Legal

Privacy Statement

Future Self · joinfutureself.com Last updated: 13 June 2026 Effective: on App Store and Google Play launch

Pre-publication

Pre-publication. The company details are filled from the KVK record. Live app-store links will be added before App Store and Google Play launch.

This Privacy Statement explains how Improvement Labs, an eenmanszaak established in the Netherlands at Van der Poelstraat 57 C, 3021 VT Rotterdam, KvK 42039945, BTW-id NL005448561B16 ("Future Self," "we," "us," "our"), as data controller, processes your personal data when you use the Future Self mobile application, the joinfutureself.com website, related widgets, push notifications and customer-support channels (together, the "Service"). It is written to comply with Regulation (EU) 2016/679 ("GDPR"), the Dutch GDPR Implementation Act (Uitvoeringswet AVG), the ePrivacy Directive 2002/58/EC as transposed in the Telecommunicatiewet, and — where relevant — the UK GDPR and the Data Protection Act 2018.

For privacy enquiries, requests and complaints, contact hello@joinfutureself.com.

1. Quick summary

We collect only the data needed to sign you in, save your practice, deliver reminders, manage purchases and provide support.
We use a small number of carefully selected processors: Supabase (hosting, authentication, database, edge functions), RevenueCat (subscription management), Apple and Google (sign-in, app stores, push delivery), Expo (push relay), PostHog (privacy-focused product analytics, EU-hosted) and Sentry (crash reporting).
We do not sell or rent personal data, do not use it for behavioural advertising, do not embed advertising or attribution SDKs, do not load tracking cookies on the marketing website, and do not use your data to train machine-learning models.
You can export your data and delete your account from inside the app at any time.
You have the rights set out in Sections 11–13 below, including the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens.

2. Controller and contact details

Data controller: Improvement Labs, Van der Poelstraat 57 C, 3021 VT Rotterdam, the Netherlands. KvK 42039945, BTW-id NL005448561B16.

Privacy contact: hello@joinfutureself.com.

No data protection officer has been appointed. An EU representative under Article 27 GDPR is not applicable because the controller is established in the Netherlands.

3. The personal data we process

We process the following categories of personal data. Some categories apply only if you choose the related feature.

#	Category	Examples	Source
A	Identity & account data	Supabase user ID; email address (which may be an Apple Private Relay address `…@privaterelay.appleid.com` if you sign in with Apple and choose to hide your email); authentication-provider name (Apple, Google or email OTP).	You; Apple Sign-In; Google Sign-In; email-OTP via Supabase Auth.
B	Profile & preferences	Optional first name; theme and app-icon preference; daily-guidance cadence and tone; notification permission state; quiet-window settings; widget configuration.	You and your in-app settings.
C	Onboarding answers	Selected current "life season" (e.g. Starting over, Healing, Under pressure, Building momentum, Levelling up, Finding clarity); desired identity traits; up to two "blocker" patterns (e.g. Procrastination, Self-doubt, Burnout, Emotional overwhelm); free-text "future-self statement"; timezone.	You.
D	Practice & app content	Followed topics; saved quotes/affirmations; collections you create and name; statements you write; practice history (event type, payload metadata, timestamp).	You and your in-app activity.
E	Reminder & notification data	Reminder configuration; timezone (used to schedule pushes in your local time); Expo push token; scheduled-push records; delivery status.	You; your device; Apple/Google push systems; Expo Push; our edge functions.
F	Purchase & entitlement data	App-generated user ID linked to RevenueCat; App Store / Google Play receipt data; product ID; subscription status; entitlement state; webhook events from RevenueCat.	Apple; Google; RevenueCat; your purchase actions.
G	Product-analytics events (PostHog)	Pseudonymous events such as `sign_in` (provider name only), `sign_out`, `onboarding_complete`, `paywall_shown`, `paywall_purchased` (product/package ID), `paywall_cancelled`, `quote_saved/unsaved/shared` (line ID), `topic_followed/unfollowed` (topic ID); device class; app version; coarse country derived from IP at the EU PostHog endpoint and not stored with the event. We do not capture screen recordings, free-text content of statements, custom collection names, IDFA, or persistent advertising identifiers. Disabled in development builds.	Your in-app actions.
H	Crash & error diagnostics (Sentry)	Error type, stack trace, anonymised user ID, breadcrumb of recent navigation events, device/OS class, app version, network type. We do not intentionally include free-text content of statements or other content you write.	Automatic when an error occurs.
I	Support communications	Email address; the content of your messages; any device/app context you choose to share.	You.
J	Technical/security records	Authenticated session tokens (managed by Supabase Auth and stored in the operating-system keychain); access logs and edge-function logs at the level of table-level errors during deletion, aggregated planner statistics, aggregated push-delivery statistics, aggregated receipt-checker statistics — without user-PII payloads.	Your device; Supabase; Apple; Google; RevenueCat; Expo.

We do not intentionally collect contacts, photos, videos, microphone recordings, precise GPS location, advertising identifiers, biometric data, browsing history outside the app, or content from other apps.

Free-text fields. Statements you write, collection names you choose and your "future-self statement" can in principle contain anything you type, including personal or sensitive information. Please do not enter information you do not want stored, and in particular avoid entering special-category data within the meaning of Article 9 GDPR (such as data revealing health, sex life, religion, political opinions, ethnic origin or trade-union membership). The "blocker" and "life season" choices are pre-set options, not free text; we treat them as ordinary personal data describing user-stated personal-development context, not as health data, and we do not use them to infer any health condition.

4. Why we process this data, and the legal bases (Article 6 GDPR)

#	Purpose	Categories	Legal basis
1	Create your account, sign you in, maintain sessions, secure access.	A, J	Article 6(1)(b) — performance of the contract you enter into with us when you create an account.
2	Save and synchronise your profile, onboarding answers, followed topics, saved lines, collections, statements, history, preferences and widgets.	A, B, C, D	Article 6(1)(b) — performance of the contract.
3	Personalise which quotes/affirmations and topic packs we surface to you, based on your followed topics and onboarding answers.	C, D	Article 6(1)(b) — providing the personalised Service you signed up for. We do not engage in automated decision-making with legal or similarly significant effects (Article 22 GDPR).
4	Schedule and deliver push notifications you have enabled.	B, E	Article 6(1)(a) — your consent (the OS-level notification permission and your in-app guidance settings), which you can withdraw at any time.
5	Validate purchases, grant entitlements, enable restore-purchases, prevent purchase fraud.	A, F	Article 6(1)(b) — performance of the contract; Article 6(1)(f) — our legitimate interest in preventing fraud and abuse.
6	Understand product usage in aggregate using PostHog (e.g. paywall conversion, onboarding completion).	G	Article 6(1)(f) — our legitimate interest in operating, securing and improving a small product without behavioural advertising. A balancing assessment record is available on request. You may object under Section 11.
7	Detect, diagnose and fix crashes and errors using Sentry.	H	Article 6(1)(f) — our legitimate interest in providing a reliable Service.
8	Provide customer support; respond to data-rights requests.	A, I, J	Article 6(1)(b) — performance of the contract; Article 6(1)(c) — legal obligation when responding to GDPR rights requests.
9	Comply with legal, tax, accounting, app-store, dispute and law-enforcement obligations.	A, F, I, J	Article 6(1)(c) — legal obligation.
10	Defend, exercise or establish legal claims; security and abuse prevention.	All	Article 6(1)(f) — our legitimate interest.

We do not rely on consent except for purpose 4 (push notifications) and (where applicable to UK/EEA users) for the optional non-essential analytics described in Section 7. We do not rely on consent for the in-app sign-in itself.

5. Sources of personal data

From you: when you sign up, complete onboarding, write content, configure settings, contact support, or exercise rights.
From your device and the OS: timezone, push token, OS notification permission state, device/OS class, app version.
From Apple and Google: when you authenticate, when you make a purchase, when push messages are delivered, and when you exercise refunds at the store level.
From RevenueCat: subscription status updates and webhook events tied to your store purchase.
From Expo: push delivery receipts.
From PostHog and Sentry: pseudonymous product-analytics and error-diagnostics events triggered by your in-app actions or by crashes.

6. Sub-processors and other recipients

We use the processors below, all of whom are bound by data-processing agreements that meet Article 28 GDPR. Categories refer to Section 3.

Processor	Role	Categories	Hosting region
Supabase, Inc. (with sub-processor AWS)	Authentication, Postgres database, edge functions, export/deletion endpoints, push scheduling.	A, B, C, D, E, F, J	West EU (Ireland)
RevenueCat, Inc.	Receipt validation, subscription state, entitlements, restore-purchases.	A, F	United States
Apple Inc.	Apple Sign-In, App Store, StoreKit, APNs, refunds, subscription management.	A, E, F, J	United States and other Apple regions
Google LLC	Google Sign-In and, on Android, Google Play Billing and FCM push delivery.	A, E, F, J	United States and other Google regions
650 Industries, Inc. (Expo)	Expo Push token handling and push relay to APNs/FCM.	E	United States
PostHog Inc.	Product analytics. We use the EU Cloud endpoint (`eu.i.posthog.com`).	G	European Union (Frankfurt)
Sentry (Functional Software, Inc.)	Crash and error reporting.	H	European Union
Netlify	Hosting of the joinfutureself.com marketing website.	website logs (IP, user-agent)	Global CDN and hosting infrastructure
Zoho	Email for hello@joinfutureself.com support.	A, I	European data centers: Amsterdam, Netherlands and Dublin, Ireland

We may also disclose personal data (i) to professional advisers under confidentiality, (ii) to a successor in connection with a merger, acquisition, reorganisation or asset sale (subject to GDPR-equivalent protection), or (iii) to law-enforcement, regulatory or judicial authorities where legally compelled or strictly necessary to protect rights, safety and security.

We do not sell personal data, do not share personal data for behavioural advertising or cross-context behavioural advertising, and do not allow our processors to use your data for their own marketing purposes.

7. Cookies and similar technologies

Mobile app. The app does not use cookies. It uses local on-device storage to remember your preferences and to keep you signed in:

Encrypted MMKV — encrypted with AES via a key held in the operating-system keychain (expo-secure-store). Stores your Zustand-persisted preferences (auth state mirror, onboarding state, premium state, personalisation, topics, widgets, runtime).
OS keychain (Apple Keychain / Android Keystore) via expo-secure-store — stores the MMKV encryption key and authentication session tokens.
iOS App Group group.com.forthefutureself.app — shared with the home- and lock-screen widgets to display the daily line.

These mechanisms are strictly necessary to provide the Service you have requested and do not require consent under Article 5(3) of the ePrivacy Directive (Article 11.7a Telecommunicatiewet).

Marketing website (joinfutureself.com). At launch, the site uses only strictly necessary first-party storage (e.g. a preferences cookie). It does not load advertising cookies, analytics cookies or any third-party tracker. If we later add non-essential cookies, we will display a compliant cookie banner and obtain prior, freely-given, specific, informed and unambiguous consent. Server-side, the hosting provider keeps short-lived access logs (IP address, user-agent, requested URL, timestamp) for security and abuse prevention; legal basis Article 6(1)(f) GDPR.

8. International transfers (Chapter V GDPR)

Some of our processors are established outside the European Economic Area, including in the United States. When we transfer personal data outside the EEA, we rely on one or more of the following safeguards:

EU–U.S. Data Privacy Framework certification, where the recipient is certified (we periodically check the DPF list).
Standard Contractual Clauses adopted by the European Commission (Implementing Decision (EU) 2021/914), supplemented where applicable by the UK Addendum.
Additional technical and organisational safeguards (encryption in transit, encryption at rest, RLS-based least-privilege access, processor obligations, transfer-impact assessments).

A list of the specific transfer mechanism relied on for each non-EEA processor is available on request from hello@joinfutureself.com.

9. Retention

We keep personal data only as long as needed for the purposes set out in Section 4 and for the periods set out below. After these periods we delete or irreversibly anonymise the data.

Data	Retention
Account data (A) and user-owned content (B–E)	While your account is active. After you delete your account, the data is removed from Supabase typically within 30 days, except items kept under "Mandatory retention" below.
Push tokens (E)	Until the token is revoked by the OS, until you sign out, or for 6 months of inactivity.
Sent push records (E)	90 days, then aggregated into anonymous statistics or deleted.
Purchase & entitlement data (F) and RevenueCat events	While your subscription is active and for 7 years thereafter (Article 52 General State Taxes Act).
Product analytics (G — PostHog)	12 months at event level; aggregated metrics may be kept longer.
Crash diagnostics (H — Sentry)	90 days.
Support communications (I)	24 months after the last interaction.
Authentication sessions and refresh tokens (J)	While the session is valid; revoked on sign-out, account deletion or after the OS-level expiry.
Mandatory retention — information we are required to keep for tax, accounting, app-store, anti-fraud, dispute, security or law-enforcement reasons.	Statutory retention period (typically up to 7 years for Dutch tax records).

App-store purchase records and store-account information are independently retained by Apple, Google and RevenueCat under their own policies.

10. Security

We apply technical and organisational measures appropriate to the risk, including:

HTTPS/TLS everywhere (Supabase, RevenueCat, Apple, Google, Expo, PostHog, Sentry, our website).
At-rest encryption of the local store (MMKV) using AES with a key held in the device OS keychain via expo-secure-store.
Auth tokens stored in the OS keychain; not in plain MMKV.
Row-Level Security policies on user-scoped Supabase tables, with auth.uid() = user_id constraints.
Service-role separation: the Supabase service-role key is used only by server-side edge functions; client code uses the anon key.
Authenticated edge functions for export and deletion, with explicit per-table cascading delete.
Secret hygiene: cron edge functions require a dedicated CRON_SECRET; the RevenueCat webhook validates a shared secret with timing-safe comparison.
Crash reporting scrubbing for known sensitive fields.

No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours where required, and notify you without undue delay where the breach is likely to result in a high risk (Articles 33–34 GDPR).

11. Your rights under the GDPR / UK GDPR

Subject to the conditions in the GDPR, you have the right to:

be informed of how we process your personal data (this Statement);
access the personal data we hold about you (Article 15);
rectify inaccurate or incomplete data (Article 16);
erase your data — the "right to be forgotten" (Article 17);
restrict processing in defined circumstances (Article 18);
data portability for data you provided to us, in a structured, commonly used, machine-readable format (Article 20);
object to processing based on our legitimate interests, including the product analytics described in purpose 6 (Article 21);
withdraw consent at any time, where processing is based on consent — for example for push notifications — without affecting the lawfulness of processing carried out before withdrawal (Article 7(3));
not be subject to automated decision-making producing legal or similarly significant effects (Article 22). We do not carry out such decision-making; topic-based recommendation does not have such effects.

12. How to exercise your rights

You can use the in-app controls at any time:

Export. Settings → Account → Export my data returns a JSON export of the categories listed in Section 3 via the device share sheet.
Delete. Settings → Account → Delete account deletes your Supabase Auth record and your user-owned data in our database.
Notifications. Turn notifications off in iOS/Android Settings or in the app guidance settings.
Subscription. Manage or cancel through the App Store or Google Play account used for purchase.

You can also email hello@joinfutureself.com to exercise any right. We may need to verify your identity (typically by confirming control of the email address linked to your account) before fulfilling a request. We will respond without undue delay and at the latest within one month, extendable by two further months for complex requests, in line with Article 12(3) GDPR. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.

13. Right to lodge a complaint

If you believe our processing infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular the supervisory authority of your habitual residence, place of work or the place of the alleged infringement. In the Netherlands this is the Autoriteit Persoonsgegevens: autoriteitpersoonsgegevens.nl · Postbus 93374, 2509 AJ Den Haag. UK residents may complain to the ICO: ico.org.uk.

We would, however, appreciate the opportunity to address your concerns first — please contact hello@joinfutureself.com.

14. Children

The Service is not directed to children under 16 and we do not knowingly process personal data of children under 16 in reliance on consent (Article 8 GDPR). Where you are between 13 and 16 and your country has set a lower digital-consent age, we may process your personal data in reliance on consent only if a holder of parental responsibility consents on your behalf. Apple and Google operate their own age and family-account rules at the device and store level. The app stores rate the app 12+, but that rating is not the same as a privacy or contractual age. If you believe a child has registered without the appropriate consent, contact hello@joinfutureself.com and we will promptly take appropriate steps, which may include deletion.

15. Profiling and automated decisions

We use your followed topics and onboarding answers to decide which quotes, affirmations and topic packs to surface to you. This is content-recommendation profiling that does not produce legal or similarly significant effects within the meaning of Article 22 GDPR. We do not use automated decision-making to deny you access to the Service, to set prices, to score you, to determine eligibility for any feature based on inferences about you, or for advertising.

16. Push notifications

If you enable notifications, we store your Expo push token and timezone in our database and our edge functions plan and dispatch reminders within the cadence and quiet-window you choose. Push payloads contain only the daily affirmation or quote text. Payloads do not include your email, optional first name, custom statements, account identifiers or other personal details. You can disable notifications at any time in your device settings; if a token is reported invalid we will delete it.

17. Marketing

We do not currently send marketing emails. If we ever do, we will rely on your prior opt-in consent in line with Article 6(1)(a) GDPR and Article 11.7 Telecommunicatiewet, and every email will contain a one-click unsubscribe link.

18. Apple App Store privacy details

Apple requires app-privacy disclosures in App Store Connect. Based on the current implementation, expected disclosures include: Contact info (email), User content (custom statements, saved practice content; audio is not collected), Identifiers (user ID, push token), Purchases (purchase history through RevenueCat), Usage data (product interaction events through PostHog), and Diagnostics (crash data through Sentry). Any of these may be linked to your identity, none are used for tracking, and none are used for third-party advertising.

19. Changes to this Statement

We may update this Statement to reflect changes in our practices or in applicable law. We will revise the "Last updated" date and, for material changes, give you reasonable advance notice through the Service or by email. Continued use of the Service after the effective date means you have read the updated Statement.

20. Contact

Improvement Labs
Van der Poelstraat 57 C, 3021 VT Rotterdam
The Netherlands
KvK: 42039945 · BTW-id: NL005448561B16
hello@joinfutureself.com