Privacy Policy for SelfMap AI

1. Introduction

Welcome to SelfMap AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services ("Service").

By using SelfMap AI, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Service.

1.1 Medical and Clinical Disclaimer

NOT A MEDICAL OR CLINICAL SERVICE

SelfMap AI is NOT a medical, clinical, therapeutic, or healthcare service. This Privacy Policy relates to our personal development and wellness information application. The Service does NOT:

• Provide medical diagnosis, treatment, or advice
• Offer clinical assessments or professional healthcare services
• Replace professional medical, psychological, or psychiatric care
• Constitute a patient-provider relationship or therapeutic relationship
• Provide emergency medical or crisis intervention services

Privacy and Health Information:

While we collect wellness and mood-related data, this information is:

• NOT considered protected health information (PHI) under HIPAA or similar laws (we are not a covered entity)
• Collected for personal development and self-reflection purposes only
• NOT used for medical diagnosis, treatment, or clinical decision-making
• NOT shared with healthcare providers (unless you explicitly request this)

If you need medical or mental health services:

• Contact qualified healthcare professionals
• Seek emergency services for medical emergencies (911 or local emergency number)
• Contact crisis hotlines for mental health emergencies

Always consult qualified medical professionals for any health-related concerns. The Service is for informational purposes only and does not constitute medical or clinical advice.

2. Information We Collect

2.1 Account Information

When you register for SelfMap AI, we collect:

• Email address (required for account creation and authentication)
• Display name (optional, as provided by you)
• Password (encrypted and stored securely via Firebase Authentication)
• Account creation date and last update timestamp

2.2 Self-Assessment and Questionnaire Data

We collect information you provide through our questionnaires and assessments, including:

• Your responses to personality questionnaires about your goals, preferences, values, life circumstances, and behavioral patterns
• Demographic information such as age range, location, and other relevant background details you choose to share
• Self-assessments of your social preferences, wellness factors, and personal characteristics
• Questionnaire completion information including dates and assessment history

2.3 Activity and Progress Tracking Data

Through daily check-ins and activity tracking, we collect:

• Mood and energy indicators you provide during check-ins
• Schedule and activity information you choose to share
• Goals you set and track through the app
• Notes, reflections, or journal entries you choose to create
• Check-in timestamps and activity history

2.4 Generated Reports and Insights

Based on the information you provide, we create and store:

• Personalized reports analyzing your responses and patterns
• Historical records of your assessments and progress over time
• Customized recommendations tailored to your growth journey

2.5 Usage Data

We automatically collect:

• Device information (device type, operating system, app version)
• Usage statistics including:
  • Check-in frequency and streaks
  • Feature usage and engagement metrics
  • App feature usage patterns
• Timezone information (to provide accurate date-based features)
• Notification preferences and reminder settings

2.6 Profile Information

If you choose to provide:

• Profile picture (stored securely in Firebase Storage)
• Demographic information (as part of questionnaire responses)

2.7 Technical Data

• Authentication tokens (managed securely by Firebase Authentication)
• Device identifiers for notification delivery
• IP addresses (collected automatically by Firebase services)
• Browser/app event data for analytics purposes

2.8 Payment Information

If you make purchases or subscriptions, we collect transaction data including subscription status and purchase history. Payment method information is processed securely through third-party payment processors (RevenueCat and Stripe). We do not store full credit card numbers or CVV codes.

3. How We Use Your Information

3.1 Core Service Delivery

We use your information to:

• Generate personalized reports and insights using AI (OpenAI GPT-4 models)
• Provide personalized recommendations tailored to your goals and preferences
• Track your progress and provide assessments over time
• Maintain your account and authenticate your identity
• Deliver notifications about reminders, reports, and app updates

3.2 AI Processing

Your questionnaire responses and activity data are processed by:

• OpenAI's GPT-4 models via secure Firebase Cloud Functions
• Data is transmitted securely to OpenAI for the purpose of generating personalized content
• OpenAI processes your data according to their privacy policy (available at openai.com/privacy)
• We do not share your data with OpenAI for training their models without your explicit consent

3.3 Service Improvement

We analyze aggregated, anonymized data to:

• Improve our AI prompts and report generation quality
• Enhance user experience and app functionality
• Identify usage patterns to optimize features
• Debug technical issues and ensure app stability

3.4 Analytics and Marketing

We use analytics and marketing tools to:

• Understand user behavior and feature usage (via PostHog)
• Track app performance and conversion events
• Measure marketing effectiveness (via Meta Pixel)
• Optimize user acquisition and engagement
• Provide personalized experiences based on usage patterns

3.5 Communication

We use your email address to:

• Send account-related notifications (password resets, security alerts)
• Deliver service updates and important notices
• Respond to support requests

3.6 Data Aggregation

We may create aggregated, anonymized datasets that:

• Cannot identify individual users
• Are used for research and development purposes
• May be shared with partners or published (always in anonymized form)

3.7 Payment Processing

We use your payment information to process subscriptions and purchases through RevenueCat and Stripe, manage your subscription status, and send transaction confirmations.

4. Third-Party Services and Data Sharing

We work with trusted third-party service providers to help us operate SelfMap and deliver our services to you. These providers may access your information only to perform specific tasks on our behalf and are obligated to protect your information.

4.1 Infrastructure and Hosting

We use Google Firebase for cloud storage, user authentication, and app infrastructure. This means your data is stored on Google's servers and subject to Google's privacy practices.

Privacy policy: policies.google.com/privacy

4.2 AI-Powered Personalization

We use OpenAI's services to generate your personalized reports and recommendations. Your questionnaire data is sent securely to OpenAI for processing. According to their current API terms, this data is not used to train AI models.

Privacy policy: openai.com/privacy

4.3 Analytics and Performance

We use PostHog to understand how users interact with our app and identify ways to improve. This includes tracking app events, feature usage, and technical performance data.

Privacy policy: posthog.com/privacy

4.4 Payment Processing

We use RevenueCat and Stripe to handle subscriptions and payments securely. These services process your payment information, but we never see or store your full credit card details.

Privacy policies: revenuecat.com/privacy | stripe.com/privacy

4.5 App Infrastructure

We use Expo for mobile app deployment and push notification delivery.

Privacy policy: expo.dev/privacy

4.6 What We Don't Do

We do NOT:

• Sell your personal information to third parties
• Share your individual data with advertisers
• Use your data for purposes other than those described in this policy

5. Data Storage and Security

5.1 Storage Location

Your data is stored in:

• Firebase servers (hosted by Google Cloud Platform)
• Geographic location: Data may be stored in servers located in the United States or other countries where Google operates
• Firebase Storage for profile pictures (global CDN)

5.2 Security Measures

We implement industry-standard security measures:

• Encryption in transit (HTTPS/TLS for all data transmission)
• Encryption at rest (Firebase automatically encrypts stored data)
• Secure authentication via Firebase Authentication
• Access controls (only authenticated users can access their own data)
• Regular security audits and updates

5.3 Data Retention

We retain your data for as long as:

• Your account is active and you continue using the Service
• Necessary to provide services to you
• Required by law or for legal compliance
• Necessary for legitimate business purposes

5.4 Account Deletion

When you delete your account:

• All personal data associated with your account will be permanently deleted
• Profile pictures will be removed from storage
• Questionnaire responses and reports will be deleted
• Activity tracking data and check-ins will be removed
• This process may take up to 30 days to complete

Note: Some anonymized, aggregated data may be retained for research and analytics purposes and cannot be attributed to you.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access your personal data through the app
• Request a copy of your data in a portable format
• Export your data (feature available in app settings)

6.2 Correction and Updates

You can:

• Update your profile information at any time in the app
• Edit demographic information through the questionnaire
• Modify notification preferences in settings

6.3 Deletion

You have the right to:

• Delete your account through the app settings
• Request permanent deletion of your data (see Account Deletion section)
• Opt out of data collection by discontinuing use of the Service

6.4 Opt-Out Options

You can control:

• Notification settings (push notifications) through app preferences
• Analytics sharing (if available in settings)
• Data sharing for research (if applicable)

6.5 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at: support@selfmapai.com

6.6 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restrict processing of your data
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time

To exercise these rights, contact us at: support@selfmapai.com

7. Children's Privacy

SelfMap AI is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected information from a child under the applicable age, we will delete that information promptly.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (for transfers from EEA)
• Adequacy decisions where applicable
• Binding corporate rules or similar mechanisms

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• In-app notification for material changes
• Email notification (for significant changes affecting your rights)

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

10. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users within 72 hours (or as required by applicable law)
• Provide details about what information was compromised
• Recommend steps you should take to protect yourself
• Report to relevant authorities as required by law

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@selfmapai.com
• Address: 10983 Wellworth Ave, Los Angeles, CA 90024, United States

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United States, without regard to its conflict of law provisions.