Legal

Privacy Policy

Last updated: April 9, 2026 · Effective immediately · Applies to coherva.com and all Coherva services

Plain English summary: We collect your email address to send you daily research transmissions. We do not sell your data. We do not share it with advertisers. You can unsubscribe at any time with one click. That is the whole story.

1. Who We Are

Coherva is operated by Charles Vasquez ("we," "us," "our"). Our website is coherva.com. For privacy questions, contact us at hello@coherva.com.

2. Information We Collect

Information you provide:

Email address — when you subscribe to our daily transmissions or create a member account.
Name — optional, used to personalize your emails.
Payment information — collected and processed by Stripe. We never see or store your full card number.
Journal entries and practice logs — if you use the member dashboard. Stored securely in our database. Never shared.

Information collected automatically:

Analytics — with your consent, we use Microsoft Clarity to collect heatmaps and session recordings to improve the site. This is opt-in only via our consent banner.
Email engagement — whether you opened or clicked an email, via Resend. Used only to improve content quality and maintain deliverability.

3. How We Use Your Information

To send your daily research transmission at 7am Eastern.
To personalize your email with your first name.
To process your subscription payment via Stripe.
To provide access to the member dashboard and your personal journal and practice history.
To send transactional emails (login links, receipts, subscription confirmations).
To improve Coherva content and user experience using aggregated, anonymized analytics.

We do not use your information for advertising. We do not sell your data to any third party. Ever.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal data under the following legal bases:

Consent — for analytics (Microsoft Clarity) and marketing emails. You may withdraw consent at any time.
Contract — to fulfill your subscription and deliver the service you paid for.
Legitimate interest — for transactional emails (login links, receipts) and basic site security.

5. Third-Party Services

Service	Purpose	Data shared
Stripe	Payment processing	Email, payment info
Resend	Email delivery	Email, name
Supabase	Database (hosted in US)	Email, journal, practice data
Netlify	Website hosting	IP address, page visits
Microsoft Clarity	Analytics (consent-gated)	Session recordings, clicks — only with consent

All third-party services are bound by their own privacy policies and data processing agreements. We select only reputable, GDPR-compliant providers.

6. Data Retention

Email subscribers — retained until you unsubscribe. Inactive subscribers (no opens in 12 months) are reviewed and may be removed.
Member journal and practice data — retained as long as your account is active. Deleted within 30 days of account closure upon request.
Payment records — retained as required by Stripe and applicable tax law (typically 7 years).

7. Your Rights

Depending on your location, you may have the following rights:

Access — request a copy of your personal data.
Correction — request correction of inaccurate data.
Deletion — request deletion of your data ("right to be forgotten").
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interest.
Withdraw consent — withdraw consent for analytics at any time via the cookie settings gear icon on our site.
Unsubscribe — every email contains a one-click unsubscribe link.

To exercise any right, email hello@coherva.com. We will respond within 30 days.

8. Cookies

We use the minimum cookies necessary to operate the site:

Authentication cookies — necessary for member login. Cannot be disabled.
Analytics cookies — Microsoft Clarity. Opt-in only. Managed via the cookie consent banner.

We do not use advertising cookies. We do not use third-party tracking pixels.

9. Children's Privacy

Coherva is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at hello@coherva.com and we will delete it promptly.

10. International Transfers

Coherva is based in the United States. If you are located in the EU or UK, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses and the data processing agreements of our service providers (Stripe, Resend, Supabase, Netlify) to ensure adequate protection.

11. Security

We implement industry-standard security measures including HTTPS encryption, secure database hosting via Supabase, and access controls on all member data. No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we take it seriously.

12. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. Significant changes will be communicated via email to active subscribers.

Privacy Questions

Email: hello@coherva.com

Response time: within 30 days

For EU/UK residents: if we do not resolve your concern, you have the right to lodge a complaint with your local data protection authority.