Plain-language privacy

What we collect, what we don't, and who can see it

We wrote this for you, not for lawyers. If anything below is confusing, email privacy@slscompass.org and we'll fix it.

Last updated: April 25, 2026.

The short version

  • We collect only what we need to help you, and nothing we don't.
  • We never sell your data. We never share it with advertisers.
  • We don't run third-party analytics that touch your information.
  • You can ask for a copy of your data, or ask us to delete it, any time.
  • Medical and care details — PHI (Protected Health Information) — don't live on the platform yet; they arrive in a future release with full HIPAA protections.

What we collect

When you use Compass with an account, we store:

  • An identifier from our authentication provider (WorkOS) and your email address.
  • Your role on the site: family member, provider, or case manager.
  • Your preferred language and accessibility preferences (larger text, reduce motion, high contrast).
  • The answers you give in the parent guide flow.
  • The goals you build and the important dates you add.
  • Any short notes you write per goal.

If you start the guide without an account, your answers are kept in a browser cookie and a temporary record in Cloudflare KV for up to 30 days, so you can come back and finish where you left off. After that, the anonymous record is deleted.

What we don't collect

We are not a medical or care record system. The notes field in the goal builder shows a one-time warning asking you not to paste medical or care details there. Compass does not currently store PHI. PHI processing, with the right vendor agreements and encryption layer, ships with our document upload feature in a later milestone.

Third parties we use

  • WorkOS — handles sign-up, sign-in, and magic links.
  • Resend — sends transactional email like welcome notes and "pick up where you left off" reminders.
  • Cloudflare — hosts the site and stores your account data (D1 database) and short-lived items (KV).
  • Sentry — alerts us when the app errors. We strip out anything that could be PHI before it reaches Sentry.

We do not use Google Analytics, Mixpanel, the Facebook pixel, or any other analytics that touch personal information.

IP addresses

We never store your raw IP address. Before any IP is written to our audit log, we run it through a one-way SHA-256 hash mixed with a salt that rotates daily. The result is a fingerprint we can use to spot abuse, but it cannot be reversed back into an IP.

Cookies

  • Session cookie__Host-sls_session. HttpOnly, Secure, SameSite=Lax. Times out after 15 minutes of inactivity, with a sliding refresh on each request you make while signed in.
  • Anonymous guide-session cookie — lets you come back to an unfinished guide for up to 30 days.
  • Locale preference cookie — remembers your chosen language.

No tracking cookies. No advertising cookies. No third-party cookies.

The audit log

For security, and so we're ready for HIPAA when documents land in a future release, every action you take while signed in is recorded in an append-only audit log. Entries record what happened (e.g. "added a goal", "signed in") and when. They never contain the contents of your notes, the labels you chose, or any free-text you wrote.

Your rights

You can ask us for a copy of the data we have on you, ask us to delete your account, or ask us to correct anything that's wrong. Email privacy@slscompass.org and we'll respond within 30 days.

HIPAA

For our full HIPAA posture, including how we handle medical and care content when it arrives, see the HIPAA & Security page.

Changes to this notice

When we change this page, we'll update the date at the top. For meaningful changes — new third parties, new categories of data — we'll also email anyone with an active account before the change takes effect.