Privacy Policy

1. Who we are

Data controller (GDPR): Break The Pattern LLC, 1309 Coffeen Avenue, STE 1200, Sheridan, Wyoming 82801, United States.

Contact: privacy@breakthepattern.app

2. Information we collect

We collect only what the App needs to function. We do not collect precise location, contacts, photos, health data, browsing history, or any data we sell to third parties.

Information you provide:

• Identity (name/nickname, email) for account creation
• Account credentials (hashed password or Apple ID token) for authentication
• Profile content (gratitudes, intentions, manifestation entries, achievements, habits, evening reflections, weekly highlights, list of people who matter to you) for core app functionality
• Configuration (daily screen-time limit, selected blocked apps, theme, notification times) for personalization
• Subscription (selected plan and trial status via RevenueCat) for billing

Information collected automatically:

• Usage events via PostHog (EU region) for analytics
• Crash data via iOS crash reports (opt-in) for bug fixing
• Purchase history via Apple/RevenueCat for subscription management
• User ID (UUID at signup) for linking data

Information we do NOT collect:

Precise geolocation, contacts, photos, videos, health/fitness/biometric data, browser history outside the App, advertising identifiers (IDFA).

3. Screen Time API (Family Controls)

The App uses Apple's Family Controls / Screen Time API to enforce the daily app limits you set for yourself. This is processed entirely on your device. We never see which apps you block or your usage patterns. You can disable the blocker at any time in Settings → Blocker.

4. How we use your information

App functionality, personalization, authentication, subscription management, analytics (PostHog EU), service emails only (no marketing unless opted in), legal compliance. We do not use your data for advertising or sell it.

5. Legal bases for processing (GDPR)

• Contract (providing the service)
• Legitimate interest (analytics, fraud prevention)
• Consent (notifications — withdrawable in iOS Settings)
• Legal obligation (tax records, lawful disclosure)

6. Who we share information with

• Supabase Inc. — database/auth hosting (US)
• RevenueCat Inc. — subscription management (US)
• PostHog EU — product analytics (EU)
• Apple Inc. — auth, payments, Screen Time (US)

No advertising networks, data brokers, or unlisted third parties.

7. International transfers

US-based. EEA/UK/Swiss transfers rely on EU Standard Contractual Clauses for Supabase and RevenueCat. PostHog stores analytics data in the EU.

8. Data retention

• Account + app content: until you delete your account (instant via Profile → Delete Account)
• Analytics: up to 12 months, then aggregated
• Subscription records: 7 years
• Backups: up to 30 days after deletion

9. Your rights

Access, correct, delete (via Profile → Delete Account), export (email privacy@breakthepattern.app), object to processing, withdraw consent.

EEA/UK: right to lodge complaint with local DPA.

California (CCPA/CPRA): right to know, delete, correct, non-discrimination — we do not sell or share personal information.

We respond within 30 days.

10. Children

13+ only. We do not knowingly collect data from children under 13. Contact privacy@breakthepattern.app to report.

11. Security

TLS encryption, Supabase Row-Level Security, hashed passwords, least-privilege access. No system is perfectly secure.

12. Changes

Material changes communicated in-app or by email 7 days before taking effect.

13. Contact

privacy@breakthepattern.app

Break The Pattern LLC, Attn: Privacy, 1309 Coffeen Avenue, STE 1200, Sheridan, Wyoming 82801