Legal

Privacy Policy

Your memories are yours. Here's how we handle your data.

Effective date: March 5, 2026

Last updated: March 5, 2026

Cairn Memories is a product of BWK Digital Solutions, LLC ("BWK Digital," "we," "us," "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Cairn Memories mobile application, website, and related services (collectively, the "Platform").

By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide

  • Account information: Name, email address, and profile details when you create an account
  • Early access signup: Name, email address, and interest area when you join the early access list
  • Journey content: Photos, voice notes, text entries, videos, and other moments you choose to capture ("Moments")
  • Contact form submissions: Name, email, subject, and message content when you contact us
  • Cairn participation: Content you contribute to Private, Event, or Shared Cairns

1.2 Information Collected Automatically

  • Location data: GPS coordinates during active journeys only, used for route mapping, Location Key functionality, and convergence detection. Location data is not collected when no journey is active.
  • Ambient data: Weather conditions, news headlines, music charts, and local events captured during journeys to create time-capsule context. This is cultural context, not personal data.
  • Device information: Device type, operating system, app version, and unique device identifiers
  • Usage data: Features used, interaction patterns, and performance metrics
  • EXIF data: Metadata embedded in photos (camera type, timestamp, GPS if present in the original file)

1.3 Information From Third Parties

  • Authentication providers: If you sign in with Apple or Google, we receive your name and email address from those services. We do not receive your password.

2. How We Use Your Information

  • To provide, maintain, and improve the Cairn Memories Platform
  • To power AI features (Rocky, journey narratives) — these are always opt-in, always editable, and always attributed as AI-assisted
  • To evaluate Location Keys and Time Keys (reveal conditions for locked content)
  • To detect convergence points where family members have visited the same places across generations
  • To generate ambient layer context for your journeys
  • To send transactional communications (account verification, password resets, journey notifications)
  • To send you updates about your early access status or product announcements (you may opt out at any time)
  • To respond to your support requests and inquiries
  • To monitor and prevent fraud, abuse, and security threats
  • To comply with legal obligations

3. What We Do Not Do

  • We never sell your personal information to third parties
  • We never use your photos, voice notes, or journey content to train AI models
  • We never share your private content outside the Platform except as described in this policy
  • We never access your encrypted private content — we cannot read it even if compelled to
  • Face recognition runs on-device only — facial embeddings never leave your phone and are never transmitted to our servers

4. How We Share Your Information

We do not sell your information. We may share information in the following limited circumstances:

  • With cairn members: When you place a rock on a cairn, other members can view your contributed content according to that cairn's visibility settings and any locks you have applied
  • With share recipients: When you share a journey via a share link, recipients can view the shared content through the web viewer without creating an account
  • Service providers: We use third-party services to operate the Platform, including cloud hosting (Google Cloud Platform), authentication (Firebase), analytics (Google Analytics), form processing (Formspree), AI services (Anthropic/Claude), and content delivery networks (Cloudflare). These providers process data on our behalf and are contractually obligated to protect it.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request
  • Safety: We may disclose information if we believe it is necessary to protect the safety, rights, or property of BWK Digital, our users, or the public
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We take the security of your data seriously:

  • Encryption at rest: Private and named-audience moments are encrypted using RSA-2048 keypairs. Our servers store only encrypted blobs and never have access to raw private keys.
  • Encryption in transit: All data transmitted between your device and our servers is protected by TLS (Transport Layer Security).
  • Access controls: Row-level security policies enforce data isolation at the database level. API endpoints require authentication and validate authorization for every request.
  • Audit logging: Security-relevant actions are logged in an append-only audit trail.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

  • Active accounts: Your content remains available as long as your account is active.
  • Account cancellation: Upon cancellation, your data enters a 90-day read-only grace period during which you can reactivate your account and recover your content. After 90 days, all data is permanently and irreversibly deleted.
  • Early access list: We retain your signup information until you request removal or the early access program concludes.
  • Contact form submissions: Retained for up to 2 years for customer service purposes, then deleted.

7. Cookies and Tracking

Our website uses:

  • Google Analytics: To understand how visitors interact with our website. Google Analytics uses cookies to collect anonymous usage data (pages visited, time on site, referral source). You can opt out using the Google Analytics Opt-out Browser Add-on.
  • Essential cookies: For basic site functionality such as form submissions. These cannot be disabled.

We do not use advertising cookies or third-party tracking pixels.

8. Children's Privacy

Cairn Memories is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@cairnmemories.com and we will promptly delete it.

Users between 13 and 17 may use Cairn Memories with parental or guardian consent.

9. Your Rights and Choices

All Users

  • Access: You can request a copy of all personal data we hold about you
  • Correction: You can update or correct your information at any time through the app
  • Deletion: You can delete your account and all associated data
  • Export: You can export your journey data in a portable format
  • Opt-out: You can opt out of marketing communications at any time
  • Location: You can disable location access through your device settings at any time

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell your information
  • The right to non-discrimination for exercising your privacy rights
  • The right to correct inaccurate personal information
  • The right to limit use of sensitive personal information

To exercise these rights, contact privacy@cairnmemories.com. We will respond within 45 days.

European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) including:

  • Right of access, rectification, and erasure
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing is: consent (for optional features), contract performance (for providing the service), and legitimate interest (for security and improvement).

10. International Data Transfers

Cairn Memories is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Platform, you consent to this transfer. We take appropriate safeguards to ensure your information remains protected in accordance with this policy.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Platform. The "Last updated" date at the top reflects the most recent revision. Continued use of the Platform after changes constitutes acceptance of the revised policy.

13. Contact Us

For questions, concerns, or requests related to this Privacy Policy:

We will respond to all privacy inquiries within 30 days.