Privacy Policy

Effective Date: January 2025

Last Updated: January 2025

1. Introduction

Inny.app is operated by InnerVoice.io, part of Time Products B.V. (KVK 71358048) (Netherlands). This Privacy Policy explains how we collect, process, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), the Dutch Implementation Act (UAVG), and applicable international laws.

2. Data We Collect

2.1 Account & Identification Data

  • Email address: Used for account management and recovery.
  • Display name: Optional, used to personalize the interface.
  • Authentication IDs: Tokens from providers like Apple or Google. We do not see your external passwords.

2.2 App Activity & Usage

  • Journal entries & Reflections: Stored securely and privately for your personal use.
  • Progress Data: Tracking completed sessions and streaks.
  • Preferences: Settings such as language, visual themes, and age mode.

2.3 Device & Technical Data

  • Device Info: Device type, operating system version, and browser type.
  • IP Address: Logged briefly for security and fraud prevention.
  • Diagnostics: Crash logs and error reporting to help us fix bugs.

2.4 Content You Provide

This includes your written journals, audio notes, check-ins, and any optional profile photos you upload.

3. How We Use Your Data

We process your data for the following purposes:

  • To provide, personalize, and improve the Inny.app experience.
  • To sync your progress and content across multiple devices.
  • To ensure the security, stability, and integrity of our systems.
  • To comply with legal obligations.

Important Note on AI: We do not use your private journal entries, reflections, or audio notes to train public artificial intelligence models.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal grounds:

  • Contractual Performance: To deliver the service you signed up for.
  • Legitimate Interest: To maintain security and improve the app.
  • Consent: For optional features such as newsletter subscriptions.
  • Legal Obligation: To comply with regulatory requirements.

5. Data Sharing & Processors

  • Google Firebase: For secure hosting, authentication, and database storage.
  • Payment Providers: To process subscriptions where applicable.

We never sell your data. We only share data with trusted third-party processors strictly required to operate the app.

6. International Transfers

Some partners may process data outside the EU/EEA. We protect these transfers with appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

7. Data Retention

Your account and journal data remain stored securely until you choose to delete them. Technical logs and anonymized analytics may be retained for a limited period to ensure system stability.

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectify: Correct inaccurate or incomplete data.
  • Erase: Request deletion of your account and data.
  • Portability: Receive your data in a structured, exportable format.
  • Object/Restrict: Object to processing based on legitimate interest.

9. Children

Where a child-focused mode is available, use requires parental consent. We minimize data collection for child accounts and do not use targeted advertising.

10. Data Security

We use industry-standard security measures, including encryption in transit and at rest, role-based access controls, and continuous security monitoring.

11. Account Deletion

You can delete your account and associated data directly within the app.

Go to: Settings -> Account -> Delete Account.

Once confirmed, this action is irreversible.

12. Updates

We may update this policy as laws or features evolve. Material changes will be communicated through the app or by email.

13. Contact

If you have questions about your privacy or wish to exercise your rights, please contact us:

Email: privacy@innervoice.io

Company: Time Products B.V. (KVK 71358048), Amsterdam, The Netherlands