Privacy Policy

Last updated: November 29, 2025

This Privacy Policy explains how we handle data when you use the Detach90 mobile application and related services.

Detach90 is operated by BRIGHT CODE HOLDINGS S.R.L., a company registered in Romania ("we", "us", "our"). If you have questions, contact privacy@brightcode.digital.

Detach90 is built with privacy in mind. Your personal reflections (like journal entries) are stored locally on your device and are not synced to our servers.

1. What this policy covers

This policy applies to:

• The Detach90 mobile app (iOS and Android)
• Any support or contact you have with us (for example by email)
• Our informational website at detach90.com

It does not cover:

• Apple App Store or Google Play Store (they have their own privacy policies)
• Any third-party sites you visit via links from Detach90

2. Our privacy-first approach

Detach90 is designed so that your most sensitive data stays on your device:

• Your journal entries, progress, and settings are stored locally on your phone
• We do not sync your journey/journal content to our servers
• We do not have access to the contents of your journal entries or reflections
• We do not require you to create an account

3. Data we collect

Because Detach90 stores your content locally, we collect limited information.

3.1 Data stored on your device only (not sent to us)

Stored only on your device:

• Journal entries and reflections
• Progress through the 90-day journey
• “No Contact” streak data
• Mission progress and completed exercises
• App preferences and settings

We cannot access or recover this data. If you delete the app or lose your device, this data may be lost. You may be able to recover it via device backups (e.g., iCloud/Android backups) depending on your settings.

3.2 Purchase and entitlement information (RevenueCat + Stores)

If you make a purchase, it is processed by Apple or Google. We use RevenueCat to manage purchases and determine entitlement status (whether you have Full Access).

RevenueCat and/or the Billing Providers may provide us with:

• Purchase/entitlement status (active/inactive)
• Store product/transaction metadata (such as product identifier)
• Pseudonymous identifiers used to link entitlement status to an app instance/device

We do not receive your full payment card details.

3.3 Analytics and usage data (PostHog)

We use PostHog to understand how the app is used so we can improve it (for example, which screens are viewed and whether users reach the paywall).

PostHog may receive:

• A pseudonymous app identifier (an anonymous ID generated by the app)
• Basic app interaction events (e.g., paywall viewed, purchase success/cancel/error, screen views)
• Basic device/app information (e.g., app version, OS version, device model, language/locale)
• Network information such as IP address may be processed by PostHog/hosting providers for delivering the service and security (we do not use this to identify you)

Important: We do not send journal text, free-form answers, or other sensitive user-generated content to PostHog.

3.4 Support and communication

If you contact us we collect:

• Your email address and any name you include
• The contents of your message
• Our replies and related notes needed to support you

3.5 What we do NOT collect

We do not intentionally collect:

• Your name or email (unless you contact us)
• Exact GPS location
• Contacts / address book
• Photos, videos, or media files on your device
• Apple Health / Google Fit data
• Government IDs
• Payment card numbers (handled by Apple/Google)
• The content of your journal entries or reflections (stored locally only)

4. How we use your data (and legal bases)

We use the limited data we access for:

Purchases and entitlements (RevenueCat / stores)

• Unlock Full Access after purchase
• Legal basis: performance of a contract

Analytics and app improvement (PostHog; bug reports; product decisions)

• Understand feature usage and improve the experience
• Legal basis: legitimate interests (improving the app, preventing abuse, ensuring reliability)

Support

• Respond to your requests and troubleshoot issues
• Legal basis: performance of a contract and/or legitimate interests

Legal obligations

• Comply with applicable laws (e.g., consumer protection)
• Legal basis: compliance with a legal obligation

We do not use your data for automated decision-making that has legal or similarly significant effects.

5. Third-party services

We use:

• Apple App Store / Google Play — distribution and in-app purchases
• RevenueCat — purchase verification and entitlement status
• PostHog — analytics (product usage events; no journal content)

These providers process data under their own privacy policies, and we choose reputable providers and limit what we send.

6. International data transfers

Your personal journey/journal content stays on your device and is not transferred by us.

Some service providers (e.g., RevenueCat, PostHog, email providers) may process certain data outside the EU/EEA. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) and other lawful transfer mechanisms.

7. How long we keep your data

On-device data: You control this. It remains until you delete the app or clear app data.

Support communications: Kept as long as needed to resolve your issue and maintain a basic support history, unless you request deletion and we have no legal reason to retain it.

Analytics (PostHog): Kept only as long as needed for analytics and product improvement, and we periodically review retention. You can request deletion (see Section 9).

Purchase records: We do not maintain our own purchase database. Purchase records are maintained by Apple/Google and RevenueCat as part of providing entitlement status.

8. Your rights

If you are in the EU/EEA, UK, or a region with similar laws, you may have rights including:

• Access
• Correction
• Deletion
• Restriction
• Objection
• Withdraw consent (where applicable)

For data stored locally on your device: you control it directly by deleting the app or clearing app data.

For data we may hold (support emails, analytics identifiers/events): contact privacy@brightcode.digital. We generally respond within 30 days. We may ask for information that helps us locate your analytics record (for example, your anonymous app identifier, if available).

You can also contact your local data protection authority. In Romania:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: https://www.dataprotection.ro/
Email: anspdcp@dataprotection.ro

9. Deleting your data

On-device data:

• Delete the Detach90 app, or
• Clear app data in device settings

This removes your journal entries, progress, and settings from that device.

Data we may hold (support emails, limited analytics data):

• Email privacy@brightcode.digital with your request.

10. Security

We take security seriously:

• Sensitive content stays on-device, protected by your device security
• We use HTTPS/TLS for communications with external services
• We use reasonable administrative/technical safeguards (e.g., access controls, MFA where available)

11. Children’s privacy

Detach90 is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

If you are under the minimum age required to consent to data processing in your country, you may use the app only with involvement/consent of a parent or guardian as required by law.

If you believe a child under 13 has used the app, contact privacy@brightcode.digital. Because most data is stored locally, deletion typically requires removing the app from the device.