Let's talk
Back to home

Privacy Policy

Privacy Policy — Face it! & Mindful Pause
Effective date: 6 May 2026

This Privacy Policy explains what data we collect when you use Face it! and Mindful Pause, how it is used, and the rights you have over it.

1. Data We Collect

We collect the following categories of data:

Account & Identity

  • Email address (for all sign-in methods)
  • Apple or Google account information (for sign-in)
  • Anonymous Firebase user ID for users who haven't signed up yet

App Usage & Content (linked to your account)

  • Chat conversations with the AI coach
  • Fear profile data you share with the app (core fears, triggers, excuses, avoidance patterns, goals)
  • Reflection journal entries
  • Fear ladder entries and progress (steps, anxiety readings)
  • Mood check-in entries
  • Streaks, completed challenges, breakthrough moments

Voice Messages (Microphone)

When you tap the microphone button to send a voice message, your audio is recorded locally on your device, then transmitted to our servers and forwarded to OpenAI's Whisper API for transcription. The audio is processed in memory only and is not retained on our servers after transcription. The resulting text is stored as part of your chat history.

Health-Related Data (Sensitive — GDPR Art. 9)

Conversations and profile data inevitably contain references to mental and emotional health. We process this data with explicit consent (see Section 8) and only for the purposes stated below.

Subscription & Purchase Data

  • Subscription status (active, trialing, expired) provided by Apple StoreKit
  • Product identifiers of subscriptions purchased
  • Used both for unlocking premium features in-app and for measuring marketing-campaign effectiveness (see "Advertising" below)

Marketing Attribution Data

  • When you visit getfaceit.com from an advertisement, we record UTM parameters (source, medium, campaign), browser referrer URL, user-agent string, and a randomly-generated session ID.
  • When you install the app via Apple Search Ads, iOS provides an attribution token via the AdServices framework, which we exchange with Apple for campaign metadata.
  • These data points are linked to your user account once you sign up.

Advertising Identifier (with your consent)

  • If you grant permission via Apple's App Tracking Transparency prompt, we share your device's advertising identifier (IDFA) with Meta Platforms, Inc. for ad-effectiveness measurement.
  • Without consent, we share aggregated, privacy-preserving conversion data only via Apple's SKAdNetwork.

Technical Data

  • Device model, OS version, app version
  • Crash reports and stability diagnostics

2. How We Use Your Data

Core App Functionality

  • Generate personalised AI coach responses
  • Build and update your fear profile so the coach references your patterns over time
  • Generate fear ladders, daily reflection prompts, push notifications
  • Track your progress, streaks, and breakthrough moments

Crisis Detection (on-device)

  • Your typed messages are scanned locally on your device for language patterns suggesting a mental-health crisis (e.g. references to self-harm or suicide). This scan never leaves your device.
  • When such language is detected, the app immediately shows you 24/7 crisis hotlines and switches the AI's response for that single message to a warm, supportive tone.
  • We do not log which keywords matched. Your message is then transmitted to our AI provider on the same path as any other chat.

Personalised Push Notifications

  • We use your conversation history, fear profile, and recurring patterns to generate one personalised daily push notification per user. This is processed via OpenAI on a Firebase Cloud Function.
  • You can disable individual notification categories (or all) anytime in Settings → Notifications.

Marketing & Advertising

  • We use Meta Platforms' App Events SDK to measure which ad campaigns drive sign-ups and subscriptions. Events shared with Meta include: app installs, paywall views, free-trial starts, subscription purchases, and product identifiers.
  • This requires your consent via Apple's App Tracking Transparency prompt. You can revoke at any time in iOS Settings → Privacy & Security → Tracking → Face it!.
  • We do not sell your personal information. We do share specific events (listed above) with Meta for ad attribution.

3. Third-Party Services / Subprocessors

We use the following providers. By using the app you agree to their respective privacy policies.

Firebase (Google Ireland Limited)

  • Authentication, Firestore database, Cloud Functions, Cloud Messaging
  • Region: europe-west1 (Belgium)
  • privacy.google.com

OpenAI (OpenAI, L.L.C.)

  • AI chat responses (GPT-4o-mini / GPT-4o)
  • Voice transcription (Whisper-1)
  • Pattern analysis (server-side conversation summarisation)
  • Data processing region: United States. By using our app you consent to this transfer under GDPR Standard Contractual Clauses.
  • openai.com/policies/privacy-policy

Apple Inc.

  • Apple Sign-In, StoreKit, App Tracking Transparency, AdServices (Apple Search Ads attribution)
  • apple.com/legal/privacy

Google LLC

Meta Platforms, Inc.

  • App Events SDK (advertising measurement, with your consent)
  • Receives: install events, paywall views, trial starts, subscription purchases, IDFA (only with ATT consent)
  • facebook.com/privacy/policy

4. Storage & Retention

Data is stored on Google Cloud Platform infrastructure in europe-west1 (Belgium) and transmitted over HTTPS/TLS.

Retention periods:

  • Chat history older than 90 days may be automatically archived or deleted.
  • Voice message audio is not retained after transcription.
  • Marketing-attribution events are retained up to 24 months for campaign analysis.
  • Crash diagnostics are retained up to 90 days.
  • Account data is deleted within 30 days after you delete your account.

Subprocessors may have their own retention periods. OpenAI retains API request logs for up to 30 days for abuse-monitoring purposes.

5. Your Rights (GDPR)

If you are based in the EEA, you have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time.

6. Account Deletion

You can delete your account directly from the app's Settings. Once requested, your data will be permanently deleted within 30 days.

7. Contact

For privacy questions or to exercise your rights, contact us at sergej@mindcom.io.

8. Lawful Basis for Processing (GDPR Art. 6 & 9)

Account & app usage data: Performance of the contract (Art. 6(1)(b)) between you and us as defined by the Terms of Service.

Health-related sensitive data (Art. 9): Explicit consent (Art. 9(2)(a)). By signing up and using the app you consent to the processing of mental-health-related content for the purposes described above. You can withdraw consent any time by deleting your account.

Crisis-detection keyword scan: Vital interest (Art. 6(1)(d)) and explicit consent. The scan happens entirely on your device.

Marketing and attribution: Consent (Art. 6(1)(a)) via Apple's App Tracking Transparency prompt. You can withdraw at any time without affecting other app functionality.

Crash diagnostics: Legitimate interest (Art. 6(1)(f)) in app stability and quality.

9. Minimum Age

Face it is intended for users aged 17 and over. We do not knowingly collect data from users under that age. If you become aware that a person under 17 has provided us with personal data, please contact sergej@mindcom.io and we will delete it.