legal

Privacy Policy

Last updated: October 8, 2025

Your privacy matters. This Privacy Policy explains what information Reflecta ("we", "our", "us") collects, how we use it, and the choices you have. This is a plain-language draft suitable for App Store submission and will be refined with legal counsel.

Scope

This policy applies to our mobile and web apps, websites, customer support, and related services (collectively, the "Service"). It does not cover third-party sites or services that we do not control.

Information We Collect

Account Information – name, email, authentication identifiers.
App Usage Data – analytics, diagnostics, crash logs, feature usage, session duration.
Content You Create – journal entries, reflections, and coaching conversations.
Subscription & Payment Metadata – handled securely by our payment providers.
Automatically Collected Data – device identifiers, IP address, browser type, operating system, cookies, and similar technologies used for analytics and security.

How We Use Information

To provide, maintain, and improve the Reflecta experience.
To personalize content such as coaching suggestions, reminders, and insights.
To communicate about updates, security notices, and support.
To detect, prevent, and address technical or security issues.
To comply with legal obligations and enforce our Terms of Service.

Legal Bases (EEA / UK)

Where required by law, we rely on one or more of the following legal bases: performance of a contract – to deliver the Service; legitimate interests – to secure, improve, and understand the Service; consent – for analytics, notifications, and optional features; and compliance with legal obligations.

Sources of Information

Directly from you when you create an account or use app features.
Automatically from your device or browser through cookies and similar technologies.
From third parties such as app stores and payment processors that assist us in delivering the Service.

Data Storage and Security

We use trusted cloud providers and industry-standard security practices. Access to personal data is restricted to authorized personnel and systems required to operate the service.

Data Sharing and Third-Party Processors

We do not sell your personal information. We may share limited data with service providers under contracts that protect your privacy. Examples include:

Hosting & Infrastructure: Google Cloud Platform, Vercel
Analytics & Diagnostics: PostHog, Firebase
Payments & Subscriptions: Stripe, RevenueCat
Customer Support & Email: Resend / Gmail

All third parties are required to use your information only as necessary to provide their services to us and consistent with this Policy.

AI and Your Data

We use AI models to power coaching experiences. Unless explicitly stated and consented to, your personal data is not used to train generalized AI models. Data may be processed to provide your individual experience and to improve model quality through evaluation and safety mechanisms subject to strict access controls.

Your Choices and Rights

Access, update, or delete your account data where available in the app.
Request a copy or deletion of your data by contacting support.
Control notification preferences within system and app settings.

Depending on your region, you may also have rights to object to or restrict processing, and to portability. We will verify requests and respond within applicable timeframes.

Children’s Privacy

Reflecta is not directed to children under 13. If we learn we have collected personal information from a child under 13, we will take steps to delete such information.

International Transfers

Your data may be processed in countries outside your own. When transferring data internationally, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

Retention

We retain personal data only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by category and context.

Security

We implement administrative, technical, and physical safeguards to protect personal data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Tracking Technologies

We may use cookies, device identifiers, and similar technologies to operate the Service, remember preferences, and understand usage. You can control certain tracking via device or browser settings.

Analytics and Diagnostics

We use privacy-conscious analytics and diagnostics to understand aggregate usage and stability. Where required, we obtain consent or provide opt-out mechanisms.

Push Notifications

With your permission, we send notifications such as prompts and reminders. You can change notification settings at any time in your device or app preferences.

Health and Sensitive Data

Reflecta is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease. Do not submit protected health information unless you are comfortable with our processing as described here.

Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be posted at https://www.reflecta.so/privacy with an updated “Last Updated” date. Material changes will be communicated in-app or by email where appropriate.

Questions or Complaints

If you have concerns about our data practices, contact us first so we can help. You may also have the right to lodge a complaint with your local supervisory authority.

Contact Information

Acta Ventures UG (haftungsbeschränkt)

Huferhof 36

51515 Kürten

Germany

Managing Director (Geschäftsführer): Louis Morgner

Email: reflecta@acta.so

European users may contact us at this address for GDPR-related inquiries or complaints. You may also have the right to lodge a complaint with your local supervisory authority.

Effective Date

This Privacy Policy is effective as of October 8, 2025 and supersedes all previous versions.