Privacy Policy

1. Information We Collect

When you use Innie, we collect the following types of information:

Information You Provide Directly: When you create an account, we collect personal identifiers such as your name, email address, and password. These are used for account creation, login, and to personalize your experience. If you contact customer support or communicate with us, we will collect the information you provide in those interactions as well.

Innie Entries and Content: The core of Innie is enabling you to create and submit personal content. We store the entries, responses, voice recordings, images, or other content you input into the app. This user-generated content is kept private by default and tied to your account so that you can access it across your devices. For example, if you record an audio journal entry, we will store the audio (and may transcribe it to text for search or analysis). If you respond to prompts via multiple-choice or text, those responses are saved in your journal. This content may include personal reflections or information about your life – we treat it as sensitive and private data. (See "How We Use Information" and "How We Share Information" for details on protections.)

Analytics and Usage Data (Collected Automatically): When you use Innie, we automatically collect certain information about your device and how you use the app. This includes:

• Device Information: such as your device model, operating system version, unique device identifiers, and device language/region settings.
• Log and Usage Data: such as timestamps of app use, pages or screens visited, features used, prompts answered, clicks and navigation within the app, and error/crash reports.
• IP Address and Network: which may infer your general location (e.g. city or country).
• Cookies or Similar Technologies: Innie may use local storage or cookies-equivalent for things like maintaining your session or preferences. (On iOS, this could include technologies analogous to cookies within the app).
• Analytics Data: We may integrate third-party analytics tools (e.g., for crash reporting or usage analytics) which collect data about app performance and user interactions. These tools might collect device identifiers or advertising identifiers, but we do not use them to track you across other apps without permission. All analytics collection will be disclosed and done in compliance with Apple's policies.

We collect this data to ensure the app works correctly, to understand usage patterns, and to improve our Service. According to Apple's guidelines, we only collect data that is relevant to the functionality of the app and we are transparent about it.

Information from Third-Party Services: Currently, Innie does not integrate with third-party login or social media platforms. If in the future we offer an option like "Sign in with Apple" or others, we would collect information from those services (like a name or email) with your permission. We will update this Policy if such features are introduced.

Note: We do not collect any sensitive personal data that is not necessary for the app's core purpose. For example, we do not access your contacts or photos without your request, and we do not collect financial information (since the app currently does not involve purchases). If in future we request access to something like your microphone (for voice journaling) or camera, it will be solely to provide that feature and we will ask your permission via the OS prompts. We will never record audio or video without your consent and without indicating that recording is active.

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain the Service: We use your account data to log you in and let you use Innie across devices. We store your journal entries and other content in the cloud so that you can access them anytime and so that they are backed up. Your data enables core features like viewing past entries, analyzing your inputs, and providing you with new prompt suggestions or reflections based on your history.
• To Personalize Your Experience: Innie may use your past entries and responses to personalize the prompts or content you see. For example, if you often write about a particular topic, the app might adjust and suggest related reflection prompts. Personalization might also include remembering your preferences, such as app settings or the last section you were in.
• To Analyze and Improve the Service (Analytics): We use usage and analytics data to understand how users interact with Innie. This helps us identify what features are used most, diagnose issues, and make improvements. For instance, we might analyze that a certain prompt is very engaging for users, so we create more like it. Or we see drop-offs at a certain tutorial step, indicating we should refine it. We ensure any third-party analytics tools we use provide the same level of data protection as our own policies require. All analytics and improvement efforts are aimed at making Innie better for users.
• To Develop New Features: Innie may leverage modern AI and machine learning techniques to offer features like smart prompts, summaries of your mood or themes over time, or chatbot-like interactions that help you reflect. To accomplish this, we might use your responses to train or fine-tune our algorithms. For example, we could use aggregated, anonymized data from many users' journals to improve an AI model that suggests helpful feedback or next questions. We may also run AI analysis on your individual data (with software) to generate personalized insights for you. Rest assured that if we use your content to develop these features, it's primarily processed by machines, and we take steps to maintain your privacy (e.g. removing identifiers). Using data for improving AI is considered part of improving the service and is done under strict privacy safeguards. If we ever wanted to use your identifiable journal content for any purpose beyond improving our service (for example, publishing it), we would seek your permission.
• To Communicate with You: We might use your contact information (email) to send you service-related communications. This includes verification emails, password reset assistance, notifications about new features or updates to the app, or customer support responses. If you opt in, we may also send occasional promotional emails or newsletters about Innie's content or offers; you can opt out of these at any time. We will not spam you – communications will be reasonable in frequency.
• For Security and Fraud Prevention: We may use data (like device information, logs) to monitor for suspicious activity and to protect the security of our users and systems. This includes detecting and preventing fraud, abuse, or unauthorized access to accounts.
• To Enforce Our Terms and Comply with Law: Information may be used to enforce our Terms and Community Guidelines (for example, investigating a reported violation) and to comply with legal obligations. If we are required by law to retain or disclose certain data (for example, a valid subpoena), we will do so as needed (see "Legal Compliance" under sharing). We may also use your information to assert our legal rights or defend against legal claims.
• Other Purposes with Your Consent: If we want to use your information for a purpose not covered by the above, we will explain it to you and, if required, ask for your consent. For instance, if we ever consider using your personal data in a new way (perhaps partnering with a research institution for a study on journaling benefits), we would let you know and you'd have the choice to participate or not.

We will not use your personal information for any purpose that is not compatible with the purposes described above without your permission. In line with Apple's privacy principles, we practice data minimization (only using what is needed for the task at hand). We do not use any personal data we collect to profile you in a way that is unrelated to journaling or mental wellness without consent, and we do not engage in any form of selling or exploiting your personal information in a way that would be unexpected to you without giving you a choice.

3. How We Share Your Information

We understand your journal data is sensitive, and we treat it with care. There are limited situations where we share information, as outlined below:

• With Service Providers (Processors): We use trusted third-party companies to help us operate Innie. For example, cloud hosting providers (to store and sync your data), database services, analytics services, email delivery services (to send verification or support emails), and possibly AI service providers. These third parties only process data on our behalf and under our instructions. We ensure that any service provider we use is obligated to protect your information with strong security and confidentiality standards, and to use it only for the specific services they provide to us. For instance, if we use a cloud service to store data, that provider cannot access or use your data for their own purposes. Any third party that receives user data will provide equal protection of user data as we promise in this Privacy Policy.
• Within Our Corporate Group: If Innie is provided by a company that has affiliates or subsidiaries, we may share data with our affiliated entities for similar purposes as described in this policy. (For example, if "Innie, Inc." has a subsidiary that assists in analytics or development, that subsidiary might handle data under the same privacy commitments.) All such internal sharing is subject to these same privacy safeguards.
• For Analytics and Improvement (Third-Party Analytics): As noted, we may share certain non-personal or pseudonymized data with analytics providers (like crash reports to a service, or aggregated usage statistics). This isn't "selling" your data; it's using third-party tools to improve our app. We ensure these providers do not use your data for other purposes and that they adhere to privacy requirements. If any analytics tool collects data that could be linked to you, we will mention it here and ensure it's allowed by law or with your consent. For example, Apple's guidelines allow sharing app data with third parties strictly to improve the app or serve ads, provided users are informed and (for tracking across apps) have given permission.
• For AI and Research: We might share anonymized or aggregated data with research partners or use it publicly in an aggregated form. For example, we could release a report like "X% of Innie users reported higher mood after 30 days of journaling" – this would never identify any individual. If we collaborate with researchers or developers to improve our AI models, they might have access to anonymized data sets. We will not share your personally identifiable journal entries with outside researchers unless you explicitly opt in to a study.
• Business Transfers: If Innie (or the company that runs Innie) is involved in a merger, acquisition, investment, financing, reorganization, bankruptcy, or sale of all or some of its assets, your information may be transferred as part of that transaction. We reserve the right to sell or transfer user data in these contexts, as it may be considered an asset of the business. If such a transfer occurs, we will require the new owner to continue to honor your rights and this Privacy Policy (including any prior consents). We will notify you (for example, via email or a notice in the app) of any change in ownership or uses of your personal information, as required by law.
• Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid legal requests (such as a subpoena, court order, or government demand). We may also share information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request. For example, if law enforcement provides a lawful order to access certain data due to an investigation, we will comply after verifying the request. We will only provide the minimum necessary data and will notify you of such requests when permissible. Apple's guidelines also emphasize that user data should be handled lawfully and not be shared without legitimate reasons.
• With Your Consent: Apart from the above cases, we will only share your personal information with third parties if you give us consent to do so. For instance, if in the future Innie introduces a feature to connect with a third-party app (like sending an entry to a health app or a therapist), we would do so only with your request or approval. We might ask for your consent to share certain info for a specific purpose (like participating in a testimonial or case study). You are free to decline such requests.
• Sharing of Content You Choose to Share: If the app allows you to share certain journal entries or content with others (for example, exporting an entry to social media or sharing with a friend), then obviously we will facilitate that sharing at your direction. By default, entries are private, but if you take an action to share, you understand that the content will go to the recipients or platform you choose. Innie may provide features (like "Share" buttons) that make it easy to distribute content; using those features means you consent to sharing that content and possibly some basic profile info needed for the context (for example, if you share via a social network, we might share your username or a link). Please review any platform's policies if you share content to them, as that content will then be subject to the third party's rules.

Do We Sell Your Personal Information? Currently, we do not sell personal data such as your name or email to third-party data brokers or advertisers for direct profit. However, we want to retain flexibility for our business model. This means that in the future, we may engage in data sharing arrangements that could be considered a "sale" under certain regulations (for example, sharing identifiers with an advertising partner to run a targeted campaign might be deemed a "sale" under California law, even if no money changes hands). If we ever decide to use your personal data for expanded purposes including marketing partnerships or if we sell user data to a third party, we will do so in compliance with applicable laws and with transparency to you. Apple's guidelines stipulate that we cannot share personal data without user permission unless legally permitted. Therefore, if required, we will obtain your consent (for example, through a prompt) before sharing data in a way that is outside of the immediate operation of the app or that could be considered tracking. We will also provide opt-out mechanisms if required (see "Your Rights" below, e.g., for California residents' rights to opt-out of sale of info). In any case, your sensitive journal content is never sold or shared with advertisers in a personally identifiable way – if we ever leverage data for business purposes, we prioritize using aggregated or de-identified data. For instance, we might derive statistics or train an AI model on combined data, which does not expose individual identities.

4. Data Storage and Security

Storage Location: Your data (including personal information and journal entries) is stored securely on cloud servers. We may use reputable cloud service providers (such as AWS, Google Cloud, or others) to host our databases and files. These servers may be located in the United States or other countries. Depending on where you are located, this means your data might be transferred to and stored in a jurisdiction with different privacy laws than your home country. Regardless of location, we ensure that your data is protected to the standards of this Privacy Policy and applicable law. If you are located in regions like the EU, we take steps (such as standard contractual clauses or other legal mechanisms) to legitimize any international data transfers.

Security Measures: We implement reasonable and appropriate security measures to protect your information from unauthorized access, loss, misuse, or alteration. This includes technical measures such as encryption in transit (HTTPS secure communication between the app and our servers) and encryption at rest (encrypting the database or storage where your content is saved). We also restrict access to personal data to authorized personnel who need it to operate or improve the Service, and those individuals are bound by confidentiality obligations. We utilize authentication safeguards (your password is stored in hashed form, and if we offer social logins or OTPs, those are handled securely). We routinely update our software and infrastructure to address security vulnerabilities.

However, please note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You also have a role in security: please keep your account credentials safe. If you use a public device or share a device, ensure you log out. If you suspect any unauthorized access to your account, let us know immediately.

Data Breach Procedures: In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law. We will take prompt action to mitigate the breach and inform you of any steps you should take.

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:

• Account Information: We keep your account data (name, email, etc.) and journal entries until you delete your account or until we no longer need the data to provide the Service. If you remain an active user, we will keep your data so you can continue to access historical entries and use the app effectively.
• Journal Content: Your journal entries and content are stored so that you can access your history. We will keep this content until you choose to delete it or delete your account. You have control – you can delete individual entries at any time, and we will remove those from our live databases (though they may remain in backups for a short period – see below). If you delete your account entirely, we will delete or anonymize all your personal content as part of that process (again, subject to limited backup retention).
• Usage Data: Analytics and log data may be retained in aggregate form for a longer period for internal analysis. If we store raw logs, we typically purge or anonymize them periodically (for example, we might keep detailed logs for a few months and then only retain aggregated stats).
• Backups: Our system likely performs routine backups to prevent data loss. These backups are stored securely. Even after you delete data from the live system, it might persist in encrypted backups for a certain retention period (commonly, backups are rotated every X days). We will employ policies to eventually purge or destroy old backups. During the retention period of a backup, even if your data is technically present, it will not be used or restored unless needed for disaster recovery.
• Legal Requirements: We might retain certain information if necessary to comply with legal obligations, resolve disputes, or enforce our agreements. For example, if a user was banned for serious misconduct, we may retain a record of that to prevent them from rejoining, or if there's a litigation hold.

We strive not to keep personal data longer than we truly need it. When we dispose of personal data, we use reasonable measures to do so securely.

6. Your Rights and Choices

You have certain rights regarding your personal information. We have built features and processes to enable you to exercise those rights easily:

• Access and Correction: You can access and update most of your account information directly in the app (for example, your profile or account settings for name and email). If any other personal data we have about you is not accessible through the app, you can contact us to request a copy of that information. We will provide you with that data as required by law (in a portable format, if applicable). If you find that any of your personal information we have is inaccurate or incomplete, you have the right to request a correction, and we encourage you to update your profile information in the app or reach out to us for help.
• Deletion of Data (Right to Erasure): You have the right to request deletion of your personal data. The easiest way to do this is by deleting your account via the app's settings. This will remove your personal information and journal content from our active systems, as described in Data Retention. We are required by Apple to let you delete your account from within the app, and we fully support that. If you have any trouble, you can contact our support and we can assist with deletion. Please note: after deletion, residual data may remain in backups for a short time, but will be purged according to our retention policy. Also, we may retain certain information if necessary for legal obligations (as noted) – but in such cases, we will isolate it from routine use. Once your account is deleted, you will no longer be able to access any content you added (so be sure to export anything you want to keep before deleting).
• Withdrawal of Consent / Restriction: Innie does not generally rely on consent for data processing (we rely on contract – the Terms – for most processing). However, if at any point we ask for your consent to use your data for a specific purpose (for example, for sending promotional notifications or for a new data use), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the related processing. For example, you can opt out of marketing emails by clicking "unsubscribe" in them. If you had consented to some data sharing, you can contact us to opt out. Additionally, you can request that we restrict processing of your data in certain cases (e.g., if you contest its accuracy or object to a use).
• Objection to Processing: If we process your information based on legitimate interests, you have the right to object to that processing. For instance, if you don't want us to use some of your data for analytics or AI improvements, let us know – we will review such requests and comply unless we have compelling legitimate grounds to continue or as otherwise permitted by law. If you object to certain tracking (like for personalized ads), note that we anyway do not do cross-app tracking without consent. If in future we consider personalized advertising, we will adhere to Apple's App Tracking Transparency rules (ask permission), and you can always decline.
• Opt-Out of "Sale" of Data: If you are in a jurisdiction like California (CCPA) that grants the right to opt out of the sale of personal information, and if our data practices are deemed a "sale", you can exercise that right. As of now, we do not sell your data in the traditional sense. But if you want to ensure no data is shared beyond what is necessary, you can contact us to opt out of any potential third-party data sharing that could be considered a sale. We will honor such requests and implement measures so that your data is not shared in those ways.
• Data Portability: You may have the right to obtain a copy of your personal data in a portable and readily usable format (so you can reuse it or transfer it to another service). For example, you might want an export of all your journal entries. We plan to implement an export feature for your entries. Until then, you can request a data export by contacting us and we will provide your data in a common format (e.g., JSON or CSV for entries, etc.).
• Non-Discrimination: We will not discriminate against you for exercising any of these rights. For instance, if you opt out of certain data uses or request deletion, we will not deny you services unless the data was strictly necessary for providing the service. (If deletion of essential data makes it impossible to continue providing the service, we will let you know – e.g., deleting your account obviously means you can't use the account-based features.)

To exercise any of your rights, you can use in-app settings (for account deletion, etc.) or contact us at support@ora.ai. We may need to verify your identity before fulfilling certain requests (for your security). We will respond within a reasonable timeframe, and in any case within the time required by law (e.g., within 30 days for many privacy laws). If we cannot fulfill your request (due to legal reasons or an exemption), we will explain why.

7. Children's Privacy

As stated in our Terms, Innie is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the app or provide any information to us. If we learn that we have inadvertently collected personal data from a child under 13, we will promptly take steps to delete such information from our records. Parents or guardians: if you become aware that your child under 13 has created an Innie account or provided personal info, please contact us so we can remove it.

For users between 13 and 18: we recommend using Innie with parental guidance if possible, especially if you're on the younger side, as journaling can sometimes bring up sensitive personal reflections. However, we generally treat all user accounts the same regardless of age (with the expectation that no one under 13 is using the Service). If we decide to offer a version of the app for younger audiences in the future or collect data from minors in a different way, we will update our practices to comply with all children's privacy laws and likely obtain verifiable parental consent as required.

8. Third-Party Links and Services

Innie might contain links to third-party websites or services (for example, a link to our support page, a community forum, or external resources). If you follow a link to any third-party service, please be aware those have their own privacy policies. We do not control third-party sites and are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party services you interact with. This Privacy Policy applies solely to data processed by Innie.

Additionally, if in the future we integrate any third-party features (such as a speech-to-text service for transcribing voice notes, or a sentiment analysis API), we will clearly disclose those and ensure they are subject to privacy obligations. For example, Apple's guidelines require that any code or SDK we include also respects user data and has protections. We will not share data with any third-party integration unless it's necessary and we have vetted their privacy measures.

9. International Users

Innie is offered to users worldwide. Depending on where you live, you may have specific privacy rights. We design our privacy practices to meet major regulations like the EU's GDPR, California's CCPA/CPRA, and others. For example, EU users have the rights described in Section 6 (and also rights to lodge complaints with supervisory authorities). Users in some jurisdictions (like the EU) also have the right to object to processing for direct marketing or certain profiling – we currently do not do those activities, but if we ever do, we will give opt-outs.

By using Innie, you acknowledge that your information may be transferred to and processed in countries other than your own. These countries might have data protection rules different from your country. We will ensure that appropriate safeguards (such as standard contractual clauses or relying on adequacy decisions) are in place to protect your data when we transfer it internationally.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy. If changes are significant, we will provide a more prominent notice – for example, a notification within the app or an email alert. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of Innie after any update to this Policy will constitute your acceptance of the changes, to the extent permitted by law. If you do not agree with any changes, you should stop using the app and, if applicable, delete your account or reach out to us with any concerns.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

• Email: support@ora.ai
• Address: 1111b South Governors Avenue, 19904 Dover, Delaware, USA

We will do our best to address your inquiry promptly and thoroughly. Your trust is important to us, and we welcome feedback on how we can improve our privacy practices.