1. The Short Version

• We collect what we need to run the app — nothing more.
• Your journal entries are yours. We don't read them, sell them, or use them to train AI.
• Your text is sent to Anthropic only to generate the AI reflections you request.
• We use Stripe for payments — we never store your card data.
• You can export or delete your data at any time.
• We don't run third-party trackers or sell your data. Ever.

2. Data We Collect

2.1 Account Information

• Email address
• A hashed version of your password (we never see your plain-text password)
• Display name (optional)

2.2 Profile & Assessment Data

To personalise your experience, we store the answers and derived scores from your Self-Discovery Assessment, including:

• Wound profile scores (rejection, abandonment, humiliation, betrayal, injustice)
• Dominant trauma response (fight, flight, freeze, fawn)
• Attachment style
• Current healing phase and streak counters

This is mental-health-adjacent data. We treat it with the same care as your journal entries.

2.3 Journal & Session Content

• Free-thinking journal entries (text)
• Structured shadow work session responses
• Voice memos you choose to upload (stored in Supabase Storage)
• AI reflections generated in response to your entries

2.4 Technical Data

• IP address (for session security and abuse prevention)
• Device type, operating system, and browser
• App usage timestamps (when you log in, complete sessions, etc.)

We do not currently use Google Analytics, Mixpanel, Segment, Meta Pixel, TikTok Pixel, or any other third-party analytics or advertising tracker.

2.5 Payment Data

We store only a Stripe customer ID associated with your account. We never see, store, or process your credit card number. Stripe handles all card data under their PCI-compliant systems. For iOS subscriptions, Apple processes payment — we only receive a subscription receipt and renewal state.

3. How We Use Your Data

• Run the app. Show your own data back to you — your entries, results, and progress.
• Generate AI reflections. Send the specific text you submit, plus the minimum profile/session context needed for that specific request, to Anthropic to generate a response.
• Send essential emails.Account, billing, security, and password-reset emails. We don't currently send marketing emails.
• Improve the app. Aggregate, anonymised analysis — for example, how many users complete a phase, or which features error out. We do not read individual journals.
• Keep things secure. Detect abuse, fraud, or violations of our Terms.
• Meet legal obligations. Respond to lawful requests, comply with tax and accounting rules.

4. Who We Share Data With

We share data only with service providers who help us run the app, under strict confidentiality and data-processing terms.

• Anthropic— processes your text to generate AI reflections. Per Anthropic's API terms, your content is not used to train their models.
• Supabase — stores your account, profile, journals, and voice memos. Data is encrypted at rest and in transit.
• Stripe — processes web subscription payments. Your card data is held by Stripe; it never reaches our servers.
• Apple — for iOS subscriptions, Apple processes payment and provides us with a receipt and subscription state.
• Law enforcement — only when required by valid legal process (court order, subpoena, or equivalent), and only to the minimum extent legally required.

We do not sell, rent, or trade your personal data. We do not share it with advertisers. We never will.

5. Your Rights

You have the right to control your data. Regardless of where you live, you can:

• Access the data we hold about you.
• Export your journal entries and assessment data.
• Correct inaccurate account info.
• Delete your account and all associated data.
• Opt out of marketing emails (note: we don't currently send any beyond essential service emails).

5.1 EU / UK Residents (GDPR)

If you're in the EU, UK, or EEA, you also have the right to object to or restrict processing, the right to data portability, and the right to lodge a complaint with your local data protection authority. Our legal bases for processing are: contract (running your account), consent (for the consent-based collection of mental-health-adjacent data), and legitimate interest (security, abuse prevention, basic analytics).

5.2 California Residents (CCPA/CPRA)

California residents have the right to know what categories of personal information we collect, the right to delete it, and the right to opt out of any sale or sharing for cross-context behavioral advertising. We don't sell or share your data for advertising — but you have these rights regardless.

To exercise any of these rights, email privacy@undersoul.app from the address on your account. We'll respond within 30 days.

6. Cookies & Local Storage

We use the minimum cookies and local storage required to keep you signed in:

• Supabase session cookies (auth token, refresh token)
• Browser local storage for small UI state (e.g. last-visited section)
• Temporary session storage during assessment flows; sensitive answers are cleared after results load

No advertising cookies. No third-party tracking. If we ever add analytics, we'll ask for your consent first and update this policy.

7. Data Retention

We keep your data while your account is active. When you delete your account, we delete your profile, journals, assessment data, and voice memos within 30 days. We may retain certain records (such as billing records and abuse logs) longer where legally required.

8. Children

Undersoul is intended for adults 18 and older. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, please contact privacy@undersoul.app and we will delete it.

9. International Transfers

Our servers and most providers are located in the United States. If you access Undersoul from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Security

We protect your data with industry-standard practices:

• TLS encryption for all data in transit
• Encryption at rest (Supabase managed databases)
• Row-Level Security (RLS) — your account can only ever read your own rows
• Optional Vault PIN check for sensitive archive views; this is a device privacy control, not end-to-end encryption
• Hashed passwords (we never store them in plain text)
• Regular dependency updates and security reviews

No system is 100% secure. If a breach occurs that affects your data, we will notify affected users and relevant authorities within 72 hours, as required by GDPR and applicable state laws.

11. Changes to This Policy

We may update this policy from time to time. If we make material changes, we'll notify you by email or in-app notice. The “Last updated” date at the top reflects the most recent revision.

12. Contact

Privacy questions, data requests, or concerns? Email privacy@undersoul.app. We read every message.