Privacy Policy

From your Google sign-in: your email address, name, and profile picture.

Created automatically as you use the app:

• Your subscription status, plan, and renewal dates.
• Which practices you start, pause, and finish.
• Your distress slider check-ins (e.g. "tension at 4/10") so the practice can adapt and so you can see your progress over time.
• Reminders and favorites you set yourself.
• If you opt into Face ID / passkey login, an opaque credential id (not your face data — that stays on your device).
• If you opt into push notifications on iOS, an Apple-issued device token.

We do not collect: your contacts, your location, your microphone, your camera, your health data, or anything else outside the bullets above.

We share data with these third parties only when needed to make the app work:

• Google (sign-in) — verifies your identity. Their privacy policy applies to that step.
• Stripe (web subscriptions) — handles payment. We pass your email and a customer id; Stripe holds the card details, not us.
• Apple / RevenueCat (iOS subscriptions) — handles in-app purchases on iPhone. RevenueCat receives a per-app user id and the transaction event.

We do not sell, rent, or trade any of your data. We do not run advertising.

Account, subscription, and practice data live for as long as your account exists. If you delete your account (see below), we wipe everything immediately. Payment records are retained in an anonymised form (no name or email — just amount + timestamp) for 7 years to satisfy tax and accounting laws.

From Settings → Privacy you can:

• Download my data — gives you a JSON file with everything we hold on you.
• Delete my account — wipes your data immediately. This is permanent.

These cover GDPR Articles 15 and 17 (EU/UK) and CCPA §§ 1798.100 and 1798.105 (California). If you'd rather email us, contact mscwellness@protonmail.com — we'll respond within 30 days.

Bilateral Calm is intended for users 18 and older. We don't knowingly collect data from anyone younger. If you believe a child has registered, email the address above and we'll remove the account.

If we ever change this policy, we'll show a notice on the dashboard so you have a chance to review before continuing.