EXODUS CLERICRESIDENCY INTELLIGENCE

Privacy Policy

Effective Date: April 11, 2026

Last Updated: April 11, 2026

1. Introduction

Three Grey Hairs LLC ("Company," "we," "us," or "our") operates the Exodus Cleric mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this policy, please contact us at threegreyhairs@icloud.com.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Who We Are

Three Grey Hairs LLC is the data controller responsible for your personal data collected through the Exodus Cleric Service. Our principal place of business is in the State of California, United States.

  • Email: threegreyhairs@icloud.com
  • Website: www.exoduscleric.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account credentials: email address and password (passwords are encrypted and never stored in plain text)
  • Profile information: name (optional), home state, exit state, transition date
  • Location data by date: US state or foreign country for each day you log
  • Notes: optional text notes associated with day entries
  • Home address: street address, city, state, and ZIP code (for geo-location features — future release)

3.2 Information Collected Automatically

  • Device information: device type, operating system version, unique device identifiers
  • Usage data: features accessed, screens viewed, actions taken within the app
  • Log data: IP address, browser type, pages visited (website only), date and time of access
  • Crash reports and performance data: technical information to help us identify and fix issues

3.3 Information from Third Parties

We receive information from the following third-party services:

  • Apple: crash reports, App Store analytics, and performance metrics through Apple's standard developer tools. Users may opt out through iOS Settings.
  • Stripe: payment confirmation and subscription status. We do not receive or store your full payment card numbers.

3.4 Future Data Collection (Not Currently Active)

The following capabilities are planned for future versions. We will update this Privacy Policy and obtain appropriate consents before activating these features:

  • Precise GPS location data for automatic state detection
  • Photos and associated metadata (EXIF data) uploaded as residency documentation
  • Calendar data imported from Apple Calendar, Google Calendar, or other calendar applications
  • Voice data for voice-based entry features
  • Financial documents including receipts and credit card statements
  • Data shared with tax professionals or attorneys through the advisor sharing portal

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and fulfill subscription payments
  • Calculate and display your state residency analysis
  • Generate alerts and notifications about your residency status
  • Send transactional emails (account creation, password reset, subscription receipts)
  • Respond to customer support inquiries
  • Improve and develop new features of the Service
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We do not use your residency data, location history, or personal information for advertising purposes. We do not sell your personal information to third parties.

5. Legal Basis for Processing (California Residents)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information. We process your personal information under the following legal bases:

  • Performance of a contract: Processing necessary to provide the Service you have subscribed to
  • Legitimate interests: Improving our Service, preventing fraud, and ensuring security
  • Compliance with legal obligations: Meeting our legal and regulatory requirements
  • Consent: Where you have explicitly consented to specific processing activities

6. How We Share Your Information

6.1 Service Providers

We share your information with trusted third-party service providers who assist us in operating the Service:

  • Supabase (Supabase Inc.): Database hosting and authentication services. Your data is stored on AWS infrastructure in the United States.
  • Stripe (Stripe, Inc.): Payment processing. Stripe is PCI-DSS compliant and processes payment information directly.
  • Vercel (Vercel Inc.): Website and API hosting. Vercel may log request metadata including IP addresses.
  • Expo (Expo Technology Inc.): Mobile application build and distribution services.
  • Anthropic (Anthropic, PBC): AI-powered document analysis (future feature). We will provide additional disclosure and obtain consent before activating this feature.

6.2 Professional Sharing

If you choose to use the advisor sharing feature, you may generate a secure link to share your residency data with a tax professional or attorney. This sharing is entirely voluntary, limited to read-only access, and revocable by you at any time. We do not share your data with professionals without your explicit action.

6.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities. We will notify you of such disclosure to the extent permitted by law.

6.4 What We Do Not Do

  • Sell your personal information to third parties
  • Share your residency data or location history with data brokers
  • Use your data for targeted advertising
  • Share your information with your former state of residence or any tax authority

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service:

  • Account data: Retained for the duration of your account plus 30 days after account deletion
  • Day entry and residency data: Retained for the duration of your account, then permanently deleted 30 days after account deletion
  • Payment records: Retained for 7 years as required by applicable tax and accounting laws
  • Log data: Retained for 90 days for security and debugging purposes

You may request deletion of your data at any time. Note that we may be required to retain certain information for legal compliance purposes.

8. Data Security

We implement industry-standard security measures to protect your personal information:

  • All data transmitted between the app and our servers is encrypted using TLS/SSL
  • Passwords are hashed using industry-standard algorithms and never stored in plain text
  • Authentication tokens are stored using iOS Secure Enclave via expo-secure-store
  • Database access is protected by Row Level Security ensuring users can only access their own data
  • Payment processing is handled entirely by Stripe, which maintains PCI-DSS Level 1 compliance
  • Access to production systems is restricted to authorized personnel only

While we implement these safeguards, no method of transmission over the Internet is 100% secure. In the event of a data breach, we will notify you as required by applicable law including California Civil Code Section 1798.82.

9. Your Rights

9.1 Rights of California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about the personal information we have collected about you and how it is used
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights
  • Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information to what is necessary to provide the Service

9.2 How to Exercise Your Rights

To exercise your rights, contact us at threegreyhairs@icloud.com with the subject line "Privacy Rights Request." We will respond within 45 days. We may need to verify your identity before processing your request.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at threegreyhairs@icloud.com.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services not owned or controlled by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction. We transfer data to the United States and process it there. By using the Service, you consent to this transfer. We take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.

13. Beta Program

If you are participating in our beta program, you have agreed to our Beta Participation Agreement in addition to this Privacy Policy. Beta users should be aware that:

  • Beta versions of the Service may contain bugs or errors
  • Beta data may be reset or deleted during the testing period
  • We may collect additional diagnostic information during beta to improve the Service
  • Feedback you provide during beta testing may be used to improve the Service

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page, updating the "Last Updated" date, and sending in-app notification or email for material changes. Your continued use of the Service after changes are posted constitutes your acknowledgment of those changes.

15. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: threegreyhairs@icloud.com
  • Website: www.exoduscleric.com
  • Mail: Three Grey Hairs LLC, California, United States

For California residents exercising CCPA/CPRA rights, please include "Privacy Rights Request" in the subject line.

© 2026 Three Grey Hairs LLC · All rights reserved · Home · Sign In