Privacy policy.

Elderhermit is built and operated by Gnosix (Mexico City). Gnosix is the data controller for this site and for the product. When we say “we” on this page, we mean Gnosix acting as the operator of Elderhermit. Contact: elderhermit@gnosix.io.

On this marketing site: anonymous Vercel Analytics (page views, route timings, referrers). No cookies that identify you. No PostHog. No Segment. No Google Analytics.

In the product (after sign-in):

• Account data via Clerk: email, optional name.
• Onboarding data: age verification (DOB), philosophical baseline answers.
• Optional birth data for astrological context (date, time, location). You can skip this; the framework still works.
• Product data you create: habits, grimoire entries, tarot draws, chat with the Hermit, long-term memories.
• Billing data via Stripe: payment method tokens (we never see card numbers), invoice history.
• Operational telemetry: token usage per OpenRouter call (model, input/output token count, cost) — used to protect the Magus offer from abuse and never tied to message content.
• Safety telemetry: aggregate signals about misuse patterns (automated abuse, scraping attempts, content that violates the acceptable use rules in our Terms) — used to act on the account, never sold or shared.

• We never train any AI model on your reflections. Your grimoire, chat with the Hermit, and long-term memories belong to you. They are stored in our database (Convex) and surface to the AI only inside your own session.
• We never sell your data.
• We never share your data with advertisers.
• We never read your reflections except in narrow operational scenarios (debugging an explicit support ticket you opened with consent, or investigating a specific safety incident under section 6).

We use a small set of operational vendors. Each handles one slice and is bound by their own privacy contract:

• Convex — primary database. Stores all product data.
• Clerk — auth / account management.
• Stripe — billing and payment processing.
• Resend — transactional email (welcome, weekly review, billing receipts).
• OpenRouter — AI inference routing. Per OpenRouter terms, content is not retained for training by the underlying model providers we use. We do not contract with any provider that retains content for training.
• Vercel — hosting and Vercel Analytics (anonymous on this marketing site).

If you choose to provide birth data (date, time, location) for astrological context, it is stored encrypted at rest in our Convex database, accessed only in your session, and not shared with subprocessors except as necessary to compute astrological context inside an OpenRouter inference call. You can wipe it from Settings → Privacy at any time.

To keep Elderhermit a serious tool for self-reflection, we monitor for patterns of misuse described in our Terms of Service — automated abuse, attempts to extract proprietary content, content that violates law, or use that puts the user or others at risk. When a pattern triggers a review, we record a structured event (account id, timestamp, signal class, action taken). We do not log the message body verbatim. We may suspend or cancel the account in accordance with the Terms.

Elderhermit is for adults (21+ in the US, your local age of majority elsewhere). We collect your date of birth at onboarding to verify age. DOB is retained for the lifetime of your account; deleting your account deletes the DOB.

You can, at any time, from Settings → Privacy:

• Export all your data in a structured JSON file.
• Delete any individual grimoire entry, chat thread, tarot reading, or memory.
• Wipe your full account — irreversible, removes everything within 30 days.
• Pause a paid subscription up to 30 days while keeping your data intact.

For requests we can't fulfill in-app (regulatory access requests under GDPR / CCPA / etc.), email elderhermit@gnosix.io and we'll respond within 30 days.

When we change anything material, we update the date at the top and email all account holders. Last updated: 2026.05.14.