Privacy Policy
The short version
Affirm Away collects only what it needs to run the app for you: your account, your personalization answers, and the app data you create (favorites, sessions, streaks, reminders, custom cards). We show no ads and we never sell your data.
What we collect
- Account information — your email address, name (when your sign-in provider shares it), and which sign-in methods you connect (Apple, Google, or email code).
- Personalization answers — the topics, feelings and goals you select during onboarding, used to tailor your affirmations.
- App data you create — favorites, custom affirmation cards, collections, reminder preferences, calm-session history, streak and reading progress. This syncs to your account so it follows you across devices.
- Device metadata — platform and device name for the "your devices" list in your account settings, so you can sign out other devices.
We do not collect your precise location, contacts, photos (except cards you explicitly save to your own Photos), or advertising identifiers.
How your data is processed
- Supabase hosts our database and authentication (servers in the United States). Access to your rows is restricted to your own account by row-level security.
- Apple and Google handle sign-in when you use "Sign in with Apple" or "Sign in with Google"; we receive only your verified identity token, email and name.
- Purchases are processed by the App Store or Google Play; we never see your payment details. If we adopt subscription infrastructure (e.g. RevenueCat), it will receive purchase receipts only.
Retention & deletion
Your data is kept while your account exists. You can permanently delete your account at any time in the app (Account → Delete account); this removes your account and all cloud data. After a deletion we retain a minimal record (account identifier, email, sign-in providers, dates) for up to 90 days for fraud and abuse prevention, then it is purged. Data already on your own device stays there until you remove the app.
Security
Data moves over encrypted connections (TLS). Sessions on your device are stored encrypted. Database access is guarded by row-level security so accounts can only read and write their own data.
Children
Affirm Away is not directed at children under 13, and we do not knowingly collect data from them.
Your rights
Depending on where you live (e.g. GDPR, CCPA), you may have rights to access, correct, export or erase your data. Deletion is built into the app; for anything else, contact us and we'll help.
Changes
If this policy changes materially, we'll update this page and note it in the app.
Contact
The Affirm Away team · [email protected] — a real person reads and answers.