Privacy Policy

Effective date: [Date — set by attorney before publishing] Last updated: [Date]

Camino Institute, LLC (a Texas limited liability company) ("Camino Institute," "we," "our") operates the Camino Institute website at camino.to and the Camino application under camino.to/app (collectively, the "Platform"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using the Platform, you agree to the practices described in this policy. If you do not agree, do not use the Platform.

1. Information We Collect

Account information. When you create an account, we collect your email address, the password hash (we do not store your password in plaintext), and any profile information you provide.

Payment information. Payments are processed by Stripe. We do not store your credit card number, banking information, or any other payment instrument. We retain a Stripe Customer ID linking your account to your Stripe records. Stripe's privacy policy governs the processing of your payment data.

Program content.

• Camino Lumen™ — when you participate in the 13-reflection program, we collect your responses to reflection prompts, the content of your AI-guided conversations, your optional journal entries, and any revisions you make to your prior responses.
• Lexica™ — when you participate in the 21-day program, we collect your daily reflection content, your conversation history with the AI, your vocabulary adoption record, your Camino Pacing System trajectory, and your participation pattern over the 21 days.
• These program contents are encrypted at rest (AES-256) and in transit (TLS 1.2+).
• This is the primary data the platform uses to generate your Personal Insight Snapshot™ (Lumen) and your Close Document (Lexica).

Assessment responses. When you complete the Three-Dimensional Coherence Self-Assessment (TDCSA) at the end of Camino Lumen™ and at Day 21 of Lexica™, we collect your item-level responses. We compute and store your Identity, Worldview, and Relationship subscale scores, your TDCI composite, and your Camino Transformation Index (CTI). These are stored at the item level — we do not aggregate and discard your raw responses.

Memory records. The Camino AI maintains six categories of memory records derived from your reflections. These records are encrypted, scoped to your account, and used only to deliver continuity across your reflections and to generate your program outputs.

Coaching session records. If you purchase coaching sessions with Walter Calvo, LCSW, DBA (the Co-Founder and Clinical Director of Camino Institute), we record your purchases, scheduling, completion, and any notes Walter records about the session. Walter's coaching session notes are visible only to Walter — they do not appear on any participant-facing surface and are encrypted at rest.

Clinical flags. If the AI's Safety Agent detects an immediate clinical concern in your reflective content (a "Layer 1 flag" — see Section 8), the platform creates a record of the event, pauses your session, sends Walter an email notification, and provides you with crisis resources in the app. The flag record contains a category indicator (e.g., suicidal_ideation, self_harm, psychiatric_crisis), a timestamp, and a link to your participant context — but it does not include the specific phrase that triggered it.

Usage data. On the public marketing site at camino.to, we collect standard technical data: pages visited, features used, session duration, device type, browser type, and IP address. We use Google Analytics 4 for this. **Inside the authenticated application at camino.to/app, we do not run analytics, tracking pixels, or any third-party measurement.** Your reflective surface is private.

Communications. If you contact us by email or through the contact form, we retain that correspondence at support@camino.to and privacy@camino.to.

2. How We Use Your Information

We use the information we collect to:

• Deliver Camino Lumen™ and Lexica™ programs.
• Generate your Personal Insight Snapshot™ (after Camino Lumen™) and your Close Document (after Lexica™).
• Manage your account, your enrollments, and any coaching session purchases.
• Send transactional email related to your account: verification, reflection-availability notices, Snapshot or Close Document delivery, payment receipts, re-entry messages if you lapse from Lexica™ for 2+ days, coaching session confirmations and reminders.
• Apply our Camino Pacing System to calibrate AI engagement intensity per your trajectory.
• Track your vocabulary adoption rate during Lexica™ as a measure of program engagement.
• Improve the Platform and the quality of AI-generated content.
• Conduct internal research and validation of our assessment instruments — subject to the research consent process described in Section 7 and our separate Research Consent document.
• Respond to your inquiries.
• Comply with legal obligations.

We do not sell your personal information. We do not use your personal information for advertising. We do not run ads on the Platform.

3. AI-Generated Content

The Camino platform uses artificial intelligence to engage with your reflection responses, to generate your Personal Insight Snapshot™ and Close Document, to calibrate your Camino Pacing System level, to track your vocabulary adoption, and to detect clinical safety signals.

Your reflection content is processed by a single AI system designed by Walter Calvo, LCSW, DBA, with program-specific configuration. This system operates under a strict Socratic constraint — the AI asks questions to surface your insight; it does not prescribe, diagnose, advise, or instruct.

AI-generated content is not a clinical assessment, diagnosis, or treatment. It is a structured reflection tool. If you are experiencing a mental health crisis or symptoms requiring clinical attention, please contact a licensed mental health professional or a crisis service. In the United States, you can call or text 988 to reach the Suicide and Crisis Lifeline.

We use OpenAI as the primary AI infrastructure. OpenAI processes our conversation requests to generate AI responses; the data handling practices of OpenAI apply to that processing. We do not transmit your real name, your participant ID linked to identifying information, or your Stripe data to the AI provider — only the conversation content needed to generate the next AI response.

4. Data Retention

We retain your account data and program content as follows:

• While your account is active — all data is retained.
• If you cancel or are inactive — your account, program content, assessment responses, memory records, and coaching session records are retained for 90 days after your last activity, after which they are deleted unless you request earlier deletion.
• Anonymized research data — if you have consented to research participation (Section 7), anonymized derivatives of your assessment responses may be retained beyond 90 days as part of our ongoing instrument validation research. Your identity is not attached to retained research data.
• Clinical flags and dispositions — these records are part of Walter's permanent clinical oversight log and are retained indefinitely as required for clinical responsibility and possible regulatory review.
• Deletion requests — you may request deletion of your data at any time by contacting us at privacy@camino.to. Deletions are executed manually by Walter within 30 days of receipt to ensure clinical-record integrity. Some clinical records (Section 8) may be retained beyond a deletion request as required by law or by Walter's professional obligations as a licensed clinical social worker.

Backups of the database (used solely for disaster recovery) follow the retention schedule of the backup target (Backblaze B2) — typically 7 days of daily backups, 4 weekly, and 6 monthly. Backups are encrypted at rest.

5. Third-Party Service Providers

We work with third-party service providers to operate the Platform. These providers process data on our behalf and are bound by data processing agreements where applicable:

• Stripe — payment processing (Lumen $97, Lexica $197, coaching session $197/session, package deal $294).
• Resend — transactional email delivery, including the Layer 1 clinical flag email notifications to Walter Calvo.
• OpenAI — AI conversation infrastructure.
• Google Analytics 4 — analytics on the public marketing site only (camino.to); not present inside the authenticated app.
• Hostinger — Platform hosting (web application VPS and managed Postgres database). All Platform infrastructure runs on Hostinger.
• Backblaze B2 — encrypted backup storage for the Postgres database.
• GlitchTip — self-hosted error tracking. Run on Camino Institute infrastructure, not a third-party SaaS. Error payloads are scrubbed of participant content before being recorded.

We do not share your personal data with third parties for their own marketing purposes.

6. Security

We implement reasonable technical and organizational measures to protect your data:

• Encryption at rest. Reflective content, assessment responses, vocabulary records, memory records, coaching session notes, Personal Insight Snapshot content, Close Document content, and re-entry messages are encrypted at rest using AES-256-GCM with application-layer envelope encryption.
• Encryption in transit. All connections use TLS 1.2 or higher.
• Authentication. Passwords are hashed with bcrypt; we never store passwords in plaintext. Session tokens are httpOnly, secure, and SameSite-strict.
• Access controls. Reflection content and assessment responses are accessible only to your authenticated account. Walter Calvo's clinical console is gated by a clinician role and is not accessible to participants.
• Logging hygiene. We do not log reflection content, assessment responses, vocabulary records, or AI prompt content. Application logs and error reports are scrubbed of participant content before being recorded.
• Backups. Daily encrypted backups to Backblaze B2 with quarterly restore drills.
• Webhooks. All payment webhook signatures are verified before processing.

No system is perfectly secure. If you have reason to believe your account has been compromised, contact us immediately at privacy@camino.to.

7. Research Participation

At enrollment, you are given the opportunity to contribute your anonymized data to Camino Institute's instrument validation research. This is optional. Your access to the program is not conditioned on your participation in research. The research consent checkbox at sign-up is unchecked by default; you must actively select it to participate.

If you elect to participate, your assessment responses are anonymized before being included in the research data set. Your identity is not attached to research data. Your conversation content is not included in research data sets.

You may withdraw your research consent at any time by contacting us at privacy@camino.to. Withdrawal removes you from the research corpus going forward; it does not affect your access to the program. Anonymized research data already aggregated into research outputs (e.g., publications) cannot be retroactively removed.

The research program is described in detail in our separate Research Consent document, which you receive at enrollment and may review at camino.to/research-consent.

8. Clinical Oversight and Safety

Walter Calvo, LCSW, DBA, is the Co-Founder and Clinical Director of Camino Institute. He provides clinical oversight to the Platform — meaning he reviews AI behavioral specifications, monitors clinical safety signals, responds to immediate clinical events, and may deliver coaching sessions if you have purchased them.

This oversight is not clinical treatment. Walter is not your clinician. The platform is not a clinical service. Walter's role is to ensure the Platform operates safely and within his professional duty of care for the pilot population.

If the AI's Safety Agent detects an immediate clinical concern — including indicators of suicidal ideation, self-harm, active trauma activation, safety disclosure (such as domestic violence or threats), psychiatric crisis (such as reality-testing failure), or persistent distress over multiple sessions — the system will:

1. Pause your reflection session.
2. Notify Walter via email immediately.
3. Provide you with appropriate crisis resources in the application.

Walter reviews each Layer 1 event same-day and records a clinical disposition. In the United States, you can always call or text 988 (Suicide and Crisis Lifeline) regardless of whether the platform has flagged your session.

9. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (subject to clinical-record retention requirements described in Section 4).
• Withdraw research consent.
• Opt out of marketing communications at any time via the unsubscribe link in any email.

To exercise any of these rights, contact us at privacy@camino.to. We will respond to verified requests within 30 days.

10. Children

The Platform is not directed at children under the age of 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us at privacy@camino.to and we will delete the account.

11. International Users

The Platform operates from the United States. If you access the Platform from outside the United States, you understand and consent to the transfer and processing of your data in the United States, subject to U.S. law. We do not currently maintain a separate GDPR or other regional compliance program; if regulatory scope changes, we will update this policy.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the effective date above and notify active users by email if the changes are material. Continued use of the Platform after notification constitutes acceptance of the updated policy.

13. Contact

Camino Institute, LLC San Antonio, Texas

privacy@camino.to support@camino.to

© 2026 Camino Institute™. All rights reserved. The CAMINO Method™, Three-Dimensional Coherence™, Complete Coherence™, Grounded Generosity™, Camino Lumen™, Lexica™, Coherence Profile™, and Beyond Coaching™ are trademarks of Camino Institute, LLC.