ALIGN

MIND - BODY - SPIRIT

Privacy Policy

EffectiveJune 1, 2025

Last UpdatedJune 1, 2025

JurisdictionIowa, USA

Contactsupport@nektr.co

No passwords stored

No IP addresses logged

No data sold

No invasive tracking

Email only

1.Overview

N3ST3D LABS, operating as Nektr DBA ("Company," "we," "us," or "our"), operates the Align wellness application available at https://align.nektr.co. This Privacy Policy explains how we collect, use, store, and protect information when you use Align.

We take your privacy seriously. We are committed to collecting the minimum data necessary to provide our service, and we do not sell, rent, or trade your personal information to any third party for marketing purposes.

BY USING ALIGN, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE APP.

2.Data We Collect

2.1 Information You Provide

Data Type	How Collected	Purpose
Data Type	How Collected	Purpose
Email address	🔗 OAuth sign-in (Google, Twitter/X, Facebook)	Account identification, transactional emails, occasional product updates
Wellness survey responses	📝 In-app assessment forms	Generate your terpene profile and personalized recommendations
Subscription status	💳 Stripe (card) or on-chain verification (crypto)	Determine which features you can access

2.2 Information We Do Not Collect

We explicitly do not collect or store the following:

Passwords — authentication is fully delegated to OAuth providers
IP addresses — we do not log or retain your IP at any point
Full payment credentials — card processing is handled entirely by Stripe
Location data — we do not request or store GPS or geolocation
Device identifiers or hardware fingerprints
Social media profile content beyond your email address

2.3 Automatically Collected Data

When you use Align, Google Analytics automatically collects aggregated, anonymized usage data such as pages visited, session duration, and general device/browser category. This data does not identify you personally. See Section 5 for full details on our analytics practices.

3.How We Use Your Data

We use the data we collect for the following purposes only:

Purpose of Processing	Legal Basis
Create and manage your account	Contract performance
Generate your terpene wellness profile	Contract performance
Process and verify subscription payments	Contract performance
Send transactional emails (receipts, confirmations)	Contract performance
Send occasional product update emails	Legitimate interest / consent
Improve app performance and experience	Legitimate interest (via anonymized analytics)
Comply with legal obligations	Legal requirement

We do not use your data for automated decision-making, profiling for advertising, or any purpose not listed above.

4.Cookies and Local Storage

Align uses both browser cookies and localStorage to deliver a functional experience. Below is a full breakdown of what we store and why.

4.1 Cookies

Cookie Name	Classification	Purpose & Duration
`next-auth.session-token`	ESSENTIAL	Maintains your authenticated session. Essential for accessing your profile. Deleted upon sign-out or session expiry.
`next-auth.csrf-token`	ESSENTIAL	Security cookie used to prevent Cross-Site Request Forgery (CSRF) attacks during authentication.
`next-auth.callback-url`	ESSENTIAL	Remembers the specific page you were visiting before sign-in to ensure a correct redirect.
`_ga / _ga_*`	ANALYTICS	Distinguishes unique users and session data via Google Analytics. Expires after 2 years. Does not contain personal watch or wellness data.

4.2 localStorage

Cookie / Storage Name	Type	Description & Expiry
`align_pending_payment`	Functional	Stores active crypto payment session IDs and QR data to prevent data loss on page reload. Cleared automatically upon confirmation or 30-minute expiry.
`align_history`	Essential	Temporarily stores survey results for free and paid users. Data is purged immediately once successfully synced to the secure database.
`align_draft`	Functional	Preserves your current progress within the wellness assessment so you can resume if the browser is closed unexpectedly.
`align_draft_date`	Functional	Timestamp used to determine the age of your local draft, ensuring you are always working on the most relevant assessment version.

Essential cookies are required for the App to function and cannot be disabled. Analytics cookies can be blocked by using browser settings or a content blocker — the App will continue to work normally without them.

5.Analytics

5.1 Google Analytics

We use Google Analytics 4 (GA4) to understand how users interact with Align — such as which features are used most, how long sessions last, and where users drop off. This helps us improve the app.

What Google Analytics collects through us:

Pages and screens visited
Session duration and frequency
General device category (mobile / desktop) and browser type
Country-level location (not precise location)
Events triggered (e.g. button clicks, survey completions)

What Google Analytics does NOT collect through Align:

Your email address or any personally identifiable information
Your IP address — we have IP anonymization enabled
Wellness survey response content

Google may use this data subject to their own privacy policy at policies.google.com/privacy. You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on.

6.Third-Party Services

Align integrates with a limited set of trusted third-party services. Each operates under its own privacy policy and security standards. We only share the minimum data required for each service to function.

🔑

OAuth Providers — Google, Twitter/X, Facebook

Handle authentication. We receive only your email address from these providers. We do not receive or store your social media passwords, profile photos, followers, or any other account data.

💳

Stripe, Inc.

Processes all card-based subscription payments. Stripe receives your payment details directly — we never see your full card number, CVV, or billing address. Governed by Stripe's Privacy Policy at stripe.com/privacy.

⛓

Public Blockchain Networks — Ethereum, Polygon, Solana

Used to verify USDC cryptocurrency payments. Payment verification queries are public by the nature of blockchain. No personal data is transmitted to the blockchain — only a unique payment identifier.

📊

Google Analytics (Google LLC)

Provides anonymized usage analytics. IP anonymization is enabled. See Section 5 for full details.

📧

Resend

Transactional email delivery service. Receives your email address solely to deliver receipts, payment confirmations, and occasional product updates. Resend does not use your email for any other purpose.

7.Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal information to any third party for their marketing or commercial purposes. Period.

We may disclose your information only in the following limited circumstances:

To the third-party services listed in Section 6, solely to deliver our service
When required by applicable law, court order, or government authority
To protect the rights, property, or safety of the Company, its users, or the public
In connection with a merger, acquisition, or sale of assets — you will be notified via email if your data becomes subject to a different privacy policy

8.Data Retention

Data Type	Retention Period
Email address	Until account deletion, then removed within 30 days
Wellness survey responses	Until account deletion. May be anonymized and retained for product analytics.
Subscription / payment status	Retained for 7 years to comply with financial recordkeeping requirementsFinancial Compliance
Pending crypto payment sessions	30 minutes (auto-expired by database TTL)Auto-Purge
Confirmed crypto TX records	Retained for 7 years (financial recordkeeping)Financial Compliance
Analytics data (Google Analytics)	14 months (Google Analytics default retention)

9.Your Privacy Rights

As a user of Align, you have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete data.

Deletion

Request deletion of your account and personal data.

Portability

Request your data in a structured, machine-readable format.

Opt-Out (Email)

Unsubscribe from product update emails at any time via the link in any email.

Analytics Opt-Out

Block Google Analytics via browser settings or the GA opt-out add-on.

9.1 How to Exercise Your Rights

You can exercise your rights in two ways:

In-app account deletion — go to Account Settings and select Delete Account. This immediately initiates data removal.
Email request — contact support@nektr.co with the subject line "Privacy Request" and describe what you need. We will respond within 30 days.

We may need to verify your identity before processing certain requests. We will never charge a fee to exercise your privacy rights.

10.Children's Privacy

Align is not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete that information immediately and terminate the associated account.

If you believe a minor has created an account on Align, please contact us immediately at support@nektr.co.

11.Security

We implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These include:

HTTPS encryption for all data in transit
OAuth 2.0 delegation — we never handle or store your passwords
Stripe's PCI-DSS compliant infrastructure for all card payment data
MongoDB Atlas with access controls and encryption at rest for stored data
On-chain payment verification eliminates custody of payment credentials

No method of electronic storage or internet transmission is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

12.Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. For material changes — such as collecting new categories of data or changing how we use your data — we will notify you via email at least 14 days before the changes take effect.

Your continued use of Align after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you disagree with a material change, you may delete your account before the changes take effect.

13.Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

N3ST3D LABS / Nektr DBA

Attn: Privacy Officer
1380 255th Avenue
Osceola, Iowa 50213
Email: support@nektr.co
Subject line: Privacy Request
Website: https://align.nektr.co

We aim to respond to all privacy-related inquiries within 30 days of receipt.