Privacy Policy
Last updated: February 24, 2026
CouchLoop EQ is an MCP (Model Context Protocol) server that provides two capabilities: developer safety tools (code review, package auditing, file protection, context preservation) and guided self-reflection journeys with optional crisis detection. This policy explains exactly what data we collect, why we collect it, who receives it, how long we keep it, and your controls.
Our Privacy Commitment
CouchLoop EQ is designed with privacy-first principles. No real names, email addresses, or account credentials are collected or stored. All user identifiers are randomly generated and anonymous. We do not sell data, run ads, or use your content to train AI models.
1. Data Categories Collected
Anonymous Identifiers
We generate and store internal identifiers to maintain session continuity. These are random UUIDs - they cannot be used to identify you outside of CouchLoop EQ.
- Session ID - A randomly generated UUID assigned to each session
- User ID - A randomly generated UUID assigned when a session is first created; not linked to any real-world identity
- Thread ID - An identifier used to maintain conversation continuity with our AI backend
Conversation Content
Text messages you send through the guided journey tools are processed by our AI backend (Shrink-chat, operated by CouchLoop) to generate responses. Message content is transmitted to and processed by the Shrink-chat service at couchloopchat.com. This content may be temporarily logged server-side for:
- Generating AI responses
- Crisis detection and safety intervention (see below)
- Behavioral governance evaluation (checking for hallucination, tone drift)
- Session continuity within the same conversation
Crisis Detection Data
When you send a message through the wellness journey tools, our system evaluates whether the content indicates a potential safety concern. This analysis produces:
- Crisis detected flag - A boolean indicating whether a crisis signal was found
- Crisis level - A numeric severity score (used internally only; not returned to you)
- Crisis confidence score - A confidence measure for the detection (internal only)
- Crisis indicators - Textual signals that triggered detection (internal only)
If a crisis is detected, the tool response includes publicly known crisis resources (e.g., 988 Suicide & Crisis Lifeline). No crisis data is returned to third parties. Detailed crisis scores are retained for 7 days for safety monitoring only.
Emotional State Metadata
The Shrink-chat backend may infer emotional context (e.g., tone indicators) from conversation content to improve response quality. This inferred metadata is processed in memory and used to shape the AI response. It is not stored in our database beyond the current session.
Checkpoints and Insights
Information you explicitly save using the remember tool (checkpoints, insights, decisions) is stored in our database. This includes:
- The text content you choose to save
- Tags you assign
- The category (checkpoint, insight, decision, requirement, constraint, pattern)
- Timestamp
This data is linked to your anonymous session user ID and is not linked to any real-world identity.
Developer Tool Inputs
When using developer safety tools (code review, package audit, security scan, verify), the code or package names you submit are analyzed in real-time and not stored after the analysis is complete. Results are returned in the same tool call and not persisted.
What We Do Not Collect
- Your name, email address, or any personal identifiers
- Your ChatGPT, Claude, or other AI platform account information
- Payment or billing information
- Location or IP address (beyond standard server logs)
- Device identifiers or browser fingerprints
2. Purposes of Use
- Session continuity - Maintaining state across turns in a multi-turn conversation
- Crisis detection and safety - Identifying potential safety concerns in wellness conversations and providing crisis resources
- Developer tool operation - Analyzing code, packages, and security issues to return actionable results
- Behavioral governance - Detecting AI response issues (hallucination, tone drift, unsafe reasoning) before delivery
- Context preservation - Storing user-saved checkpoints and insights to prevent information loss across sessions
3. Recipients
The following services receive data:
- Shrink-chat API (couchloopchat.com) - Receives conversation content, anonymous user ID, and session context to generate AI responses. Operated by CouchLoop. Data is processed in accordance with our internal data handling policies.
- Supabase - Hosts our PostgreSQL database. Stores session IDs, user IDs, checkpoints, insights, and crisis event records. Data is encrypted at rest and in transit.
- Railway - Application hosting provider. Receives standard server traffic logs.
- Package registries (npm, PyPI, Maven, etc.) - When you use the package validation tool, package names are queried against public registries. No personal data or code is sent.
We do not sell, rent, or share data with any other third parties. No advertising networks or analytics services receive your data.
4. Data Retention
- Session records: Retained while active; automatically deleted after 30 days of inactivity
- Saved insights and checkpoints: Retained until you explicitly delete them via the
remembertool - Crisis detection logs: Retained for 7 days for safety monitoring, then automatically purged
- Behavioral governance evaluations: Retained for 7 days, then purged
- Developer tool analysis: Not retained; processed in memory only during the tool call
- Server access logs: Retained for up to 30 days per Railway's standard policy
5. User Controls
- Delete session: You can abandon or complete a session at any time, which stops data collection for that session
- Delete saved data: Use the
remembertool with appropriate parameters to delete stored insights and checkpoints - Anonymous by design: No account is required. Sessions use randomly generated IDs. You are not identifiable to us.
- Data request: Contact privacy@couchloop.com to request a copy or deletion of any stored data associated with a session ID you control
6. Data Returned in Tool Responses
CouchLoop EQ tools return the following data categories to the AI assistant:
- AI response content - The text response from the Shrink-chat backend
- Crisis resources - Publicly available crisis hotline information (only when crisis is detected; e.g., "988 Suicide & Crisis Lifeline")
- Session status - Journey progress, step count (no PII)
- Saved insights and checkpoints - Content you previously saved via the
remembertool - Developer tool results - Code analysis findings, package validation results, security scan output
Internal identifiers (user IDs, session IDs, thread IDs, crisis scores) are not returned to the AI assistant. They are used only for internal processing.
7. Data Security
🔐 Encryption
All data encrypted in transit (TLS) and at rest (Supabase AES-256)
🔑 Session Isolation
Each session is isolated; no cross-session data access
🗑️ Minimal Retention
Sensitive analysis data deleted after 7 days; session data after 30 days
📍 Hosting
Hosted on Railway (US) with Supabase (US) database
8. Children's Privacy
CouchLoop EQ is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used this service, contact us at privacy@couchloop.com.
9. Contact
Questions about this privacy policy or data requests:
10. Policy Updates
Material changes will be reflected on this page with an updated "Last updated" date. Continued use of CouchLoop EQ after changes constitutes acceptance of the updated policy.