# Privacy Policy

**Last updated: May 11, 2026**

This Privacy Policy describes how Reflect ("we", "us", or "our") collects, uses, and shares information about you when you use our mobile application **Reflect** ("App").

---

## 1. Information We Collect

### 1.1 Account Information
When you create an account, we collect your name and email address. You may sign in using Apple Sign-In or Google Sign-In. In those cases, we receive only the information you authorize the provider to share.

### 1.2 Usage and Analytics Data
We use Firebase Analytics to collect anonymized data about how you interact with the App, including screens visited, features used, and session length. This data does not include personally identifiable information (PII) and is used solely to improve the App.

### 1.3 Purchase Information
We use **Stripe** and **Apple In-App Purchase** to process payments. We do not store your full payment card details. Stripe and Apple handle all sensitive payment data subject to their own privacy policies.

We use **RevenueCat** to manage subscriptions and in-app purchase entitlements. RevenueCat may receive your anonymized user ID, purchase history, and device identifiers to provide this service.

### 1.4 Crash and Error Reports
We use **Sentry** to collect crash reports and error logs. These reports may include device type, operating system version, and a stack trace. We do not include PII or payment data in Sentry logs.

### 1.5 Push Notifications
If you grant permission, we use **Firebase Cloud Messaging (FCM)** to send push notifications. You can opt out at any time through your device settings.

### 1.6 Device Information
We may collect device identifiers (e.g., device type, OS version) for security and compatibility purposes.

---

## 2. How We Use Your Information

We use the information we collect to:

- Provide, maintain, and improve the App
- Process payments and manage subscription entitlements
- Send notifications you have opted into
- Monitor and fix technical issues
- Comply with legal obligations

---

## 3. How We Share Your Information

We do not sell your personal information. We share information only with the following third-party service providers, solely to operate the App:

| Service | Purpose |
|---|---|
| Supabase | Backend database and authentication |
| Firebase (Google) | Analytics, push notifications |
| Stripe | Payment processing |
| RevenueCat | Subscription management |
| Apple (In-App Purchase) | Payment processing on iOS |
| Sentry | Error monitoring |

Each provider is bound by their own privacy policy and data processing agreements.

---

## 4. Data Retention

We retain your account data for as long as your account is active. You may request deletion of your data at any time by contacting us (see Section 8). Anonymized analytics data may be retained for up to 26 months.

---

## 5. Children's Privacy

The App is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

---

## 6. Your Rights

Depending on your jurisdiction, you may have the right to:

- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing
- Data portability

To exercise any of these rights, contact us at the email address in Section 8.

---

## 7. Security

We implement industry-standard security measures, including encrypted data transmission (TLS) and secure credential storage (iOS Keychain / Android Keystore). However, no method of transmission over the internet is 100% secure.

---

## 8. Contact Us

If you have questions or requests about this Privacy Policy, contact us at:

**Email:** marianoksairi@gmail.com

---

## 9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy in the App or by email. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.
