Privacy Policy

Last Updated:

1. Introduction

This Privacy Policy describes how Record Reflect Recover ("we," "us," or "our") collects, uses, and protects information when you use our mobile application ("App"), website located at recordreflectrecover.com ("Website"), and related services (collectively, the "Service").

Who We Are: Record Reflect Recover is operated by a solo developer who is committed to protecting your privacy and being transparent about data practices. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

What This Policy Covers: This Privacy Policy applies to all information collected through the Service, including information collected on the Website and through the App. It does not apply to information collected offline or through other means, or to information collected by third parties that may link to or be accessible from the Service.

Your Consent: By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

2. Data Collected

We collect different types of information depending on how you interact with the Service. We have designed the Service to minimize data collection while providing functionality and improving the user experience.

2.1 Personal Data

Email Addresses: If you choose to sign up for email updates on the Website (for example, via our “Stay informed” form) or contact us, we may collect your email address. This information is collected through:

• MailerLite email signup forms on the Website
• Direct email communications to recordreflectrecover@protonmail.com

Journal Content: Your journal entries, reflections, and other content you create within the App are stored locally on your device. We do not collect, access, or transmit this content to our servers or any third parties. This data remains on your device and is encrypted at rest.

Contact Information: If you contact us via email, we may collect your name, email address, and any other information you choose to provide in your communication.

2.2 Non-Personal / Usage Data

We collect certain non-personal information automatically when you use the Service, subject to your consent where required by law:

• Website Analytics: When you visit the Website, we use Google Analytics to collect information such as:
  • Pages visited and time spent on pages
  • Referring websites or search terms
  • Browser type and version
  • Device type (mobile, tablet, desktop)
  • Operating system
  • IP address (anonymized by Google Analytics)
  • General geographic location (non-precise)
• App Analytics (Firebase Analytics): When you use the App and consent to analytics, we use Firebase Analytics (provided by Google) to collect information such as:
  • Device or app identifiers (e.g. for analytics)
  • App version and platform (iOS/Android)
  • Device model and operating system version
  • App usage patterns (features used, screen views, session duration)
  • General geographic location (country level, not precise)
• Crash Reporting (Firebase Crashlytics): When you consent to crash reporting, we use Firebase Crashlytics (provided by Google) to collect:
  • Device or app identifiers (e.g. for crash reporting)
  • Crash logs and stack traces when the App encounters an error
  • Device state at the time of the crash
  • App version and operating system version
• Cookies and Similar Technologies: The Website uses cookies and similar tracking technologies to collect usage data. You can control cookies through your browser settings.

Important: Analytics and crash data is aggregated and anonymized. We do not use this data to identify individual users or link it to your journal entries or personal content.

2.2a Optional Health and Fitness Data

If you enable the health snapshot feature, the App can optionally read health and fitness data from your device (e.g. Health Connect on Android or HealthKit on iOS), such as steps, sleep, heart rate, SpO2, and similar metrics. This data:

• Is used only for the health snapshot feature within the App
• Is stored only on your device and is not sent to our servers
• Is not used for analytics or shared with third parties

You control whether to connect health data; the App does not access it unless you grant permission.

2.2b Optional Location (Weather)

If you enable the optional weather feature, the App may use your device's location to request weather data from our weather service provider. That location is used only to fetch weather for your area and is not stored on our servers. Weather results (and, if applicable, a cached location used for them) may be stored locally on your device for the feature to work. We do not use location for advertising or to identify you.

2.2c In-App Purchases and Subscription Status

Subscription and purchase status are handled by Apple (App Store) and Google (Play Store). The App may store entitlement information locally on your device (e.g. whether you have access to Pro features) so that features work correctly. We do not receive or store payment card details or full purchase history; those are processed solely by Apple and Google.

2.2d App Lock (Biometric / Passcode)

If you enable app lock, authentication uses your device's biometric (e.g. fingerprint, face) or passcode capability. Biometric data is processed only by your device's operating system and is not collected, stored, or transmitted by the App or by us.

2.3 Region Detection

To determine which privacy laws apply to you and provide the appropriate consent experience, we check your device's region setting and timezone when you first open the App. This processing:

• Happens entirely on your device
• Is not transmitted to our servers or any third party
• Is not stored or logged
• Is used solely to determine whether to show you a consent prompt (for EU/EEA/UK users) or apply opt-out defaults (for users elsewhere)

2.4 Third-Party Collection

The following third-party services collect or process information as part of providing their services:

• Firebase Analytics (Google): Collects app usage analytics as described above, subject to your consent. Google's collection and use of information is governed by Google's Privacy Policy.
• Firebase Crashlytics (Google): Collects crash reports and error logs, subject to your consent. Crashlytics is governed by Google's Privacy Policy.
• Cloudflare: When you use the optional weather feature, we use Cloudflare as a proxy to request weather data. Your device's location is sent to the weather service only to return weather for your area; Cloudflare and our weather provider do not retain that location for other purposes. See Cloudflare's Privacy Policy.
• Google Analytics (Website): Collects website usage analytics when you visit our Website. Google's collection and use of information is governed by Google's Privacy Policy.
• MailerLite: Collects email addresses and related information when you sign up for email updates through our Website. MailerLite's collection and use of information is governed by MailerLite's Privacy Policy.

We use Google Consent Mode v2 to respect your privacy choices. When you decline analytics consent, Google's services operate in a privacy-preserving mode that does not store identifiers or collect personal data.

3. Purpose of Collection

We collect and use information for the following purposes:

3.1 App Functionality

• To provide, maintain, and improve the Service

3.2 Improvement and Analytics

• To understand how users interact with the Service
• To identify and fix bugs, errors, and performance issues
• To improve user experience and develop new features
• To analyze usage patterns and trends (in aggregated, anonymized form)

3.3 Security

• To detect, prevent, and address technical issues and security threats
• To monitor for fraudulent or harmful activity
• To ensure the integrity and security of the Service

3.4 Optional Communications

• To send you updates about the Service (if you've opted in to email updates)
• To respond to your inquiries and provide customer support
• To notify you about important changes to the Service or this Privacy Policy

3.5 Lawful Basis (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction where GDPR applies, we process your personal data based on the following lawful bases:

• Consent (Art. 6(1)(a)): We process analytics data and crash reports based on your explicit consent. When you first open the App, you will see a consent prompt asking whether you agree to share anonymous usage and crash data. Analytics and crash reporting are disabled until you make a choice. You can withdraw consent at any time via the Settings screen.
• Consent (Communications): When you provide your email address for Website email updates or contact us, we process this data based on your consent, which you can withdraw at any time.
• Legitimate Interests (Art. 6(1)(f)): We process your device's region setting and timezone to determine whether GDPR applies to you. This minimal processing is necessary to provide the appropriate consent experience and ensure legal compliance. The data is processed locally on your device and is not transmitted or stored.
• Legal Obligation: We may process data to comply with legal obligations, such as responding to legal requests or protecting our rights.

4. How Data Is Used

We use the information we collect as follows:

4.1 Internal Use

• To operate, maintain, and provide the features and functionality of the Service
• To process and respond to your inquiries and requests
• To send administrative information, such as updates to our Terms of Use or Privacy Policy
• To monitor and analyze usage patterns and trends to improve the Service

4.2 Improvement and Error Monitoring

• To identify and fix bugs, crashes, and performance issues
• To develop new features and improve existing functionality
• To understand which features are most useful to users
• To optimize the Service for different devices and platforms

4.3 Optional User Communication

• To send you updates about the Service, new features, or beta access (only if you've opted in to email updates)
• To respond to your support requests or questions
• To send important notices about the Service

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

5. Data Sharing

We are committed to protecting your privacy and do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.1 Third-Party Service Providers

We share information with third-party service providers who perform services on our behalf (subject to your consent where required):

• Firebase Analytics (Google): If you consent to analytics, we share app usage data with Firebase Analytics to help us understand how users interact with the App. Firebase Analytics processes this data according to Google's Privacy Policy.
• Firebase Crashlytics (Google): If you consent to crash reporting, we share crash logs and error data with Firebase Crashlytics to help us identify and fix bugs. Crashlytics processes this data according to Google's Privacy Policy.
• Cloudflare (Weather): If you use the optional weather feature, your device's location is sent via Cloudflare to our weather provider solely to return weather data. The location is not retained by us or by Cloudflare for other purposes.
• Google Analytics (Website): We share website usage analytics with Google Analytics to help us understand how users interact with our Website. Google Analytics processes this data according to Google's Privacy Policy.
• MailerLite: We share email addresses with MailerLite to manage our email list and send subscriber communications. MailerLite processes this data according to MailerLite's Privacy Policy.

These service providers are contractually obligated to protect your information and use it only for the purposes we specify. Google has implemented Standard Contractual Clauses (SCCs) and participates in the EU-U.S. Data Privacy Framework to ensure adequate protection for international data transfers.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose information if we believe it is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

5.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

5.4 No Sale of Personal Data

6. Data Protection & Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

6.1 Encryption

• Local Storage: Your journal entries and reflections stored on your device are encrypted at rest using industry-standard encryption methods.
• Transmission: Data transmitted between your device and our servers (for analytics and communications) is encrypted using HTTPS/TLS protocols.

6.2 Access Safeguards

• We limit access to personal information to those employees, contractors, and service providers who need to know that information to process it on our behalf
• We require all service providers to maintain appropriate security measures
• We regularly review our data collection, storage, and processing practices

6.3 Your Role in Security

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for:

• Maintaining the security of your device (using passcodes, biometric authentication, etc.)
• Keeping your device's operating system and the App updated
• Backing up your data if you wish to preserve it
• Not sharing your device with unauthorized individuals

Important: We are not responsible for data loss due to device failure, loss, theft, damage, or user error. Your journal entries and reflections are stored locally on your device, and you are responsible for backing them up if desired.

7. User Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights.

7.1 Rights Under GDPR (European Economic Area & UK)

If you are located in the EEA or UK, you have the following rights:

• Right of Access: You can request a copy of the personal information we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete information.
• Right to Erasure ("Right to be Forgotten"): You can request that we delete your personal information, subject to certain exceptions.
• Right to Restrict Processing: You can request that we limit how we use your personal information.
• Right to Data Portability: You can request a copy of your personal information in a structured, machine-readable format.
• Right to Object: You can object to our processing of your personal information for certain purposes, such as direct marketing.
• Right to Withdraw Consent: If we process your data based on consent, you can withdraw that consent at any time.

7.2 Rights Under CCPA/CPRA (California)

If you are a California resident, you have the following rights:

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose.
• Right to Delete: You can request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out: You can opt out of the "sale" or "sharing" of your personal information (though we do not sell personal information).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You can request that we correct inaccurate personal information.

7.3 How to Exercise Your Rights

In-App Controls (Immediate):

• Withdraw analytics consent: Open Settings → toggle "Share Usage Data" off
• Withdraw crash reporting consent: Open Settings → toggle "Crash Reporting" off
• Delete all your data: Open Settings → "Clear All My Data" (permanently removes all local data and resets preferences, including consent choices)
• Delete specific entries: Delete individual journal entries or reflections directly within the App

Withdrawing consent is as easy as giving it — simply toggle off the relevant setting. Your choice takes effect immediately.

Contact Us:

To exercise other rights (access, portability, or to make a complaint), please contact us at recordreflectrecover@protonmail.com with:

• Your name and email address
• A clear description of the right you wish to exercise
• Any additional information that may help us process your request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

Note: Journal entries and reflections are stored locally on your device. We do not have access to this data. You can delete it directly through the App using the methods described above.

8. Data Retention

We retain different types of information for different periods:

8.1 Email Addresses and Contact Information

• We retain email addresses collected through the Website email signup until you unsubscribe or request deletion
• We retain email communications for as long as necessary to respond to your inquiry and for a reasonable period thereafter for record-keeping purposes

8.2 Analytics and Crash Data

• Firebase Analytics: 14 months (Firebase default retention period)
• Firebase Crashlytics: 90 days (Firebase default retention period)
• Website Analytics: Google Analytics retains data according to Google's data retention policies
• We may retain aggregated, anonymized analytics data indefinitely for business analysis purposes

8.3 Journal Entries, Reflections, and Consent Preferences

Your journal entries and reflections are stored locally on your device and are retained until you delete them or uninstall the App. We do not retain copies of this data on our servers.

Your consent preferences (whether you accepted or declined analytics) and the timestamp of your choice are stored locally on your device for audit purposes. This data is cleared when you use "Clear All My Data" or uninstall the App.

8.4 Deletion

You can request deletion of your personal information at any time by contacting us. Upon receiving a valid deletion request, we will delete your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes.

9. International Transfers

The Service is operated from the United States. If you are located outside the United States, please be aware that information we collect (with your consent) may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For EEA/UK Users: If you consent to analytics and crash reporting, your anonymized usage and crash data may be processed by Firebase (Google) on servers located outside the EEA/UK, including in the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Google's participation in the EU-U.S. Data Privacy Framework
• Technical measures including encryption in transit and at rest

Important: Your journal entries and reflections are stored locally on your device and are never transferred internationally. We do not collect or transmit this personal content.

Your Choice: If you are concerned about international data transfers, you may decline analytics consent (EU/EEA/UK) or opt out via Settings (elsewhere). The App will function fully without analytics enabled.

10. Children's Privacy

The Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

If you are under 18, you may only use the Service with the consent and supervision of a parent or legal guardian who agrees to be bound by our Terms of Use and this Privacy Policy on your behalf.

COPPA Compliance: We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on the Website with a new "Last Updated" date
• Providing in-app notification if you have the App installed
• Sending an email notification to the email address we have on file (for material changes only)

Effective Date: Changes will become effective immediately upon posting, except for material changes which will become effective 30 days after posting.

Your Continued Use: Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop using the Service.

Your Responsibility: You are responsible for reviewing this Privacy Policy periodically to stay informed of any updates. The "Last Updated" date at the top of this page indicates when this Privacy Policy was last revised.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: recordreflectrecover@protonmail.com
Website: https://recordreflectrecover.com

We will attempt to respond to your inquiry within a reasonable timeframe, typically within 30 days.

Data Protection Officer: As a small operation, we do not have a dedicated Data Protection Officer. Please direct all privacy-related inquiries to the email address above.