Privacy Policy
Draft — pending counsel review. Final version will be posted before App Store submission.
This Privacy Policy is a draft starting point for counsel review and is not legal advice. It explains how Future Self expects to collect, use, disclose, retain, protect, export, and delete information when you use the Future Self app and website.
1. Who We Are
Future Self is operated from the Netherlands. References to "Future Self," "we," "us," and "our" mean the developer and operator of the Future Self app and website. For purposes of the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG), the operator of Future Self is expected to be the data controller for the app data described in this Policy. For privacy questions or requests, contact hello@joinfutureself.com. Counsel should add the final legal entity name, trade name, registered office address, Netherlands Chamber of Commerce number (KvK-nummer), VAT identification number (btw-id), and any required data-protection officer or privacy contact details before this Policy is finalized.
2. Scope
This Policy applies to Future Self, a personal-development app built around quotes, affirmations, custom statements, reminders, widgets, saved lines, and topic-based future-self practice. It does not cover Apple, Google, RevenueCat, Supabase, Expo, or other third-party services when they process information under their own policies.
3. Short Version
- We collect the data needed to sign you in, save your practice data, deliver reminders, manage purchases, and support you.
- We do not use third-party analytics SDKs, advertising SDKs, tracking cookies, or fingerprinting.
- We do not sell personal data or share it with third parties for behavioral advertising or marketing.
- You can export your data at Settings → Account → Export my data.
- You can delete your account at Settings → Account → Delete account or by emailing us.
4. Information We Collect
The categories below reflect the app facts currently implemented or expected for launch. Some categories apply only if you choose the related feature.
| Category | Examples | Source |
|---|---|---|
| Account information | Email address, authentication provider name, Supabase user ID | You, Apple Sign-In, Google Sign-In, email OTP, Supabase Auth |
| Profile and preferences | Optional first name, theme preference, app icon preference, guidance cadence, guidance tone, notification permission state | You and your in-app settings |
| Practice and app content | Saved quote or affirmation lines, followed topics, collections, practice history, custom statements you write | Your app activity and content choices |
| Reminder and notification data | Reminder configuration, timezone for scheduling, scheduled-push records, Expo push tokens, delivery status records | Your device, notification permission, app settings, Supabase edge functions, Expo Push |
| Purchase and entitlement data | Anonymous or app-generated user ID used with RevenueCat, App Store or Google Play receipt data, product ID, subscription status, entitlement state | Apple, Google, RevenueCat, and purchase actions |
| Support communications | Email address, message content, purchase context you choose to provide, device/app details you include | You |
| Technical and security data | Auth sessions, access tokens handled by Supabase, server-function logs, timestamps, security and fraud-prevention records | App, device, Supabase, Apple, Google, RevenueCat, Expo |
We do not intentionally collect contacts, photos, videos, microphone recordings, precise GPS location, health records, advertising identifiers, or browsing history. Free-form custom statements may contain personal or sensitive information if you choose to write it; please avoid entering information you do not want stored in the app.
5. How We Use Information
- Account and authentication: create accounts, sign you in, maintain sessions, and support account security.
- App functionality: save and sync your profile, topics, saved lines, practice history, custom statements, preferences, reminders, and widgets.
- Personalization: provide topic-based quotes, affirmations, daily guidance, cadence, tone, theme, and icon preferences.
- Purchases: validate receipts, grant premium entitlements, restore purchases, prevent fraud, and respond to subscription-support requests.
- Push notifications: store push tokens and send the daily affirmation or quote text you enabled.
- Support: respond to emails, troubleshoot issues, and process data-rights requests.
- Security and legal compliance: protect the app, enforce our Terms, comply with law, and keep records where required.
We do not repurpose data for unrelated uses without further notice or consent where required by law.
6. Legal Bases Under GDPR/AVG
Where GDPR, the Dutch AVG framework, or similar privacy law requires a legal basis, we expect to rely on the following bases:
- Contract: to provide the app, account, paid features, exports, and deletion tools you request.
- Consent: for optional push notifications and any optional permission-based feature.
- Legitimate interests: for security, fraud prevention, support, service reliability, and non-advertising operational improvements.
- Legal obligation: for tax, accounting, app-store, dispute, law-enforcement, and compliance records where required.
7. Push Notifications
If you enable notifications, we store your Expo push token in Supabase and schedule pushes server-side through Supabase edge functions. Expo Push relays notifications to Apple Push Notification service and, if Android is offered, Google/Firebase Cloud Messaging. Push payloads contain the daily affirmation or quote text selected for delivery. They do not include your email, optional first name, custom statements, account identifiers, or other personal details.
You can disable push notifications in device settings. If a push token is reported invalid, we may delete it to avoid sending to an inactive device.
8. Purchases and RevenueCat
Future Self uses RevenueCat to validate purchases and manage subscription entitlements. RevenueCat may process an anonymous or app-generated user ID, App Store or Google Play receipt data, purchase history, product identifiers, and entitlement status. We do not use RevenueCat purchase data for third-party advertising or cross-app tracking.
Apple and Google process payment information under their own terms and privacy policies. We do not receive your full payment-card details.
9. Sub-Processors and Recipients
We share information only as needed to provide Future Self, comply with law, protect rights and safety, or complete a transaction you requested.
| Provider | Purpose | Data involved |
|---|---|---|
| Supabase | Authentication, Postgres database, edge functions, export, deletion, push scheduling | Account data, app data, settings, push tokens, server-function records |
| RevenueCat | Receipt validation, subscription status, entitlements, restore purchases | Anonymous or app-generated user ID, receipt data, purchase history, entitlement state |
| Apple | Apple Sign-In, App Store, StoreKit, APNs, refunds, subscription management | Apple account data, purchase data, push delivery data, store records |
| Google Sign-In and, if Android is offered, Google Play Billing and push delivery | Google account data, purchase data, push delivery data, store records | |
| Expo | Expo Push token handling and notification relay | Expo push token and notification payload while delivering the push |
These providers are expected to protect personal data at least as required by their agreements with us and applicable law. We may also disclose information if required by law, legal process, enforceable government request, or to protect the rights, safety, and security of Future Self, users, or others.
10. No Analytics, Ads, Sale, or Tracking
Future Self does not include third-party analytics SDKs, advertising SDKs, third-party tracking cookies, fingerprinting, IDFA collection, or ad attribution SDKs. We do not sell personal data. We do not share personal data for behavioral advertising. We do not knowingly allow third parties to use your app data to market third-party products to you.
11. Data Retention
We keep account and app data while your account is active or as needed to provide Future Self. We delete or de-identify user-owned app data when you delete your account, except for information we or our providers must keep for legal, tax, accounting, security, fraud-prevention, dispute, app-store, or payment-record reasons. Store purchase records are managed by Apple, Google, and RevenueCat under their own retention rules.
12. Your Privacy Choices and Rights
You can use the following controls in the app:
- Export: Settings → Account → Export my data returns a JSON export through the share sheet.
- Delete: Settings → Account → Delete account deletes your auth record and user-owned app data in Supabase.
- Notifications: turn notifications off in device settings or in the app where available.
- Subscription: manage or cancel subscriptions through the App Store or Google Play account used for purchase.
You can also email hello@joinfutureself.com to request access, correction, export, deletion, restriction, objection, portability, or other privacy help. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising privacy rights.
13. GDPR/AVG Privacy Rights
If GDPR, the Dutch AVG framework, or similar privacy law applies, you may have rights to be informed, access your data, correct inaccurate data, request erasure, restrict processing, receive data portability, object to certain processing, withdraw consent where processing is based on consent, and lodge a complaint with a supervisory authority. In the Netherlands, the supervisory authority is the Autoriteit Persoonsgegevens.
You may exercise these rights by emailing hello@joinfutureself.com or, for deletion/export, by using the in-app account controls described above. We may need to verify your identity before fulfilling a request, and we will respond within the timeframe required by applicable law.
14. Children’s Privacy
Future Self is rated 12+ by the app stores, but that rating is not the same as privacy consent. Future Self is not directed to children below the age at which they can lawfully consent to online services without parental authorization. In the Netherlands, children under 16 generally need consent from a parent or guardian for online services that process their personal data on the basis of consent. Sign-up is gated by Apple, Google, or email authentication, and Apple and Google have their own age and family-account rules. If you believe a child has provided personal information without required authorization, contact hello@joinfutureself.com and we will take appropriate steps.
15. International Transfers
Future Self is operated from the Netherlands under a Netherlands/EU assumption. Supabase and other providers may process information in the region configured for the project and in other locations where they or their infrastructure providers operate. Counsel or the release owner should confirm the final Supabase project region before publication. If personal data is transferred outside the European Economic Area, we expect to rely on an adequacy decision, standard contractual clauses, or another transfer safeguard required by applicable law.
16. Security
We use reasonable safeguards for a small app, including HTTPS, provider-managed authentication, platform-managed secure session storage, Supabase row-level security policies, least-privilege database access, service-role separation for server functions, and account deletion/export functions that require authenticated requests. No system is perfectly secure, and we cannot guarantee absolute security.
17. App Store Privacy Details
Apple requires app privacy details in App Store Connect. Based on the current app facts, expected disclosures may include contact information such as email, user content such as custom statements and saved practice data, identifiers such as user ID and push token, purchase history through RevenueCat, product interaction needed for app functionality, and diagnostics or technical records if collected by platform services. Counsel and the release owner should verify the final App Store privacy answers against the shipped binary and all SDKs before submission.
18. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date and provide additional notice where appropriate. If we materially change how we use information, we will handle the change as required by applicable law.
19. Contact
For privacy questions or requests, contact hello@joinfutureself.com.