Privacy Policy

1. Introduction

Welcome to AffirmQuest ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web service (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information that you provide to us:

• Account Information: Email address, name, and profile information
• Authentication Data: Login credentials and OAuth tokens (managed by Clerk)
• Contact Information: Phone number (optional, for SMS and voice features)
• Profile Data: Personal goals, challenges, strengths, and preferences (for personalized affirmations)
• Payment Information: Billing details for premium subscriptions (processed securely by Stripe)

2.2 Usage Data

We automatically collect certain information when you use our Service:

• Game Data: Character stats, levels, achievements, battle history, and progress
• Affirmation History: Saved affirmations, favorites, and categories
• Settings and Preferences: Notification preferences, delivery methods, and schedule times
• Device Information: Device type, operating system, browser type, and unique device identifiers
• Usage Analytics: Pages visited, features used, and interaction patterns (via Vercel Analytics)
• Push Notification Tokens: Device tokens for sending notifications (FCM for mobile, VAPID for web)

2.3 Location Data

We collect your timezone information to deliver scheduled affirmations at your preferred local time. We do not collect precise geolocation data.

3. How We Use Your Information

We use your information for the following purposes:

• Provide Core Features: Generate and deliver personalized affirmations
• Game Experience: Track character progression, battles, and achievements
• Notifications: Send scheduled affirmations via email, push notifications, SMS, or voice calls
• Personalization: Use AI (OpenAI GPT-4) to create customized affirmations based on your profile
• Account Management: Create, maintain, and secure your user account
• Payment Processing: Process premium subscriptions securely via Stripe
• Communication: Send service updates, notifications, and support responses
• Analytics and Improvement: Analyze usage patterns to improve our Service
• Security: Detect and prevent fraud, abuse, and technical issues
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

We use the following third-party services that may collect and process your data:

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors listed above who perform services on our behalf
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly agree to share your information

6. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit using HTTPS/TLS
• Secure database storage with PostgreSQL
• Regular security audits and updates
• Access controls and authentication via Clerk
• Secure payment processing via PCI-compliant Stripe

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Receive your data in a portable format
• Withdraw Consent: Revoke previously given consent

To exercise these rights, please contact us at privacy@affirmquest.io

8. Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Help us understand how you use the Service (Vercel Analytics)
• Preference Cookies: Remember your settings and choices

You can control cookies through your browser settings, but disabling cookies may limit functionality.

9. Push Notifications

If you enable push notifications, we will send you affirmations and updates based on your preferences. We use:

• Firebase Cloud Messaging (FCM): For Android and iOS push notifications
• Web Push API: For browser-based notifications

You can disable push notifications at any time through your device settings or app settings.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers.

12. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

17. Data We Do NOT Collect

For transparency, we want to be clear about what we do NOT collect:

• We do NOT sell your personal information to third parties
• We do NOT collect precise geolocation data (GPS coordinates)
• We do NOT access your contacts, photos, or other files without permission
• We do NOT track you across other websites or apps
• We do NOT use your affirmation content for marketing