & Content (Wix CMS) — Stored persistently as long as your account or expert profile is active. Deleted upon account removal request.
- Payment Records (Stripe) — Retained according to Stripe's policies and applicable financial regulations. We do not independently store payment card data.
- Email Logs (Resend) — Transactional email records are retained per Resend's standard policies.
All data stored in Redis (memory and conversations) is automatically purged after 90 days of inactivity. No manual action is needed.
6 Your Rights
You have the following rights regarding your personal data:
- Access — You can request a copy of all the data we hold about you.
- Deletion — You can request that we delete your account and all associated data. This includes your profile, conversation history, memory data, and any stored preferences.
- Export — You can request an export of your data in a portable format.
- Opt Out of AI Personalisation — You can request that we reset or disable the ZETA memory system. Your conversations will still work, but ZETA won't retain context between sessions.
- Withdraw Consent — You can withdraw your consent for data processing at any time. Note that withdrawing consent for essential processing (like AI coaching) means those features will no longer be available to you.
To exercise any of these rights, email us at dilshan@enfiity.com. We aim to respond to all requests within 30 days.
7 Expert Data
If you are an expert on the ENFIITY platform, additional data handling applies:
- Public Profiles — Once your expert profile is live, your name, photo, bio, qualifications, domain, and consultation details are publicly visible to all users of the platform.
- Application Review — Your application data (qualifications, bio, experience) is reviewed by ECLIPSE, our AI review system. Applications meeting our confidence threshold may be auto-approved. All decisions can be reviewed by our team.
- Certifications — Certification documents you upload are stored securely through Wix Media and are only accessible to platform administrators for verification purposes.
- Earnings & Bookings — Your booking history, session records, and earnings data are stored for operational and financial reporting purposes. This data is accessible to you through your expert dashboard and to platform administrators.
8 Cookies & Tracking
We keep tracking to a minimum. Here's what we use:
- Service Worker — Our PWA uses a service worker for offline caching and faster page loads. This stores static assets locally on your device.
- localStorage — We use your browser's localStorage for session management, authentication tokens, and user preferences (like theme settings).
- sessionStorage — Used temporarily during your active session for state management.
No advertising trackers. We do not use any third-party advertising cookies, tracking pixels, or retargeting tools. We do not sell your data to advertisers or data brokers.
9 Security
We take reasonable measures to protect your personal information:
- HTTPS Encryption — All data transmitted between your device and our servers is encrypted using TLS/SSL.
- Stripe PCI Compliance — All payment processing is handled by Stripe, which is PCI DSS Level 1 certified, the highest level of security in the payments industry.
- OAuth 2.0 + PKCE — Authentication is handled through Wix OAuth using the PKCE (Proof Key for Code Exchange) flow, which protects against authorisation code interception attacks.
- Access Controls — Sensitive administrative endpoints and data are restricted to authorised platform administrators only.
- Serverless Architecture — Our Vercel-hosted serverless functions reduce attack surface compared to traditional always-on servers.
While we work hard to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at dilshan@enfiity.com.
10 Children's Privacy
ENFIITY is not intended for anyone under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at dilshan@enfiity.com and we will promptly delete that information.
If we discover that we have collected data from a child under 16, we will take immediate steps to delete that data from our systems.
11 Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes:
- We will update the "Last updated" date at the top of this page.
- For material changes, we will notify you via email (using the address associated with your account).
- We may also display a notice within the platform itself.
We encourage you to review this page periodically. Your continued use of ENFIITY after changes are posted constitutes acceptance of the updated policy.
12 Contact Us
If you have any questions about this privacy policy, your data, or your rights, reach out to us: