Privacy Policy

Intentions is a quiet space for the parts of yourself you don't share casually — your hopes for the day, a difficult conversation you're working through, a thought you needed to put somewhere. We treat that material as private by default.

We collect the smallest amount of data we need to run the service. We don't sell your data, we don't rent it, and we don't use it to build advertising profiles. There are no third-party trackers in the app.

This page explains, in plain language, what we collect, why, who touches it, how long we keep it, and the rights you have over it. If anything here is unclear, write to us — the address is at the bottom.

We group what we collect into four categories, from least to most sensitive.

• Account data. Your email address, an optional display name, and the auth identifiers returned by Sign in with Apple or Google sign-in. We don't store your Apple or Google password — we only see the token those services hand us.
• Subscription data. Your plan tier, renewal status, trial state, and the receipt token provided by the App Store or Google Play. We never see or store your card number — that lives with Apple or Google.
• App content (most sensitive). The intentions you set, your daily check-ins (mood, energy, focus values), journal entries, conversations with the AI coach, voice notes, and oracle card draws. This is the content of your practice, and we treat it with the most care.
• Usage data. Crash logs, anonymized counts of how often a feature is used, app version, OS version, device model, and an anonymous installation identifier. We use this to fix bugs and understand which features are working.

No location data unless you opt in. We don't ask for, log, or store your location unless you explicitly enable a feature that needs it.

No tracking SDKs for advertising. Intentions does not embed Meta, TikTok, AppsFlyer, Adjust, or any comparable advertising or attribution SDK.

Everything we collect serves one of a small number of clear purposes:

• to deliver the core service — sign you in, sync your intentions and journal across devices, generate the daily ritual;
• to personalize the AI coach so its responses reflect the intentions you've set and the check-ins you've shared, instead of starting cold every session;
• to adapt practices, prompts, and breath patterns to your current mood, energy, and focus;
• to keep the app reliable — diagnose crashes, fix bugs, monitor performance;
• to send essential service emails (receipts, important changes, security notices) — never marketing without your consent;
• to process payments through the Apple App Store and Google Play.

When you talk to the AI coach, your messages are sent to a third-party model provider — currently OpenAI and Anthropic — to generate the response that comes back to you. That's how the conversation works at all.

Your conversations are processed under those providers' data-processing terms. We do not allow them to train their models on your conversations. The content is used to produce the response and then handled according to their retention rules for our account.

If you record a voice note, we transcribe it on our servers so the coach can read it. The raw audio file is deleted within 30 days; the transcript stays with the rest of your coach history under the retention rules below.

For users in jurisdictions that require it (the EU, the UK, and similar), here is the lawful basis we rely on under the GDPR:

• Performance of a contract. Most of what we do — running your account, syncing your content, generating coach responses — is necessary to provide the service you've subscribed to.
• Legitimate interest. Crash reporting, basic feature analytics, and security monitoring rest on our legitimate interest in keeping the app reliable and safe.
• Consent. Optional things — voice notes, location-aware features, marketing emails — run only after you've explicitly opted in. You can withdraw consent at any time.
• Legal obligation. A small set of data is kept where the law requires (tax records tied to subscription billing, for example).

We work with a short list of vendors. Each one is bound by a data-processing agreement and only handles the data needed for its specific role.

• Cloud infrastructure — Amazon Web Services and Google Cloud host our databases, file storage, and application servers.
• AI model providers — OpenAI and Anthropic generate coach replies, daily insights, and reflective prompts.
• Analytics — a privacy-respecting processor (for example PostHog or Plausible) handles aggregated, anonymous usage counts. No third-party ad analytics.
• Payment platforms — Apple and Google handle the actual transaction; we receive only the receipt.
• Customer support tools — when you email us, your message and the email address you wrote from sit inside our help-desk software so we can reply.

We never sell your data. We never trade it. We will only share it with a third party outside this list if you ask us to, or if we're legally required to (a court order, a valid legal request).

While your account is active, we keep your content so the app continues to work the way you expect. When you ask us to delete something, here's what happens:

• Account deletion — your personal content is purged from our active systems within 30 days. Backup tapes follow a separate cycle and roll off completely within 90 days.
• Coach conversation history — auto-purges 18 months after the conversation took place, unless you've saved that conversation to your library.
• Voice notes — the raw audio is deleted within 30 days of being recorded; the transcript follows the coach-history rule above.
• Billing records — kept as long as local tax law requires, typically 7 years, and only the minimum needed.

Security is a practice, not a checkbox. The work we do on it includes:

• Encryption in transit — every connection between the app and our servers uses TLS.
• Encryption at rest — your content, backups, and credentials are stored encrypted on disk.
• Role-based access — only a small number of engineers can reach production data, and access is logged.
• Regular penetration tests — we engage independent security firms to probe the app and our infrastructure on a recurring basis.

If a breach ever does occur and your data is affected, we will notify you within 72 hours where the law requires it, and as soon as practical otherwise.

Wherever you live, you have rights over the data we hold about you. Under the GDPR and the CCPA — and as a baseline for everyone — those rights include:

• Access — see what we have on you.
• Export — receive a copy of your content in a portable format.
• Correction — fix anything that's inaccurate.
• Deletion — ask us to remove your account and content.
• Portability — move your data to another service.
• Opt-out of optional analytics — turn off feature usage tracking from inside the app.

To use any of these rights, email [email protected] or open the app and go to Settings → Data. We'll respond within 30 days, and we won't charge for a reasonable request.

Intentions is not designed for, or directed at, anyone under the age of 13. Account creation requires you to confirm that you are at least 13 years old.

If we learn that we've collected information from a child under 13 without verified parental consent, we'll delete it. If you believe a child has signed up, please write to us at [email protected] and we'll act quickly.

Intentions is a global service. To deliver it, your data may move between jurisdictions, including the United States and countries in the European Economic Area, depending on where our infrastructure and vendors operate at any given time.

Where the law requires a transfer mechanism, we rely on the European Commission's Standard Contractual Clauses, plus supplementary measures where appropriate, to give your data the protection your home jurisdiction expects.

This marketing site uses no third-party tracking cookies. There's no Google Analytics, no Meta pixel, no retargeting. The only cookies set here are the strictly necessary ones the site needs to function.

If we ever add a privacy-respecting analytics cookie in the future, it will be opt-in — nothing will load until you tell us yes — and we'll explain what it does in plain language before asking.

Privacy practices evolve as the app evolves. When we change something material — what we collect, how we use it, or who we share it with — we'll let you know in advance through an in-app notice and, where appropriate, by email.

The “last updated” date at the top of this page is the simplest signal that something has changed. Minor edits (clarifying language, fixing a typo) may not get a separate notice, but the date will always tell the truth.

For privacy-specific questions — a data request, a concern about how something is handled, a worry about an account — write to [email protected].

For everything else, the general inbox is [email protected]. We read every message and try to reply within a few working days.