Privacy Policy

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

We collect information that you voluntarily provide when you use the Services, including:

1.    Account Information: Email address, name, password, and authentication credentials (including OAuth tokens from Google and Apple Sign-In)

2.    Profile Information: Language preferences, selected goals, notification preferences, and other settings

3.    User Content: Affirmations, notes, and other content you create or store in the App (encrypted before storage)

4.    Payment Information: Billing address, payment card details, and transaction history (processed securely by Stripe)

5.    Communications: Messages you send to us, feedback, support requests, and survey responses

1.2 Information Collected Automatically

When you use the Services, we automatically collect certain information, including:

6.    Device Information: Device type, operating system, device identifiers (such as IDFA or Android Advertising ID), mobile network information, and device settings

7.    Usage Information: Features you use, pages you visit, time spent on the App, session duration, session completion rates, streaks, frequency of use, and interactions with content

8.    Location Information: General geographic location based on IP address or device settings

9.    Log Data: IP address, browser type, access times, referring/exit pages, and error logs

10.  Analytics Data: User behavior, feature usage patterns, conversion events, and performance metrics

1.3 Information from Third Parties

We may receive information about you from third-party sources, including:

11.  Authentication Providers: Information from Google, Apple, or other OAuth providers when you use social login features

12.  Payment Processors: Transaction information and payment status from Stripe

13.  Analytics Providers: Aggregated user behavior and demographic information from Mixpanel and other analytics services

14.  Advertising Networks: Information about your interactions with our advertisements on third-party platforms

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

15.  To provide, maintain, and improve the Services, including creating and managing your account, processing your affirmations, and delivering audio content

16.  To process payments and manage subscriptions, including trial periods, renewals, cancellations, and refunds

17.  To provide AI-assisted features by temporarily transmitting your input to third-party AI services (Anthropic and xAI) for processing and returning suggestions

18.  To send you transactional communications, including account notifications, subscription updates, password resets, and service announcements

19.  To send you marketing communications about new features, promotions, and other information (with your consent, where required)

20.  To send push notifications and email reminders based on your notification preferences

21.  To analyze usage patterns and user behavior through analytics services like Mixpanel to understand how users interact with the Services

22.  To personalize your experience and provide customized content based on your goals, preferences, and usage patterns

23.  To measure the effectiveness of our advertising campaigns and deliver targeted advertisements on third-party platforms

24.  To detect, prevent, and address technical issues, security threats, fraud, and illegal activities

25.  To enforce our Terms and Conditions and protect the rights, property, and safety of the Company, our users, and others

26.  To comply with legal obligations, respond to legal requests, and protect our legal rights

3. DATA ENCRYPTION AND SECURITY

3.1 Encryption

Your affirmations and personal content are encrypted at rest using industry-standard encryption before being stored in our Firebase database. This means your affirmations are encrypted on your device before being transmitted to our servers, and they remain encrypted in our database. Your affirmations are only temporarily decrypted when necessary for AI processing or display within the App.

3.2 Security Measures

We implement reasonable technical, administrative, and physical security measures to protect your information from unauthorized access, use, disclosure, alteration, and destruction. These measures include:

27.  Secure HTTPS/TLS encryption for all data transmission

28.  OAuth 2.0 for third-party authentication

29.  Rate limiting to prevent abuse

30.  Regular security audits and monitoring

31.  Access controls and authentication requirements for internal systems

3.3 No Absolute Security

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your information, and you acknowledge that you provide information at your own risk. If you become aware of any security breach, please contact us immediately at privacy@affirmations.app.

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

32.  Firebase (Google): Cloud infrastructure, authentication, database storage, and file hosting

33.  Stripe: Payment processing and subscription management

34.  Anthropic and xAI: AI-powered affirmation suggestions (your input is temporarily transmitted for processing and not permanently stored by these providers)

35.  Mixpanel: Analytics and user behavior tracking

36.  Postmark: Email delivery services

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

4.2 Advertising and Analytics Partners

We share information with advertising networks and analytics providers to measure campaign effectiveness and deliver targeted advertisements. These partners may use cookies and similar tracking technologies to collect information about your online activities. Our advertising partners include:

37.  Meta (Facebook and Instagram)

38.  Google (including Google Ads and YouTube)

39.  X (formerly Twitter)

40.  TikTok

41.  LinkedIn

42.  Snapchat

43.  Pinterest

44.  Reddit

4.3 Business Transfers

If the Company is involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

45.  Comply with legal obligations, court orders, or government requests

46.  Enforce our Terms and Conditions and other agreements

47.  Protect the rights, property, and safety of the Company, our users, or others

48.  Detect, prevent, or address fraud, security, or technical issues

4.5 With Your Consent

We may share your information with third parties when we have your consent to do so.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 What Are Cookies

We and our third-party partners use cookies, web beacons, pixels, software development kits (SDKs), and similar tracking technologies to collect information about your use of the Services and other websites and applications. Cookies are small data files stored on your device that help us recognize you, remember your preferences, and understand how you interact with our Services.

5.2 Types of Cookies We Use

49.  Essential Cookies: Required for the Services to function properly, including authentication and security

50.  Analytics Cookies: Help us understand how users interact with the Services through tools like Mixpanel

51.  Advertising Cookies: Used to deliver targeted advertisements and measure campaign effectiveness across platforms like Meta, Google, YouTube, X, TikTok, LinkedIn, Snapchat, Pinterest, and Reddit

52.  Preference Cookies: Remember your settings and preferences, such as language and theme

5.3 Mobile Identifiers

When you use our mobile app, we and our partners may collect mobile advertising identifiers (such as Apple's IDFA or Google's Advertising ID) to deliver personalized advertisements and measure their effectiveness. You can limit ad tracking or reset your advertising identifier in your device settings.

5.4 Your Choices

Most web browsers are set to accept cookies by default. You can choose to set your browser to remove or reject cookies, but this may affect the functionality of the Services. You can also opt out of interest-based advertising by visiting the Digital Advertising Alliance's opt-out page or the Network Advertising Initiative's opt-out page.

For mobile apps, you can limit ad tracking in your device settings: (1) iOS: Settings > Privacy > Advertising > Limit Ad Tracking; (2) Android: Settings > Google > Ads > Opt out of Ads Personalization.

6. PUSH NOTIFICATIONS AND EMAIL COMMUNICATIONS

6.1 Push Notifications

If you enable push notifications, we will send you daily reminders to complete your affirmations session at your selected time. Push notifications are delivered through Apple Push Notification Service (APNS) for iOS devices and Firebase Cloud Messaging (FCM) for Android devices. You can disable push notifications at any time in your device settings or in the App settings.

6.2 Transactional Emails

We send transactional emails for important account activities, including account creation, password resets, OTP verification, subscription changes, payment confirmations, and service announcements. You cannot opt out of transactional emails as they are necessary for the operation of your account.

6.3 Email Reminders

We may send you email reminders about your affirmations practice, streaks, and other usage-related notifications. You can manage your email reminder preferences in the App settings.

6.4 Marketing Emails

With your consent, we may send you promotional emails about new features, special offers, surveys, and other marketing communications. You can opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@affirmations.app.

6.5 Email Service Provider

All emails are sent through Postmark, a third-party email service provider. Postmark processes your email address and message content solely to deliver emails on our behalf and does not use your information for any other purpose.

7. ARTIFICIAL INTELLIGENCE AND DATA PROCESSING

7.1 AI Processing

When you use AI-assisted features to create or refine affirmations, your input text is temporarily transmitted to our AI service providers (Anthropic and xAI) for processing. The AI service processes your input and returns suggestions, which are displayed in the App. Important notes about AI processing:

53.  Your input text is transmitted in plain text (unencrypted) to the AI service for processing

54.  AI-generated suggestions are not permanently stored by us or by the AI providers

55.  You must review and approve AI suggestions before they are saved to your account

56.  Once you save an affirmation, it is encrypted and stored in our database

7.2 AI Provider Data Policies

Our AI providers (Anthropic and xAI) process your input according to their own data processing policies. We recommend reviewing their privacy policies to understand how they handle data. According to their policies, they do not use your data to train their models or retain it beyond the processing session.

7.3 Usage Limits

To prevent abuse and manage costs, we impose rate limits on AI features, including a maximum of 50 AI calls per user per day and time limits per editing session. These limits may be adjusted at our discretion.

8. DATA RETENTION

We retain your personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

57.  Account Information: Retained for the duration of your account plus a reasonable period after account deletion to comply with legal obligations and prevent fraud

58.  Affirmations and User Content: Retained while your account is active and for a limited period after account deletion (typically 90 days) to allow for account recovery

59.  Usage Data and Analytics: Retained in aggregated form indefinitely for business analytics and improvement purposes

60.  Payment Information: Transaction records retained as required by law and financial regulations (typically 7 years)

61.  Communications: Support requests and correspondence retained for up to 3 years

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal, accounting, or security purposes. Even after deletion, some information may remain in backup systems for a limited time before being permanently deleted.

9. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information:

9.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy of your data in a portable format.

9.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most of your information directly in the App settings.

9.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions. You can delete your account at any time in the App settings or by contacting us at privacy@affirmations.app.

9.4 Restriction and Objection

You have the right to restrict or object to certain processing of your personal information, particularly for marketing purposes. You can opt out of marketing communications and limit ad tracking as described in this Privacy Policy.

9.5 Withdraw Consent

Where we process your personal information based on your consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

9.6 Lodge a Complaint

You have the right to lodge a complaint with a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the European Economic Area are available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

10. INTERNATIONAL DATA TRANSFERS

The Company is based in the United States, and our service providers are located in the United States and other countries. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. However, we take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it. For transfers from the European Economic Area (EEA) or United Kingdom, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

By using the Services, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

11. CHILDREN'S PRIVACY

The Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Services or provide any information to us. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you believe we may have information from or about a child under 18, please contact us at privacy@affirmations.app.

12. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to or integrate with third-party websites, applications, or services that are not owned or controlled by the Company. This Privacy Policy applies only to the Services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

13. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

62.  The right to know what personal information we collect, use, disclose, and sell

63.  The right to request deletion of your personal information

64.  The right to opt out of the sale of your personal information (Note: We do not sell personal information)

65.  The right to non-discrimination for exercising your privacy rights

To exercise your CCPA rights, please contact us at privacy@affirmations.app with "California Privacy Request" in the subject line. We may need to verify your identity before processing your request.

California residents may also contact us to request information about whether we have disclosed personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes without your consent.

14. NEVADA PRIVACY RIGHTS

If you are a Nevada resident, you have the right to opt out of the sale of certain personal information to third parties. We do not currently sell personal information as defined by Nevada law. However, if you would like to exercise this right, please contact us at privacy@affirmations.app.

15. EUROPEAN ECONOMIC AREA (EEA) AND UK RIGHTS

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR), including:

66.  The right to access your personal information

67.  The right to rectification of inaccurate personal information

68.  The right to erasure ("right to be forgotten")

69.  The right to restriction of processing

70.  The right to data portability

71.  The right to object to processing based on legitimate interests

72.  The right to withdraw consent at any time

Legal Basis for Processing

We process your personal information on the following legal bases:

73.  Performance of a contract: To provide the Services you have requested

74.  Legitimate interests: To improve the Services, prevent fraud, and ensure security

75.  Consent: For marketing communications and certain data processing activities

76.  Legal obligations: To comply with applicable laws and regulations

16. DO NOT TRACK SIGNALS

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. The Services do not currently respond to DNT signals or similar mechanisms.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on our website and in the App, and by updating the "Last Updated" date. We may also notify you by email or through in-app notifications. Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

18. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Affirmations App LLC

30 N Gould St #50094

Sheridan, WY 82801

Email: privacy@affirmations.app

For data protection inquiries from EEA or UK residents, you may also contact our data protection representative (if appointed) through the email address above.

***

By using the Affirmations App, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.