LEGAL

Privacy Policy

Last Updated: March 22, 2026

Maureen ("we," "us," or "our") is a mental wellness toolkit designed to support individuals navigating body image and eating concerns. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using Maureen, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Account Information

  • Email address. Used to create and sign in to your account.
  • Password. Stored securely by our authentication provider (Supabase Auth); we never store or see your raw password.
  • Name or nickname. Entered during onboarding for personalization.
  • Pronouns. Optionally provided during onboarding.

1.2 Onboarding Responses

  • Reasons for using Maureen (optional). Selected from a predefined list during onboarding. These help us understand why you're here and develop tools better suited to your needs.

1.3 Mental Wellness Data

All of this data is self-reported by you — we do not access HealthKit, sensors, or any external data sources.

  • Daily mood entries. Mood labels recorded up to 4 times per day.
  • Exercise completions. Which exercises you complete and when.
  • Exercise-specific details. Depending on the exercise, this may include urge names, intensity ratings, technique selections, thought observations, ladder names, step descriptions, and distress ratings.

1.4 User-Created Content

  • Reflections. Optional free-text reflections after completing exercises. Stored on your device and backed up to our servers only if you choose to back up when signing out.
  • Letters to future self (Futures Mail). Title, body, and chosen delivery date. Futures Mail is an online-only feature — your letters are stored directly on our servers (not on your device) to ensure they are safely preserved and delivered on your chosen date, even if you reinstall the app or experience data loss.
  • Wall cards. Text entries you create and save. Stored on your device and backed up to our servers only if you choose to back up when signing out.
  • Safety plan. Your personal crisis resource list. Stored on your device and backed up to our servers only if you choose to back up when signing out.

1.5 Subscription Information

  • Plan selection and trial status. Managed through Apple's and Google's In-App Purchase systems. We record which plan you selected and your trial dates. We never see your payment method, credit card number, or account passwords.

1.6 Information Collected Automatically

When you use Maureen, certain technical information may be collected automatically by our third-party service providers:

  • Crash data (via Sentry). Device model, OS version, stack traces, and recent user actions leading to a crash. This data is not linked to your identity.
  • Device identifier (via RevenueCat). A random, anonymous identifier used solely for subscription receipt validation. Not used for tracking or advertising.

No browsing history, usage analytics, or behavioral tracking data is collected.

1.7 De-Identified Data

We may create aggregated or de-identified data by removing information that makes it personally identifiable. De-identified data is not personal information and is not subject to this Privacy Policy. We will not attempt to re-identify de-identified data.

1.8 Information We Do NOT Collect

  • Location data (GPS, IP-based geolocation)
  • Contacts or address book
  • Photos, videos, or camera access
  • Microphone or audio recordings (the app plays audio but never records)
  • Device identifiers for advertising (no IDFA)
  • Browsing history
  • Biometric data
  • Data from other apps on your device

2. How We Use Your Information

We use your information only to provide and operate Maureen's features and functionality. Specifically:

Purpose Examples
Provide app functionality Display your name in greetings, show your mood history, surface personal insights, track exercise completions, deliver your future letters on the date you chose
Backup & restore If you choose to back up when signing out, your data is saved to our servers and can be restored when you sign back in

We do not use your information for:

  • Advertising or marketing
  • Selling to third parties
  • Building user profiles for ad targeting
  • Training machine learning models
  • Analytics or behavioral tracking

3. How We Store and Protect Your Data

3.1 Architecture

Maureen uses a local-first architecture. Your data is stored on your device first in a local database. This means:

  • The app works fully offline — no internet required for moods, exercises, ladders, wall cards, or safety plan
  • Your data stays on your device unless you explicitly choose to back it up when signing out
  • Letters are the only feature that requires an internet connection, as they are stored on our servers to ensure delivery

3.2 Server Infrastructure

Our backend is hosted on Supabase (built on PostgreSQL), which provides:

  • Encrypted data transmission (TLS/HTTPS)
  • Row Level Security — database rules that ensure you can only access your own data
  • Authentication via industry-standard protocols

3.3 Data Isolation

Every database query is scoped to your authenticated user ID. Our database is configured with Row Level Security policies designed to ensure that users can only access their own data.

3.4 On-Device Security

Your local database is stored in the app's private sandboxed storage, which is protected by iOS/Android operating system security. If your device has a passcode or biometric lock, your app data is encrypted at rest by the operating system.

3.5 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you as required by applicable law. Where possible, we will notify you via the email address associated with your account.

4. Data Retention

Data type Retention period
Mood entries Retained on your device for up to 14 days and pruned when you next open the app. If backed up to our servers, server-side data persists until you delete your account
Exercise sessions Retained on your device for up to 14 days and pruned when you next open the app. If backed up to our servers, server-side data persists until you delete your account
Reflections Retained on your device for up to 14 days and pruned when you next open the app. If backed up to our servers, server-side data persists until you delete your account
Letters to future self Stored on our servers only (not on device). Kept until you delete them or delete your account
Ladders & steps Stored on your device until you delete them. If backed up to our servers, server-side data persists until you delete your account
Wall cards Stored on your device until you delete them. If backed up to our servers, server-side data persists until you delete your account
Safety plan Stored on your device until you delete them. If backed up to our servers, server-side data persists until you delete your account
Account info Kept until you delete your account

The 14-day retention limit on mood and exercise data exists by design — Maureen is a support tool, not a surveillance tool. We keep only enough recent history to show you relevant insights. Data on your device is pruned after 14 days the next time you open the app. Data on our servers is retained for backup and restore purposes and is permanently deleted when you delete your account.

5. When You Sign Out or Delete Your Account

Sign Out

When you sign out, you are given the option to back up your data to our servers before signing out. If you choose "Back Up & Sign Out," your recent data is synced to our servers so it can be restored when you sign back in. If you choose "Just Sign Out," all data is immediately deleted from your device without backing up — any data not previously synced will be lost. In either case, your account remains active — you can sign back in at any time with your existing credentials.

Account Deletion

You can delete your account from within the app's settings. This will:

  1. Delete all data associated with your user ID from our servers
  2. Delete your authentication credentials
  3. Remove all local data from your device

After deletion, your data cannot be recovered. You may also contact us at support@maureen.care to request account deletion.

Important: Deleting your account does not automatically cancel your App Store or Google Play subscription. You are responsible for cancelling your subscription separately through your device's subscription settings to avoid continued billing.

6. Third-Party Services

We use the following third-party services:

Service Purpose Data shared Privacy policy
Supabase Authentication, database hosting Email, all app data (encrypted in transit) supabase.com/privacy
Apple (In-App Purchase) Subscription billing (iOS) Payment handled entirely by Apple — we never see payment details apple.com/privacy
Google (In-App Purchase) Subscription billing (Android) Payment handled entirely by Google — we never see payment details policies.google.com/privacy
RevenueCat Subscription management Purchase history, subscription status, anonymous device identifier. Not used for tracking or advertising revenuecat.com/privacy
Sentry Crash reporting Crash logs (stack traces, device model, OS version). No personal data, not linked to identity sentry.io/privacy

We do not use:

  • Analytics services (no Mixpanel, Amplitude, Firebase Analytics, etc.)
  • Advertising networks
  • Data brokers
  • Social media SDKs

7. Children's Privacy

Maureen is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your data — request a copy of all data we hold about you
  • Correct your data — update inaccurate information
  • Delete your data — request account and data deletion (see Section 5)
  • Export your data — request a portable copy of your data

To exercise any of these rights, contact us at support@maureen.care.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on our website with an updated "Last updated" date at the top of this policy. We encourage you to review this policy periodically.

Your continued use of Maureen after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or your data:

Email: support@maureen.care

11. Additional Rights for U.S. State Residents

This section applies to residents of California (under the CCPA/CPRA), Colorado, Connecticut, Virginia, and other U.S. states with comprehensive privacy laws. These rights are in addition to those described in Section 8.

11.1 Categories of Personal Information Collected

We collect the categories of personal information described in Section 1, which include: identifiers (name, email address), sensitive personal information (mental wellness data, pronouns, reasons for using the app), user-generated content (reflections, letters, wall cards, safety plan entries), and commercial information (subscription status).

11.2 Do Not Sell or Share My Personal Information

We do not sell and do not share your personal information as those terms are defined under the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months. We do not engage in cross-context behavioral advertising. Because we do not sell or share personal information, no opt-out is required — but you may still contact us at support@maureen.care with any concerns.

11.3 Your Rights

Depending on your state of residence, you may have the right to:

  • Right to know. Request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom it is disclosed.
  • Right to delete. Request deletion of your personal information (see Section 5 for how to delete your account and data).
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt-out of sale or sharing. We do not sell or share your personal information, so this right does not apply. See Section 11.2.
  • Right to limit use of sensitive personal information. We use sensitive personal information (mental wellness data, pronouns) only to provide the app's core functionality, which is a permitted use under the CCPA/CPRA.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

11.4 How to Submit a Request

To exercise any of the rights above, contact us at support@maureen.care. We will verify your identity before fulfilling a request, typically by confirming ownership of the email address associated with your account. We will respond within the timeframe required by applicable law (45 days under the CCPA/CPRA, with extensions as permitted).

11.5 Other State Privacy Laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to access, delete, and correct personal information, and to opt out of targeted advertising, profiling, and sale of personal data. None of these activities apply to Maureen. To exercise any rights under your state's law, contact us at support@maureen.care