Privacy Policy

1. Introduction

SoulPoem respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile application.

2. Information We Collect

2.1 Account Information

• Email address (for authentication and communication)
• Display name (from Google/Apple sign-in or user-provided)
• Authentication tokens (for secure access)
• Profile information (avatar, bio - optional)

2.2 Onboarding and Preferences Data

• Personal details: Name, birth year, location (optional)
• Poetry preferences: Favorite poets, experience level, reading frequency
• Emotional preferences: Current mood, mood goals, emotional triggers
• Usage intentions: Primary use case, sharing preferences, daily goals
• Personalization: Color preferences, font preferences, interface style

2.3 Poetry and Content Data

• Generated poems: Titles, content, styles, themes, word counts
• Generation prompts: Your inputs and requests for poem creation
• Generation metadata: AI model parameters, creation timestamps
• User ratings: Your feedback on generated poems
• Favorites: Poems you mark as favorites

2.4 Mood and Wellness Data

• Daily mood entries: Primary mood, secondary moods, mood scores
• Daily inputs: Your personal reflections and thoughts
• Mood tracking: Before/after reading moods, improvement scores
• Reflection notes: Your personal notes and insights

2.5 Usage and Analytics Data

• App usage patterns: Features used, time spent, navigation patterns
• Device information: Device type, operating system, app version
• Performance data: Crash reports, error logs (anonymized)
• API usage: Request patterns for service optimization

2.6 Notification Data

• Push notification tokens: For sending daily reminders
• Notification preferences: Your chosen reminder times and types
• Delivery logs: Success/failure of notification delivery

2.7 Subscription Data

• Subscription status: Active subscription tier and renewal dates
• Billing information: Managed by Apple/Google (not stored by us)
• Usage patterns: Feature usage analytics for service improvement

3. How We Use Your Information

3.1 Primary Services

• Poem Generation: Creating personalized poems based on your preferences
• Mood Tracking: Helping you track emotional patterns and growth
• Daily Reminders: Sending notifications at your preferred times
• Personalization: Customizing the app experience to your preferences

3.2 Service Improvement

• AI Model Training: Improving poem quality using anonymized data
• Feature Development: Adding new features based on usage patterns
• Bug Fixes: Identifying and resolving technical issues
• Performance Optimization: Enhancing app speed and reliability

3.3 Communication

• Service Notifications: Important updates about your account
• Customer Support: Responding to your questions and issues
• Marketing: Only with your explicit consent

4. Data Sharing and Third Parties

4.1 AI Services

• Google Generative AI: For poem generation (text only, no personal identifiers)
• Background Image Generation: For creating poem backgrounds (premium users)

4.2 Authentication Services

• Supabase: For secure user authentication and database services
• Google Sign-In: If you choose Google authentication
• Apple Sign-In: If you choose Apple authentication

4.3 Infrastructure Services

• Cloudflare: For API hosting and content delivery
• Expo/EAS: For app distribution and updates
• Push Notification Services: Apple Push Notification Service, Firebase Cloud Messaging

4.4 Analytics and Monitoring

• Superwall: For subscription management and billing
• Anonymized usage analytics: For improving app performance

4.5 We DO NOT Share:

• Your personal poems or mood data with any third parties
• Your personal information for advertising purposes
• Your data with social media platforms
• Your information with data brokers

5. Data Storage and Security

5.1 Data Storage

• Primary Database: Supabase (PostgreSQL) with encryption at rest
• Backup Storage: Encrypted backups with 30-day retention
• Local Storage: Minimal caching on your device for offline access
• Geographic Location: Data stored in secure data centers (US/EU)

5.2 Security Measures

• Encryption: All data encrypted in transit and at rest
• Access Controls: Role-based access with minimum necessary permissions
• Authentication: Multi-factor authentication for administrative access
• Regular Audits: Security assessments and vulnerability testing
• Data Loss Prevention: Automated backups and disaster recovery

5.3 Data Retention

• Active Users: Data retained while account is active
• Deleted Accounts: Data permanently deleted within 30 days
• Analytics Data: Anonymized data retained for 2 years maximum
• Legal Requirements: Data may be retained if required by law

6. Your Rights and Choices

6.1 Account Management

• Access: View your personal data through the app
• Update: Modify your profile and preferences anytime
• Delete: Permanently delete your account and all associated data
• Export: Request a copy of your data in portable format

6.2 Privacy Controls

• Notification Settings: Control what notifications you receive
• Data Sharing: Opt-out of analytics data collection
• Marketing Communications: Unsubscribe from promotional emails
• Account Visibility: Keep your content private (default setting)

6.3 Legal Rights (GDPR/CCPA)

If you are in the EU or California, you have additional rights:

• Right to Know: What personal data we collect and how it's used
• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a structured format
• Right to Object: Object to processing of your personal data

7. Children's Privacy

• We do not knowingly collect personal information from children under 13
• If you are 13-17, you must have parental consent to use the app
• Parents can contact us to review or delete their child's information
• We comply with COPPA and similar children's privacy laws

8. International Transfers

• Your data may be processed in countries outside your residence
• We ensure appropriate safeguards for international data transfers
• EU users: Data transfers comply with GDPR requirements
• We use standard contractual clauses for international transfers

9. Cookies and Tracking

• No Web Cookies: Our mobile app doesn't use traditional web cookies
• Local Storage: Limited local data for app functionality
• Analytics: Anonymized usage patterns for app improvement
• No Cross-App Tracking: We don't track you across other apps

10. Data Breach Notification

• We will notify you within 72 hours of discovering a data breach
• Notifications will include what data was affected and steps we're taking
• We work with law enforcement and regulators as required
• Continuous monitoring helps prevent and detect breaches quickly

11. Changes to Privacy Policy

• We will notify you of significant changes 30 days in advance
• Changes will be highlighted in the app and via email
• Continued use after changes constitutes acceptance
• Previous versions available upon request

12. Contact Us

For privacy-related questions or requests: