# Privacy Policy - Affirm

Effective date: February 14, 2026
Last updated: February 14, 2026

## 1. Who we are

Affirm is a mobile affirmation app.  
Contact for privacy questions: `info@progrez.app`


## 2. Scope

This Privacy Policy applies to the Affirm mobile app (iOS/Android), web version, and related backend services.

## 3. Data we collect

### Data you provide in the app

- Goals and challenges you entered
- Affirmation lists and edits you create
- Feedback prompts used to regenerate affirmations

### Technical and usage data

- Random device identifier generated by the app (`affirm_device_id`)
- `app_start` (including total starts)
- `affirmation_played` (aggregated play count milestones)
- `playlist_created` (goals/challenges payload)
- `playlist_edited_ai` (prompt payload)
- `affirmation_edited`, `affirmation_deleted`
- `listening_time` (duration and total listening seconds)

### Audio-related data

- Text sent for text-to-speech generation
- Generated audio files cached locally on your device
- Server-side TTS usage records

## 4. Where data is stored

- On-device (primary): profile and affirmation lists are stored locally.
- Server-side: analytics events and TTS generation records
- Third-party processing: prompts and text sent to AI/TTS endpoints are processed via OpenAI.

## 5. How we use data

- Provide core app features (generate affirmations, playback audio)
- Personalize generated affirmation content
- Measure app performance and usage trends
- Prevent abuse and enforce TTS generation limits
- Maintain and improve the service

## 6. Legal bases (EEA/UK users)

Where GDPR applies, we rely on:

- Contract/performance of service: to provide requested app features
- Legitimate interests: basic product analytics, security, and service reliability
- Consent: where required by local law (you can withdraw consent where applicable)

## 7. Sharing and disclosures

We do not sell personal information.  
We may share limited data with service providers that process data on our behalf, including:

- OpenAI (AI text and TTS processing, via Replit integrations)
- Hosting/infrastructure and database providers

We may also disclose data if required by law.

## 8. Retention

- On-device app data remains until you delete it, clear app storage, or uninstall the app.
- Analytics and TTS logs are retained until no longer needed for operational purposes, unless law requires longer retention.


## 9. Your rights

Depending on your location, you may have rights to:

- Access your personal data
- Correct inaccurate data
- Delete data
- Restrict or object to certain processing
- Data portability
- Withdraw consent (where processing is based on consent)

To request this, contact: `info@progrez.app`.  
Include your app device ID so we can locate relevant analytics records.

## 10. US state privacy notices (including California)

If applicable law covers our processing, you may have rights to know, access, correct, delete, and receive a copy of personal information, and to opt out of sale/sharing.  
Affirm does not sell personal information as commonly defined under California law.

California "Shine the Light" and CalOPPA-style disclosures:

- Categories collected: identifiers (random device ID), usage data, user-provided content (goals/challenges/affirmation edits), and audio/TTS inputs.
- Business purpose: app functionality, analytics, quality, and security.
- Third-party sharing: service providers only.
- Do Not Track: web browser DNT signals are not currently responded to in a distinct way.

## 11. Children

Affirm is not directed to children under 13, and we do not knowingly collect personal data from children under 13.  
If you believe a child has provided data, contact us and we will delete it where required.

## 12. Security

We use reasonable technical and organizational measures to protect data.  
No method of transmission or storage is 100% secure.

## 13. International transfers

Your data may be processed in countries other than your own.  
Where required, we use appropriate safeguards for international data transfers.

## 14. Google Play Store privacy disclosures

For Google Play compliance, this policy is intended to support your Play listing and Data safety form. Before release, ensure your Play Console Data safety answers exactly match the app's real behavior, including:

- Data collected: device identifier, app activity/usage analytics, user-provided content, audio-related inputs for TTS.
- Data sharing: service providers for AI processing and infrastructure.
- Purpose: app functionality, analytics, fraud/abuse prevention.
- Optional account deletion/contact method: provide a working deletion request channel in-app or via support email.

## 16. Changes to this policy

We may update this policy from time to time.  
Material changes will be communicated in-app or by updating the effective date above.

## 17. Contact

Privacy contact: `info@progrez.app`