User Data Transparency

Data collected

The app stores your account email, goals, reminder preferences, check-in answers, AI-assisted progress recaps, and reminder-delivery records.

Encryption

Check-in answers and summaries are encrypted by the application before they are stored in Supabase. Dates, account ownership, and linked goal identifiers remain readable so the app can organize your history and reminders.

Authenticated server code can decrypt this content using keys stored outside Supabase. This is server-managed encryption, so users do not currently hold or manage their own encryption keys.

AI processing

When AI assistance is used, relevant answers may be temporarily decrypted by the application server and sent to OpenAI to generate personalized check-in questions or progress recaps.

Service providers

Supabase provides accounts and database storage, Vercel hosts and runs the web application, OpenAI provides AI features, and Resend delivers reminder emails.

Email reminders

If enabled, your confirmed account email and reminder time are used to send one daily reminder through Resend. Delivery events are recorded to prevent duplicates.

Retention and your choices

Data remains stored until the account or related records are deleted. You can disable reminders in Settings. During the private beta, deletion, export, correction, and privacy requests are handled manually.

Security limits

Application encryption protects readable database rows and backups. It does not protect content while an authorized server request is processing it, from a compromised application server, or while content is intentionally sent to an AI provider.

The service depends on securely backed-up historical encryption keys. Losing every copy of a required key would make the associated check-ins permanently unreadable.