Privacy Policy

BreatheOut · Last updated: April 2026 · Version 2026-04-15.v2

Our commitment, in plain words

The content of what you write or speak into BreatheOut is yours alone. We never upload the text of your thoughts. It stays on your device.

To run the app and keep improving it, we do sync a small amount of account information and anonymized usage signals to our servers. This policy lists what that includes.

What stays on your device

• The full text of any thought you type or dictate
• Your saved affirmations and emotion-tag history
• Your Face ID, haptics, and onboarding preferences

What we sync to our servers

On successful sign-in, we create or update your account record with:

• Your Firebase user ID
• Phone number and country code (needed for sign-in)
• Display name and email, if you set them
• Chosen avatar preset (so it follows you across reinstalls)
• Preference toggles (Face ID on/off, haptics on/off, onboarding seen)
• Timestamps: account created at, last sign-in at
• App version, OS version, platform (for support)
• The version of these terms you accepted, and when

We also sync anonymized usage signals tied to your account so we can build better features and understand how BreatheOut is used over time. These signals never include the text of your thoughts or anything that could be read back to you as "here's what you wrote."

If you'd like the full, itemized list of what we store about you, email guri22734@gmail.com and we'll share it — this is your right under GDPR, DPDPA, and similar laws.

What we NEVER sync — for any user, ever

• The text of your thoughts or dump content
• Audio recordings of your voice
• Your transcripts
• Which specific thought you chose to release vs. keep

Third parties

We use Firebase (Google) for authentication, data storage, crash reporting, and analytics. Firebase's privacy documentation: firebase.google.com/support/privacy

We do not sell data to advertisers. We do not embed third-party trackers. BreatheOut is free and has no ads.

Your rights

You can:

• View your data by asking via guri22734@gmail.com
• Delete your account (Profile → Delete Account) — this cascades on our servers
• Revoke consent — stop using the app; your data is removed on account deletion

GDPR and DPDPA rights are honored for users in those jurisdictions.

Data retention & breaches

We keep your data only while your account is active. Deleted accounts' data is removed from live systems within 30 days.

If a data breach occurs, we'll notify affected users by phone/email within 72 hours of discovery, per applicable law.

Updates to this policy

When we materially change this policy, we'll ask you to re-accept on your next sign-in. The version you accepted is stored with your account record.

Contact

Questions, concerns, or data requests: guri22734@gmail.com