Dr. Tim HoughThe Frustration Condition

Privacy

Privacy policy

Last updated: 12 May 2026

This Privacy Policy explains how The Frustration Condition collects, uses, and protects personal data. It is written to satisfy the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA). Contact: privacy@frustrationcondition.com.

1. Who is the controller / processor

For workspace facilitators who create accounts directly with us, we are the data controller. For team participants whose anonymous frustration responses are submitted through a workspace operated by their employer, we are the data processor acting on the workspace owner's instructions.

2. What we collect

  • Account data: facilitator name, email, encrypted password hash, workspace name, role.
  • Survey responses: open-text "frustration" sentences from team participants, with timestamps. No participant name or email is required.
  • Derived analysis: AI-generated clusters, summaries, suggested architectures, decisions, audit trail.
  • Operational logs: HTTP method, status, request id, timestamp, error stack traces — never the body of a response.
  • Audit log: who did what, with resource ids only — never response text.
  • Cookies: strictly necessary only — see the cookie inventory.

We do not use advertising IDs, browser fingerprints, or behavioral analytics. We do not sell or "share" personal data.

3. Lawful basis

Account operation rests on contract (GDPR Art. 6(1)(b)). Transactional and operational email rests on contract and legitimate interest (Art. 6(1)(f)). Participant responses are processed on the workspace controller's instructions. Security and audit logs rest on legitimate interest. Billing rests on contract and legal obligation.

4. Anonymity inside a workspace

The participant page is anonymous-first by design: a facilitator (or anyone else) cannot see who wrote which frustration. This is enforced at the API layer and locked in by regression tests.

5. AI sub-processors

Open-text responses are processed by large language models (OpenAI and Anthropic via the Replit AI Integrations proxy) for clustering, theming, and architecture suggestion. Both providers contractually agree that prompts are not used to train their general models. The full list of sub-processors is at /privacy/sub-processors. Workspace admins can request a tenant-level opt-out by emailing the privacy address above.

6. Retention

Workspace data is kept for the life of the workspace plus a 30-day grace period after cancellation. Account data is hard-deleted within 30 days of a deletion request. Audit logs are kept 13 months. Operational logs are kept 30 days. Encrypted backups expire on a rolling 35-day window.

7. International transfers

Our infrastructure is operated in the United States. Transfers from the EEA / UK rely on the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, plus the security measures listed in §9.

8. Your rights

Under GDPR / UK GDPR (Articles 15–22) and CCPA/CPRA (§§1798.100–135) you have the right to access, receive a portable copy, correct, delete, restrict, and object to processing. To exercise:

  • Facilitators: sign in, then GET /api/account/export for your data, or DELETE /api/account to delete your account. The Settings → Privacy panel wraps both.
  • Workspace admins: Workspace → Privacy → Export workspace data, or Delete workspace.
  • Team participants: contact your workspace administrator; they can remove your anonymous responses. You may also email us at the privacy address and we will route the request.

We respond to verifiable requests within 30 days (extendable by 60 for complex requests, with notice).

9. Security

Sensitive text and JSONB fields are encrypted at rest with AES-256-GCM using a key held only on the server. Passwords use bcrypt (12 rounds). All traffic is TLS 1.2+. Sessions are HTTP-only cookies, Secure in production. Access is enforced by role-based authorization with tenant isolation on every query, plus rate limits on authentication and admission endpoints. Every mutating action writes an audit-log row.

10. Cookies

We set only strictly necessary cookies. There are no analytics, advertising, or third-party tracking cookies to opt into. See the cookie inventory and the persistent Manage cookie preferences link in the footer.

11. Children

The Service is intended for workplace use by adults. We do not knowingly collect data from anyone under 16.

12. Special-category data

Open-text fields are intended for workplace frustrations. Participants are reminded in-product not to include health, religious, political, sexual-orientation, or other special-category information. We do not knowingly process special-category data.

13. Changes

Material changes will be announced in-app and emailed to workspace admins at least 30 days before they take effect. Sub-processor changes are listed at /privacy/sub-processors with the date of change.

14. Complaints

If you believe we have not handled your data properly, you may complain to your local supervisory authority — the ICO (UK), your member-state DPA (EU), or the California Privacy Protection Agency.

Related documents — Terms · Sub-processors · Cookie inventory