Privacy Policy

Last updated: May 9th 2026

This is the privacy policy for MENtality ("the app", "we", "us"), a self-help iOS app published by Nexcode Agency ("we"). The app helps men reduce compulsive porn and doomscroll habits by combining trigger tracking, opt-in iOS Screen Time blocking, and an AI coach grounded in their own logged data.

If you have questions about anything in this policy, contact us at hello@men-tality.app.

1. What this policy covers

This policy describes:

• What information MENtality collects from you and your device

• How and where it is stored

• Who else (if anyone) sees it

• What rights you have over it

It does not cover websites or services you reach by tapping links inside the app — once you leave MENtality, the privacy practices of those services apply.

2. Information we collect

2.1 Account information

When you sign in, we collect either:

• Your email address and password (Supabase Auth), or

• A Sign in with Apple identifier (which may be a private relay email if you chose "Hide My Email")

We use this only to identify your account. We do not send marketing email.

2.2 Information you give us

During onboarding and ongoing use, you may provide:

• Your name (used for greetings and AI Coach personalisation)

• Your age range, problem duration, baseline self-ratings, and goals as part of the onboarding intake

• Urge logs and journal entries — date, intensity, optional notes

• Mood and trigger tags attached to logs

• Habit / protocol names and streak history

• Challenge progress

• Profile photo (optional, selected from your photo library)

• Group chat messages, sticker reactions, and circle invites if you join an accountability circle

• Reports of other users' messages if you report content in a circle

2.3 Screen Time aggregate data

If you grant Screen Time / Family Controls authorization, MENtality reads aggregate usage statistics from iOS for the apps, categories, and websites you select.

Important Apple privacy boundary: Apple's Family Controls API returns these statistics in a privacy-isolated form. We can render the icons and names of the selected apps inside a SwiftUI extension provided by iOS, but we cannot extract those names or icons back into the main app or send them to our backend. What we send to our backend is only aggregate daily-average minutes per scope (apps, categories, websites) — never per-app names, never the specific app or website you used.

You can revoke Screen Time access at any time from iOS Settings → Screen Time → Apps with Screen Time Access.

2.4 Usage analytics

We use PostHog to capture product analytics — which screens you view, which features you tap, onboarding step completion, paywall events. PostHog is configured in app-functionality / analytics mode and does not perform cross-app or cross-website tracking. We do not use IDFA. The data is linked to your account user ID for cohort analysis.

2.5 Crash and performance diagnostics

We use Sentry to capture crash reports, stack traces, performance metrics, and breadcrumb logs to fix bugs. These reports may include your account user ID and the device model / iOS version, but never your journal text, AI chat content, or Screen Time data.

2.6 Subscription and payment

In-app purchases are processed by Apple's StoreKit and managed through Superwall. We never receive your card details. We see only an anonymous installation receipt that tells us whether you have an active subscription.

2.7 Push notifications

If you opt in to push notifications, your device's APNs push token is stored against your account so we can send risk-window alerts, daily reminders, and circle-message notifications. Tokens are removed when you sign out.

3. How we use your information

We use what we collect to:

• Provide the core app experience (logging, blocking, dashboards, challenges)

• Personalise the AI Coach's responses to your specific patterns

• Detect risk windows and surface in-app alerts before peak-risk hours

• Operate group accountability circles

• Improve the app via aggregate product analytics

• Diagnose crashes and bugs

• Process your subscription via Apple

We do not:

• Sell your data to third parties

• Use your data for cross-app advertising or attribution

• Target advertising based on your mental-health context

• Train AI models on your conversations

4. The Observer AI Coach (Google Gemini)

The Observer is a conversational self-help coach powered by the Google Gemini API. It is not a medical or mental-health professional. AI responses are for informational and motivational purposes and are not therapy, diagnosis, or treatment.

4.1 What's sent to Google

When you converse with The Observer, we send to Google's Gemini API:

• Your messages and conversation history

• Your display name and identity self-assignment

• Your habit / protocol names and streak counts

• The 10 most recent activity logs (status, mood, triggers, optional notes)

• Your active challenges (name and progress)

• Your onboarding intake (age range, problem duration, baseline ratings, stated goals, optional screen-time digest summary)

4.2 Google's commitments

Per the Gemini Developer API terms, Google does not retain your messages and does not use them to train AI models. Google processes the data only to generate the response and discards it.

4.3 Your control

The Observer is gated behind a separate, explicit consent modal. You can withdraw consent at any time from Settings → Privacy & Security. After withdrawal, AI features become unavailable but every other part of the app continues to function.

4.4 Crisis disclaimer

If you are in crisis or thinking about harming yourself, please contact a trained responder:

• United States: call or text 988 (Suicide & Crisis Lifeline)

• United Kingdom: call 116 123 (Samaritans)

• International: findahelpline.com

The app surfaces a Crisis support → link inside the AI Coach screen that opens this list.

5. Where data lives and who sees it

6. How long we keep your data

• Active accounts: for as long as your account exists

• Deleted accounts: all personal data is removed within 30 days of deletion, except where retention is required by law

• Crash reports: retained for 90 days then aggregated and anonymised

• Analytics events: retained for 2 years at the row level, longer at the aggregate level

7. Your rights

You can:

• Access your data at any time via the in-app screens

• Edit or delete logs, journals, profile data, and chat sessions from inside the app

• Withdraw AI consent from Settings → Privacy & Security

• Revoke Screen Time from iOS Settings → Screen Time

• Delete your account and all associated data from Profile → Delete account

• Export your data by emailing us at hello@men-tality.app

If you are in the EU / EEA / UK, you also have rights under the GDPR including the right to data portability, the right to lodge a complaint with your local supervisory authority, and the right to object to processing.

If you are in California, you have rights under the CCPA / CPRA including the right to know, the right to delete, and the right to non-discrimination for exercising those rights. We do not sell or share personal information as those terms are defined by California law.

8. Children

MENtality is intended for users 17 and older and is not directed at children. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, contact us at hello@men-tality.app and we will delete the account.

9. Changes to this policy

We may update this policy from time to time. The Last updated date at the top reflects the current version. Substantive changes will be communicated in-app or via email. Continued use after a change constitutes acceptance.

10. Contact us

For questions, requests, or to exercise any of the rights described above:

hello@men-tality.app