Privacy Policy

Stronghold Assessment ("Stronghold," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Stronghold Assessment platform at app.strongholdassessment.com and related services.

1. Information We Collect

We collect the following types of information:

• Identity Information: Name, email address, date of birth, gender, phone number, and city/state/country as provided during intake.
• Assessment Responses: Your answers to all assessment questions, including response timestamps and response times.
• Technical Data: IP address, device type (mobile/desktop), browser user agent string, and session timestamps.
• Consent Records: Electronic signature, IP address at time of consent, and timestamp of agreement acceptance.
• Session Data: Login times, session duration, steps completed, and questions answered per session.

2. How We Use Your Information

• To administer your assessment and generate coaching insights for your assigned practitioner.
• To compute composite scores, confidence levels, and transformation readiness metrics.
• To maintain audit trails for data integrity, compliance, and quality assurance.
• To improve the Stronghold Assessment System using anonymized, aggregated data only.
• To detect and respond to crisis indicators (e.g., crisis indicator screening).

3. How We Store and Protect Your Data

Your data is stored on secure, encrypted infrastructure provided by Supabase (built on Amazon Web Services). All data is transmitted over HTTPS/TLS encryption. Row-level security policies restrict access to authorized users only. Your practitioner can view your assessment data; no other practitioners or users can access it.

4. Who Has Access to Your Data

• Your Assigned Practitioner: The practitioner who issued your access code can view your assessment results, scores, and reports.
• Stronghold System Administrators: For technical support, security monitoring, and system maintenance only.
• No Third Parties: We do not sell, rent, or share your personal data with advertisers, data brokers, or any third parties.

5. Cookies and Tracking

The Stronghold Assessment portal uses essential cookies only for session management (localStorage for assessment progress backup). We do not use advertising cookies, tracking pixels, or analytics tools that share data with third parties.

6. Data Retention

Assessment data is retained for a minimum of 7 years to support longitudinal coaching outcomes and re-assessment comparisons. You may request deletion of your data at any time by contacting your practitioner or emailing privacy@strongholdbusiness.com. Data deletion requests will be processed within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request your data in a structured, machine-readable format.
• Opt-Out: Opt out of anonymized data usage for system improvement.

To exercise any of these rights, contact us at privacy@strongholdbusiness.com or through your assigned practitioner.

8. California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the sale of personal information (we do not sell personal information), and (d) not be discriminated against for exercising your privacy rights.

9. Children's Privacy

The Stronghold Assessment is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

10. AI-Assisted Data Processing (Macy)

The Stronghold Platform uses an AI system called Macy to assist practitioners in coaching plan preparation, session analysis, and report generation. Here is specifically how your data is handled in that process:

• What Macy processes: Your composite assessment scores, flagged patterns, and aggregated behavioral data. Macy does not process your name, contact information, or verbatim assessment responses.
• Purpose: To generate practitioner-facing coaching intelligence — session prep briefs, plan recommendations, flag analysis, and pattern summaries. You will not receive AI-generated outputs directly; all Macy outputs go to your practitioner first.
• Data is not used to train AI models. Your assessment data is never used to train, fine-tune, or improve AI models — not Macy, not any third-party model. Your data does not leave the platform for AI training purposes.
• No autonomous decisions: Macy does not make autonomous decisions about your coaching, referrals, or care. All AI-generated recommendations require practitioner review before any action is taken.
• Third-party AI infrastructure: Macy runs on Anthropic's Claude API. Data sent to Macy is subject to Anthropic's API data handling policies, which prohibit using API data for model training. No personally identifiable information is included in API calls.
• Opt-out: You may request that your practitioner conduct coaching without AI assistance by notifying them in writing. Some features will not be available without AI processing, but core coaching can continue.

11. Clinical Disclaimer

The Stronghold Assessment is a coaching tool, not a clinical instrument. Results do not constitute a medical diagnosis, psychological evaluation, or clinical assessment. If assessment results suggest patterns associated with a mental health condition, your practitioner may recommend a referral to a licensed mental health professional.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the assessment platform or via your practitioner. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy inquiries, data requests, or questions about this policy:
Email: privacy@strongholdbusiness.com
Website: strongholdbusiness.com