Privacy Policy | Saraha Mind

Introduction

Saraha Mind ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App"). Please read this policy carefully to understand our practices regarding your personal data.

1. Information We Collect

1.1 Information You Provide Directly

When you use Saraha Mind, you may provide us with:

Account Information:

Name
Email address
Authentication credentials (via Apple Sign In or email/password)

User-Generated Content:

Journal entries and reflections
Voice journal recordings and transcripts when you choose to use voice features
Coach conversation history
Guided onboarding answers, including current intentions, selected life areas, roles, internal challenges, external pressures, first action preferences, notification preferences, and optional reflection responses
Personalization information, including guided onboarding answers, profile refresh answers, saved personalization summaries, personalization state, and the first onboarding insight shown in Inner Landscape
User-reviewed action plans, reminders, message/share drafts, calendar handoff details, and follow-up outcomes when you choose to create them
Some responses may include sensitive personal context if you choose to provide it, such as context about relationships, family, spirituality, finances, wellbeing, or identity

Subscription Information:

Purchase history
Subscription status
Payment information is processed entirely by the Apple App Store; we never receive or store your payment card or bank details

Health and Fitness Life-Area Context:

If you choose a broad life area labeled "Health & fitness," we treat that as user-provided journaling and onboarding context. Saraha Mind does not collect Apple Health, HealthKit, Motion and Fitness API, medical record, exercise sensor, or health research data.

1.2 Information Collected Automatically

Usage Data:

App features used
Frequency and duration of use
App performance data
Crash reports and error logs

We use limited product analytics and diagnostics to understand app reliability and feature usage. We do not use analytics for advertising, cross-app tracking, or data broker sharing.

Device Information:

Device type and model
Operating system version
Time zone and locale settings

1.3 Information from Third-Party Services

Authentication Providers:

When using Apple Sign In, we receive your name and email (if you choose to share them)

Payment Processors:

RevenueCat provides us with subscription status and purchase validation only (no credit card or payment details)

2. How We Use Your Information

We use the collected information to:

2.1 Provide Core Services

Enable journaling features
Transcribe and process voice reflections you start and save
Generate AI-powered coaching responses in the Coach Chat
Generate AI-powered insights in the Inner Landscape feature
Use guided onboarding and personalization information to personalize reflections, insights, and app experiences you request
Prepare user-reviewed action drafts, reminders, follow-up check-ins, share sheets, or calendar editors when you choose to take an action
Support optional profile refresh and personalization preferences

2.2 Improve Our Services

Analyze usage patterns to enhance features
Debug technical issues and improve performance
Develop new features based on user needs

2.3 Account Management

Authenticate your identity
Manage your subscription and access to premium features
Communicate important updates about your account

2.4 Legal and Safety

Comply with legal obligations
Protect against fraud and abuse
Enforce our Terms of Service

3. AI Processing

3.1 How AI Uses Your Data

Journal entries are processed by AI to generate personalized insights in the Inner Landscape feature
Voice content may be transcribed and processed by AI to provide voice journaling and coaching features
Coach conversations use AI to provide supportive, reflective responses
Guided onboarding, profile refresh, and personalization information may be processed by AI to create personalized reflections, first insights, and responses
Saved journal entries, user-authored coach messages, and action follow-up outcomes may be used to update personalization memory when personalization features are enabled
AI processing is used solely to deliver the features you interact with

3.2 AI Data Handling

AI processing occurs through secure, encrypted API connections to OpenAI
Your personal content is not used to train general AI models
AI-generated content is associated only with your account
OpenAI processes your data only to generate responses and does not retain it for model training

4. Data Storage and Security

4.1 Where We Store Data

User data is stored on secure Supabase servers, including authentication, database records, storage objects, operational logs, and backups
All data is encrypted in transit (TLS) and at rest

4.2 Security Measures

Industry-standard encryption protocols
Secure authentication systems
Row-level security policies ensuring data isolation between users
Regular security reviews

4.3 Data Retention

Active account data is retained while your account is active
Deleted content is removed from our active databases
Backups may retain data for up to 30 days after deletion
You can request complete account deletion at any time from within the App

4.4 Retention Periods

Journal entries, voice transcripts, and AI coaching conversations: retained while your account is active
User-reviewed action plans, action outcomes, and coach handoff context: retained while your account is active unless you delete relevant content, request supported personalization removal, or delete your account
Onboarding answers, personalization summaries, profile refresh answers, and personalization state: retained while your account is active unless you delete relevant content or delete your account
Action follow-up notifications use generic lock-screen copy; private action text is not stored in notification bodies
Privacy export and deletion audit records: retained as needed to complete privacy requests, maintain security evidence, and comply with legal obligations
Analytics data: 12 months
Rate limiting records: 30 days
Account data after deletion: removed from active systems immediately; backups purged within 30 days

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties. We do not use your data for advertising, advertising measurement, data broker sharing, or cross-company tracking.

5.2 Service Providers

We share information with the following trusted service providers solely to operate the App:

Supabase — database hosting, authentication, encrypted storage, operational logs, and backups
RevenueCat — subscription status management and purchase validation
PostHog — limited product analytics for app functionality and product improvement; advertising, session replay, autocapture, and cross-company tracking are not used
Sentry — crash reports and performance diagnostics used to debug and improve app reliability
OpenAI — AI processing for Coach Chat responses and Inner Landscape insights (your data is processed to generate responses but is not stored or used for model training by OpenAI)

These providers are contractually obligated to protect your information and use it only for providing services to us.

5.3 Native Device Handoffs

If you ask Saraha Mind to help with a message, share, reminder, or calendar action, the App first shows you a review screen. You choose whether to edit, dismiss, save, schedule, or open the native iOS sheet. Saraha Mind does not automatically send messages, save calendar events, invite attendees, or read your Contacts. Calendar event content is reviewed by you in the native iOS calendar editor before you save it.

5.4 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights or property
Prevent fraud or security issues
Protect the safety of users

5.5 Business Transfers

If Saraha Mind is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Your Rights and Choices

6.1 Access and Portability

You can request a copy of your data by contacting us at sarahamindapp@gmail.com. We will provide your data in a machine-readable format within 30 days. The App may also provide an export flow for supported account data.

6.2 Correction

You can update your profile information and content at any time within the App.

6.3 Deletion

You can delete individual journal entries or coach conversations, request removal of supported personalization information, or request complete account deletion from within the App. Account deletion will remove your data from our active systems. Where external service providers require manual deletion requests, we record and process those requests as part of privacy follow-up.

6.4 Subscription Management

You can manage or cancel your subscription through your Apple App Store account settings.

6.5 Communication Preferences

You can manage notification preferences through the App settings.

7. Children's Privacy

Saraha Mind is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to opt-out of the sale of personal information (we do not sell data)
Right to deletion of personal information
Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at sarahamindapp@gmail.com.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

Our legal bases for processing include:

Consent (for optional features)
Contract (to provide services you requested)
Legitimate interests (to improve and secure our services)

We obtain explicit consent for guided onboarding and personalization processing before those features are used. To exercise any of your rights above, contact us at sarahamindapp@gmail.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Your continued use of the App after changes indicates acceptance of the updated policy.

13. Data Protection Officer

For privacy-related inquiries or to exercise your rights, you can contact our privacy team at:

Saraha Mind Privacy Team
Email: sarahamindapp@gmail.com

14. Contact Information

For general questions about this Privacy Policy or our privacy practices:

Saraha Mind
Email: sarahamindapp@gmail.com
Website: https://www.sarahamind.com

For privacy-specific concerns:
Email: sarahamindapp@gmail.com

Your Privacy Matters

Your journal entries, coaching conversations, onboarding answers, and personalization information remain private and encrypted. AI processes your words only to generate the reflections and insights you request. You can export or delete supported data in the App. We do not run ads, sell your data, or track you across other companies' apps and websites.