Privacy Policy

What We Collect

Account Information

When you sign in with Google or Apple, we receive your email address and a unique user identifier. We use this to create and maintain your account. We do not receive your passwords.

Journal Entries

Your voice recordings are uploaded to our servers solely to generate a text transcription. Raw audio is never stored — it is deleted immediately after transcription is complete. The resulting text, along with any AI-generated summary and tags, is stored in your account.

Practice and Usage Data

We store your daily practice prompts, journal streak, reminder time preferences, and app settings (such as PIN lock preferences and notification settings).

Device and Notification Data

If you enable reminders, we store an Expo push notification token associated with your account to deliver local notifications. This token is not shared with third-party advertisers.

Subscription Information

We use RevenueCat to manage subscriptions. RevenueCat may collect your App Store or Google Play purchase information to verify and manage your subscription status. We store only whether your account is currently subscribed. We do not store full payment details.

Analytics and Error Reporting

We collect anonymized usage events (such as sign-in, entry creation, and paywall interactions) via PostHog to understand how the app is used. We use Sentry to capture crash reports and error logs. Neither service is used for advertising purposes.

Feedback

If you submit in-app feedback, your message and email address are sent to our feedback system (Loops) so we can respond.

Marketing and Lifecycle Emails

If you create an account, we may send you emails related to your use of the app — such as a welcome message, tips for getting started, or re-engagement nudges if you haven't journaled in a few days. These emails are sent via Loops. You can unsubscribe at any time using the link in any email we send. Unsubscribing from marketing emails does not affect your account or app access.

What We Do Not Collect

• We do not store raw audio recordings.
• We do not collect your contacts, location, photos, or camera access.
• We do not sell your data to third parties.
• We do not use your data for advertising.
• Your PIN or biometric credentials never leave your device — they are stored locally in your device's secure enclave (iOS Keychain / Android EncryptedSharedPreferences).

How We Use Your Information

Third-Party Services

We use third-party services to operate the app. Each service processes only the data necessary for its function and is governed by its own privacy policy. The categories of services we use are:

• Database and authentication — stores your account data, journal entries, and settings; handles sign-in via Apple and Google
• Voice transcription — converts your audio recording to text; audio is sent over an encrypted connection and deleted immediately after transcription
• AI processing — generates entry summaries, tags, and weekly synthesis from your journal text; all keys are stored server-side and never included in the app
• Subscription management — verifies and manages your in-app subscription via the App Store or Google Play
• Analytics — collects anonymized usage events to help us understand how the app is used; not used for advertising
• Crash reporting — captures error logs and device diagnostics to help us diagnose and fix bugs
• Push notifications — delivers the reminder notifications you schedule; also handles over-the-air app updates
• Email delivery — sends transactional emails (such as feedback responses) and, if you opt in, lifecycle emails

All sensitive API credentials are stored server-side only. They are never included in the app binary or transmitted to your device.

Data Security

• All data is encrypted at rest using AES-256 via Supabase.
• All data in transit is encrypted using TLS.
• Row-level security (RLS) is enforced at the database level — your data is inaccessible to other users even at the infrastructure level.
• PIN and biometric data never leaves your device.

Data Retention and Deletion

You can delete your account at any time from the Settings screen. When you request deletion:

1. Your account is soft-deleted immediately — your data becomes inaccessible.
2. All your data (entries, profile, synthesis history) is permanently and irreversibly deleted within 10 days.
3. There is no way to recover data after the hard deletion completes.

Children's Privacy

Already There is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (available directly in the app via Settings → Delete Account)
• Export your data (available in a future update)
• Opt out of AI-generated weekly synthesis (available in Settings → Insights)

To exercise any of these rights, or to opt out of marketing emails, contact us at the address below or use the unsubscribe link in any email we send.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via in-app notice or email. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

If you have questions about this privacy policy or your data, contact us at:

Already There
info@alreadythere.life