Privacy Policy

Who this applies to

This Privacy Policy describes how Circa (“we,” “us”) handles information when you use our mobile apps, websites, and related services (together, the “Services”). Using the Services means you agree to this policy together with our Terms of Use.

Circa is operated by Leap Design Studio LLC.

Information we collect

Depending on how you use Circa, we may process:

Account data. Email address and authentication details when you sign in (including email one-time codes or Google sign-in).
Waitlist and marketing signups. When you request early access, join a survey or waitlist, or submit a lead form (for example through an advertisement), we collect the contact details and any optional answers you submit there—commonly an email address and responses you choose to provide.
Profile and preferences. Information you provide so we can personalize guidance—for example birth details, location-related inputs, goals, and settings you save in the app or on the web.
Content you create or upload. Chat messages with the assistant, personal calendar notes synced through the product, photos or images you upload for spaces or analysis, floor-plan or layout materials you save, and similar items you choose to store. Older accounts may still hold legacy journal-style entries if those were saved before that experience was retired; new journal features are not offered today.
Technical data. Device type, app or site version, IP address in server logs, authentication and session cookies (and similar tokens), preference cookies where used (for example theme), invite or access cookies where the product uses them, and coarse diagnostics typical of hosted software—used to operate, secure, and troubleshoot the Services.

We do not aim to collect sensitive categories of data beyond what you voluntarily enter for personalization. Do not submit medical records, government identifiers, or payment card numbers through Circa unless we explicitly offer a feature designed for that—and today we do not.

How we use information

We use this information to:

Provide, maintain, and improve the Services;
Personalize readings, guidance, and features based on your inputs;
Send product-related messages you asked for—such as early-access or invite codes, invitations to give feedback or join a community for testers, and occasional updates about Circa—until you unsubscribe or we stop that program.
Authenticate you and protect accounts from abuse;
Measure reliability and fix bugs, often using aggregated or de-identified data where feasible;
Comply with law and enforce our terms.

Artificial intelligence

Some features use third-party AI models to generate text or interpret inputs you provide. When you use those features, relevant portions of your content or prompts may be sent to those providers only to produce the response you asked for.

Where a provider offers account or product settings that limit use of customer content for model training, we use those settings. Circa does not operate those systems end to end—vendor practices, product defaults, and contracts can change. Check the provider’s current terms for how your inputs may be processed. Outputs are interpretive and may be incomplete or inaccurate; do not treat them as factual or professional advice.

Hosting, sync, and subprocessors

We use vendors for authentication, database hosting, file or object storage, AI inference, and related infrastructure—for example Supabase for accounts and synced data, and cloud hosting that generates operational logs and security telemetry. Those vendors process information on our behalf under agreements that require appropriate safeguards. We may add or change vendors as the product evolves; when practices change in a material way, we update this policy.

Do not sell or share

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising as defined under California law. We may disclose information to service providers and subprocessors that process data on our behalf to run the Services (for example hosting, sign-in, database sync, or AI processing). That processing is not a “sale” for monetary or other valuable consideration under the CCPA when it is done under our instructions.

Other sharing and legal requests

Beyond subprocessors described above, we may share information when you direct us to share it, when we reasonably believe disclosure is necessary to protect safety or enforce our agreements, or when law requires it (including lawful requests from public authorities).

Retention and deletion

Retention depends on the type of data and our legal obligations. Typical periods are described below; actual windows can vary slightly by vendor, release, or legal hold.

Account and profile data. Retained while your account is active and for a short period after you request deletion so we can complete the request and recover from accidental deletion. After that, we delete or anonymize profile data except where law or a dispute requires a longer hold.
Waitlist and marketing signups. Retained for as long as we run the relevant program or list, or until you ask us to remove your contact information from that list, subject to operational backups as described above.
Content you save in Circa (messages, uploaded images, synced calendar notes, and similar). Kept until you delete it, delete your account, or we remove it as described in this policy.
Server, security, and operations logs. Often kept on a rolling basis for approximately 30–90 days for troubleshooting and security, unless a longer period is needed to investigate abuse or meet legal requirements.
Backups. Deleted or aged out on the vendor’s backup cycle after active data is removed; that can add days or weeks before copies disappear from all systems.

You can delete much of what you store using in-app or in-product controls where available. Account deletion (when offered) should remove or anonymize associated profile data subject to the limits above. Exact behavior can vary by platform release—confirm in-product messaging or support channels.

Security

We use industry-standard measures suited to the sensitivity of the data we handle. No method of storage or transmission is perfectly secure; use Circa with that understanding.

Children

Circa is not directed at children under 13 (or the minimum age required where you live). Do not use the Services if you do not meet that age threshold.

International users

We may process and store information in countries other than where you live, including the United States. Those countries may have different data-protection laws. Where regulations require it, we rely on safeguards described in applicable law or in our vendor agreements.

California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may give you the following rights regarding personal information we collect (subject to legal exceptions).

Right to know. Request the categories and specific pieces of personal information we have collected about you; the categories of sources; our business or commercial purposes for collecting, selling, or sharing personal information; the categories of third parties to whom we disclose personal information; and the categories of personal information we have disclosed or shared.
Right to delete. Request deletion of personal information we collected from you, subject to certain exceptions.
Right to correct. Request correction of inaccurate personal information we maintain about you.
Right to opt out of sale or sharing. We do not sell personal information and do not share it for cross-context behavioral advertising, as described under Do not sell or share above. If our practices change, we explain how to opt out in this policy and, where required, in the product.
Right to limit use of sensitive personal information. We use sensitive personal information only as permitted by the CPRA or with your consent where the law requires consent.
Non-discrimination. We will not deny goods or services, charge different prices, or provide a different level or quality of services because you exercised these rights, unless the law allows a difference reasonably related to the value of your information.

You may submit a request yourself or through an agent authorized under applicable law. We may need to verify your identity (and the agent’s authority, if applicable) before fulfilling a request.

California’s “Shine the Light” law (Civil Code Section 1798.83) allows California residents to request certain information about personal information disclosed to third parties for direct marketing once per calendar year. We do not disclose personal information to third parties for their direct marketing purposes as described in that statute.

To exercise these rights, use in-product controls where available, or email contact@leapdesignstudio.com. If you use an authorized agent, we may require signed permission from you.

Your choices and rights

Residents of other U.S. states and other countries may have similar rights under local law (for example access, correction, deletion, portability, objection, or complaint to a regulator). The California-specific rights in the previous section apply to California residents in addition to any general rights described here.

To exercise applicable rights, use in-product controls where available or email contact@leapdesignstudio.com. We may need to verify your identity before fulfilling a request.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we post the revised version and update the effective date at the top of this page. Continued use of the Services after changes means you accept the revised policy.

Governing law

This Privacy Policy is governed by the laws of the State of California, United States, without regard to conflict-of-law principles, except where mandatory consumer protection law in your place of residence gives you rights that cannot be waived by contract.

Contact

Privacy requests: contact@leapdesignstudio.com.