Legal
Privacy Policy
Version 2.0 - April 2026. Operative under Texas law. Pending final attorney sign-off.
Privacy Policy
Effective date: [Date — set by attorney before publishing] Last updated: [Date]
Camino Institute, LLC (a Texas limited liability company) ("Camino Institute," "we," "our") operates the Camino Institute website at camino.to and the Camino application under camino.to/app (collectively, the "Platform"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using the Platform, you agree to the practices described in this policy. If you do not agree, do not use the Platform.
1. Information We Collect
Account information. When you create an account, we collect your email address, the password hash (we do not store your password in plaintext), and any profile information you provide.
Payment information. Payments are processed by Stripe. We do not store your credit card number, banking information, or any other payment instrument. We retain a Stripe Customer ID linking your account to your Stripe records. Stripe's privacy policy governs the processing of your payment data.
Program content.
- Camino Lumen™ — when you participate in the 13-reflection program, we collect your responses to reflection prompts, the content of your AI-guided conversations, your optional journal entries, and any revisions you make to your prior responses.
- Lexica™ — when you participate in the 21-day program, we collect your daily reflection content, your conversation history with the AI, your vocabulary adoption record, your Camino Pacing System trajectory, and your participation pattern over the 21 days.
- These program contents are encrypted at rest (AES-256) and in transit (TLS 1.2+).
- This is the primary data the platform uses to generate your Personal Insight Snapshotâ„¢ (Lumen) and your Close Document (Lexica).
Assessment responses. When you complete the Three-Dimensional Coherence Self-Assessment (TDCSA) at the end of Camino Lumen™ and at Day 21 of Lexica™, we collect your item-level responses. We compute and store your Identity, Worldview, and Relationship subscale scores, your TDCI composite, and your Camino Transformation Index (CTI). These are stored at the item level — we do not aggregate and discard your raw responses.
Memory records. The Camino AI maintains six categories of memory records derived from your reflections. These records are encrypted, scoped to your account, and used only to deliver continuity across your reflections and to generate your program outputs.
Coaching session records. If you purchase coaching sessions with a Camino Coach, we record your purchases, scheduling, completion, and any notes the coach records about the session. All Camino Coaches are licensed providers; coaching itself is not a separate regulated credential. Coaching session notes are visible only to authorized Camino clinical personnel — they do not appear on any participant-facing surface and are encrypted at rest.
Layer 1 program-safety events. If Camino's automated safety-boundary checks flag content that may need support outside Camino (a "Layer 1 flag" - see Section 8), the platform creates a record of the event, pauses your session, sends an internal email notification for asynchronous program review, and provides you with crisis resources in the app. The flag record contains a category indicator (e.g., suicidal_ideation, self_harm, psychiatric_crisis), a timestamp, and a link to your participant context - but it does not include the specific phrase that triggered it.
If you are in imminent danger, call emergency services, call 911 in the United States, or go to the nearest emergency room. In the United States, you can always call or text 988 (Suicide and Crisis Lifeline) regardless of whether the platform has flagged your session.
Usage data. On the public marketing site at camino.to, we may collect standard technical data when public marketing analytics are enabled: pages visited, features used, session duration, device type, browser type, and IP address. Google Analytics 4 is the approved public-site analytics provider when that marketing analytics mode is enabled. **Inside the authenticated application at camino.to/app, we do not run analytics, tracking pixels, or any third-party measurement.** Your reflective surface is private.
Communications. If you contact us by email or through the contact form, we retain that correspondence in the Camino-controlled support@camino.to support mailbox. Privacy and data requests route through that same support intake. If privacy@camino.to is reserved, it is an alias into the same support mailbox only and is not a separate public mailbox for this release.
2. How We Use Your Information
We use the information we collect to:
- Deliver Camino Lumen™ and Lexica™ programs.
- Generate your Personal Insight Snapshot™ (after Camino Lumen™) and your Close Document (after Lexica™).
- Manage your account, your enrollments, and any coaching session purchases.
- Send transactional email related to your account: verification, reflection-availability notices, Snapshot or Close Document delivery, payment receipts, re-entry messages if you lapse from Lexica™ for 2+ days, coaching session confirmations and reminders.
- Apply our Camino Pacing System to calibrate AI engagement intensity per your trajectory.
- Track your vocabulary adoption rate during Lexica™ as a measure of program engagement.
- Improve the Platform and the quality of AI-generated content.
- Conduct internal research and validation of our assessment instruments — subject to the research consent process described in Section 7 and our separate Research Consent document.
- Respond to your inquiries.
- Comply with legal obligations.
We do not sell your personal information. We do not use your personal information for advertising. We do not run ads on the Platform.
3. AI-Generated Content
The Camino platform uses artificial intelligence to engage with your reflection responses, to generate your Personal Insight Snapshot™ and Close Document, to calibrate your Camino Pacing System level, to track your vocabulary adoption, and to identify content that may require outward crisis or emergency resources.
Your reflection content is processed by a single AI system designed by Walter Calvo, LCSW, DBA, with program-specific configuration. This system operates under a strict Socratic constraint — the AI asks questions to surface your insight; it does not prescribe, diagnose, advise, or instruct.
AI-generated content is not a clinical assessment, diagnosis, or treatment. It is a structured reflection tool. If you are experiencing a mental health crisis or symptoms requiring clinical attention, please contact a licensed mental health professional or a crisis service. In the United States, you can call or text 988 to reach the Suicide and Crisis Lifeline.
We use OpenAI as the primary AI infrastructure. OpenAI processes our conversation requests to generate AI responses; the data handling practices of OpenAI apply to that processing. We do not transmit your real name, your participant ID linked to identifying information, or your Stripe data to the AI provider — only the conversation content needed to generate the next AI response.
4. Data Retention
We retain your account data and program content as follows:
- While your account is active — all data is retained.
- If you cancel or are inactive — your account, program content, assessment responses, memory records, and coaching session records are retained for 90 days after your last activity, after which they are deleted unless you request earlier deletion.
- Anonymized research data — if you have consented to research participation (Section 7), anonymized derivatives of your assessment responses may be retained beyond 90 days as part of our ongoing instrument validation research. Your identity is not attached to retained research data.
- Layer 1 program-safety review records - these records are retained as part of Camino's safety-boundary and program-oversight log for at least seven years after account or program termination, or longer where required by law, professional recordkeeping obligations, disputes, audit needs, or documented safety needs.
- Deletion requests - you may request deletion of your data at any time by contacting us at
support@camino.to. Deletions are executed manually within 30 days of receipt to preserve program-record integrity. Some safety-boundary records (Section 8) may be retained beyond a deletion request where required by law or legitimate recordkeeping obligations.
Backups of the database (used solely for disaster recovery) follow the retention schedule of the backup target (Backblaze B2) — typically 7 days of daily backups, 4 weekly, and 6 monthly. Backups are encrypted at rest.
5. Third-Party Service Providers
We work with third-party service providers to operate the Platform. These providers process data on our behalf and are bound by data processing agreements where applicable:
- Stripe — payment processing (Lumen $97, Lexica $197, coaching session $197/session, package deal $294).
- Resend — transactional email delivery, including Layer 1 program-safety email notifications to Walter Calvo.
- OpenAI — AI conversation infrastructure.
- Google Analytics 4 — approved analytics provider for the public marketing site only (
camino.to) when public marketing analytics are enabled; not present inside the authenticated app. - Hostinger — Platform hosting (web application VPS and managed Postgres database). All Platform infrastructure runs on Hostinger.
- Backblaze B2 — encrypted backup storage for the Postgres database.
- GlitchTip — self-hosted error tracking. Run on Camino Institute infrastructure, not a third-party SaaS. Error payloads are scrubbed of participant content before being recorded.
We do not share your personal data with third parties for their own marketing purposes.
6. Security
We implement reasonable technical and organizational measures to protect your data:
- Encryption at rest. Reflective content, assessment responses, vocabulary records, memory records, coaching session notes, Personal Insight Snapshot content, Close Document content, and re-entry messages are encrypted at rest using AES-256-GCM with application-layer envelope encryption.
- Encryption in transit. All connections use TLS 1.2 or higher.
- Authentication. Passwords are hashed with bcrypt; we never store passwords in plaintext. Session tokens are httpOnly, secure, and SameSite-strict.
- Access controls. Reflection content and assessment responses are accessible only to your authenticated account. Walter Calvo's clinical console is gated by a clinician role and is not accessible to participants.
- Logging hygiene. We do not log reflection content, assessment responses, vocabulary records, or AI prompt content. Application logs and error reports are scrubbed of participant content before being recorded.
- Backups. Daily encrypted backups to Backblaze B2 with quarterly restore drills.
- Webhooks. All payment webhook signatures are verified before processing.
No system is perfectly secure. If you have reason to believe your account has been compromised, contact us immediately at support@camino.to.
7. Research Participation
At enrollment, you are given the opportunity to contribute your anonymized data to Camino Institute's instrument validation research. This is optional. Your access to the program is not conditioned on your participation in research. The research consent checkbox at sign-up is unchecked by default; you must actively select it to participate.
If you elect to participate, your assessment responses are anonymized before being included in the research data set. Your identity is not attached to research data. Your conversation content is not included in research data sets.
You may withdraw your research consent at any time by contacting us at support@camino.to. Withdrawal removes you from the research corpus going forward; it does not affect your access to the program. Anonymized research data already aggregated into research outputs (e.g., publications) cannot be retroactively removed.
The research program is described in detail in our separate Research Consent document, which you receive at enrollment and may review at camino.to/research-consent.
8. Program Safety Boundaries and Crisis Resources
Walter Calvo, LCSW, DBA, is the Co-Founder and Clinical Director of Camino Institute. He provides program oversight to the Platform - meaning he reviews AI behavioral specifications, sets safety-boundary standards for the product, and sets the standards for Camino Coaches, all of whom are licensed providers, who deliver add-on sessions.
This oversight is not clinical treatment, crisis care, emergency response, or real-time monitoring. Walter is not your clinician. The platform is not a clinical service. Camino does not promise that Walter or any Camino representative will monitor your reflections in real time, intervene in an emergency, contact you in time, or keep you safe.
If Camino's automated safety-boundary checks flag content that may need support outside Camino - including indicators of suicidal ideation, self-harm, active trauma activation, safety disclosure (such as domestic violence or threats), psychiatric crisis (such as reality-testing failure), or persistent distress over multiple sessions - the system will:
- Pause your reflection session.
- Create an internal Layer 1 program-safety review record.
- Provide you with crisis and emergency resources in the application.
The Layer 1 record is reviewed asynchronously for program oversight and documentation. That review is not emergency response or clinical care. If you are in immediate danger or may harm yourself or someone else, call 911 or local emergency services, or go to the nearest emergency room. In the United States, you can call or text 988 (Suicide and Crisis Lifeline) regardless of whether the platform has flagged your session.
9. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data (subject to the safety-boundary and professional-record retention requirements described in Section 4).
- Withdraw research consent.
- Opt out of marketing communications at any time via the unsubscribe link in any email.
To exercise any of these rights, contact us at support@camino.to. We will respond to verified requests within 30 days.
10. Children
The Platform is not directed at children under the age of 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us at support@camino.to and we will delete the account.
11. International Users
The Platform operates from the United States. If you access the Platform from outside the United States, you understand and consent to the transfer and processing of your data in the United States, subject to U.S. law. We do not currently maintain a separate GDPR or other regional compliance program; if regulatory scope changes, we will update this policy.
12. Changes to This Policy
We may update this policy from time to time. When we do, we will update the effective date above and notify active users by email if the changes are material. Continued use of the Platform after notification constitutes acceptance of the updated policy.
13. Contact
Camino Institute, LLC San Antonio, Texas
support@camino.to
© 2026 Camino Institute™. All rights reserved. The CAMINO Method™, Three-Dimensional Coherence™, Complete Coherence™, Grounded Generosity™, Camino Lumen™, Lexica™, Coherence Profile™, and Beyond Coaching™ are trademarks of Camino Institute, LLC.