Privacy Policy

This Privacy Policy explains how Xavier Bakker ("we," "our," or "us") collects, uses, stores, and shares information when you use the MENtality mobile application and related services (the "Service").

By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect only the data necessary to operate and provide the Service.

1.1 Information You Provide

Depending on how you use the Service, you may provide:

Account information such as email address and authentication credentials

Profile information, onboarding responses, and personal preferences

Journal entries, habit logs, reflections, and self-reported information

Messages and content submitted through chat, coaching, or community features

Mood ratings, triggers, and personal notes recorded through daily check-ins

Feedback or support messages you choose to send

You are not required to provide information beyond what is needed to use the core features, and you control what data you choose to enter.

1.2 Automatically Collected Information

We collect limited technical data required for functionality and reliability, including:

Device type, operating system, and app version

Basic diagnostic and performance data

Push notification tokens, if notifications are enabled

We do not collect precise location data.

2. How We Use Your Information

We use personal data strictly to operate the Service, including to:

Create and manage user accounts

Enable journaling, habit tracking, challenges, and community features

Provide insights, summaries, and app functionality

Process subscriptions and in-app purchases

Send reminders and service notifications (if enabled)

Respond to support requests

Maintain security and prevent misuse

We do not use personal data for advertising, profiling, or cross-app tracking.

3. AI Features and Third-Party Data Sharing

3.1 The Observer (AI Coach)

The Service includes an AI-powered coaching feature called "The Observer." The Observer is powered by Google Gemini, a third-party AI service operated by Google LLC.

Before any data is shared with Google Gemini, we obtain your explicit consent. When you first access The Observer, the app presents a data sharing consent disclosure that explains exactly what data will be sent, who it is sent to, and how it is used. You must affirmatively agree before any data is transmitted to Google. If you decline, The Observer AI features are disabled, but all other features of the app continue to work normally.

3.2 What Data Is Sent to Google Gemini

When you consent to use The Observer, the following data may be sent to Google's servers for processing:

Your messages and conversation history with The Observer

Your display name and identity level

Protocol (habit) names, streak counts, and progress data

Recent activity logs, including mood ratings, triggers, and personal notes

Active challenge names, descriptions, and progress

This data is sent solely to generate personalized coaching responses and insights. It is transmitted on a per-request basis when you interact with The Observer.

3.3 How Google Gemini Processes Your Data

Google processes this data according to their applicable AI and privacy terms. We do not permit Google or any third-party AI provider to use your data to train their models for independent or unrelated purposes. MENtality does not sell your data.

3.4 Your Control Over AI Data Sharing

You have full control over whether your data is shared with Google Gemini:

Consent is required before sharing. No data is sent to Google Gemini until you explicitly agree via the in-app consent disclosure.

You can withdraw consent at any time. Navigate to Settings → Privacy & Security and toggle off "Share data with Google Gemini." A confirmation prompt will appear before consent is revoked.

You can re-enable consent at any time. If you previously declined or withdrew consent, returning to The Observer will present the consent disclosure again, allowing you to review and agree if you choose.

Declining or withdrawing consent disables only AI features. All other app features — including journaling, habit tracking, challenges, community circles, and notifications — continue to function normally....

Declining or withdrawing consent disables only AI features. All other app features — including journaling, habit tracking, challenges, community circles, and notifications — continue to function normally.

3.5 AI-Generated Risk Insights

The Service may use AI to generate personalized insights related to patterns and risk windows based on your activity data. These insights are generated using the same third-party AI service (Google Gemini) and are subject to the same consent requirement described above. If you have not consented to AI data sharing, risk insights are computed locally on your device using non-AI methods.

4. Community, Circles, and Sharing Controls

4.1 Circle Groups

If you choose to join circle groups with friends or other users:

You control what information you share in each circle

Only data you explicitly choose to share is visible to other members

Private journal entries and personal logs remain private by default

We do not share your personal data with other users unless you choose to do so.

4.2 Challenges

For challenges and public participation features:

Only minimal information is visible to other users

This is limited to your nickname and the number of days completed

No journal content, habit details, or sensitive personal data is shared

5. How We Share Information

We do not sell personal data.

We may share information only in the following situations:

With service providers that help operate the Service (such as hosting, authentication, payments, and notifications)

With Google LLC (via Google Gemini) for AI processing, only when you have provided explicit consent as described in Section 3

With other users, only when you explicitly choose to share data through community features

When required by law or to protect the rights, safety, and integrity of the Service

6. Third-Party Services

Cloud hosting and data storage: Supabase (database, authentication, and edge functions)

Authentication: Supabase Auth, Apple Sign-In

 In-app purchases and subscription processing: Apple App Store (StoreKit)

Subscription and paywall management: Superwall, Inc. — receives your user identifier, app usage level, and progress attributes to manage subscription offerings and personalized paywall experiences

Push notifications: Expo Notifications (scheduled and delivered locally on your device)

AI processing: Google Gemini, operated by Google LLC — only with your explicit consent, as described in Section 3

Email delivery: Resend, Inc. — used solely to deliver support and feedback emails you choose to submit

These providers process data only on our behalf and in accordance with their respective privacy policies and applicable laws. We do not permit these providers to use your data for their own independent purposes.

7. Health and Sensitive Data

The Service involves mental wellness, habit tracking, and personal reflection. Data you provide — including mood ratings, triggers, personal notes, and journal entries — may be considered sensitive.

We do not use health-related or sensitive personal data for advertising, tracking, or marketing purposes. When such data is processed by AI features, it is done only with your explicit consent and solely to provide the coaching and insight functionality described in Section 3.

8. Data Retention and Minimization

We collect only data that is necessary for the Service to function.

Personal data is retained only as long as required to:

Provide the Service

Comply with legal obligations

Maintain security and integrity

Conversation data with The Observer is stored to maintain your conversation history and provide continuity. If you delete your account, this data is removed as described in Section 9.

9. Account Deletion and Data Removal

You can delete your account directly from the Profile section in the app.

When you delete your account:

Your personal data is removed or anonymized within a reasonable period

Your AI consent preferences are deleted

Temporary backup copies may persist for security or legal compliance purposes

10. Your Rights

Depending on your location, you may have the right to:

Access your personal data

Correct inaccurate information

Request deletion of your data

Withdraw consent for AI data sharing (at any time via Settings → Privacy & Security)

Withdraw consent where otherwise applicable

Requests can be made by contacting us at: hello@men-tality.app

11. Children's Privacy

The Service is not intended for children under the age of 13 (or under 16 where required by law). We do not knowingly collect personal data from children.

12. Security

We apply reasonable technical and organizational safeguards to protect personal data, including encryption in transit and at rest. No system is completely secure, and absolute security cannot be guaranteed.

13. International Data Processing

Your information may be processed in countries other than your own, including in the United States (where Google LLC processes AI requests). Where required, appropriate safeguards are applied.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date will be updated accordingly. If we make material changes to how we share data with third parties, we will notify you through the app.

15. Contact

If you have questions about this Privacy Policy, contact:

Email: hello@men-tality.app