Privacy Policy

Effective Date: 20/12/2025

Resonate (“App”, “Service”, “we”, “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices available to you.

“Inputs” refers to any text or content you enter into the App, such as affirmations, reflections, preferences, or prompts used to generate personalised content.

“Outputs” refers to the AI-generated content returned to you based on your Inputs.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the App.

1. Information We Collect

We design Resonate to collect as little personal data as possible. We do not maintain user accounts, and we do not have access to your affirmations, reflections, or other personal content stored in iCloud or on your device.

We collect the following types of information:

1.1 Personal Content You Create

This includes:

  • Affirmations, visualisations, Inputs, or any content you enter into the App.

Where it is stored:

  • Stored locally on your device or in your personal iCloud (CloudKit private database), depending on your settings.

  • We cannot access, read, or retrieve this data.

1.2 AI Inputs and Outputs

To generate personalised content:

  • Your Inputs are securely transmitted to our AI provider (OpenAI).

  • The AI provider may temporarily retain de-identified logs solely for abuse detection, safety, and reliability.

  • These logs are not linked to your identity, are not tied to your Apple ID, and are deleted after a limited retention period.

  • Inputs and Outputs are not used to train AI models.

1.3 Device Identifier (App-Generated)

We generate a random, app-specific Device ID used only for:

  • Rate limiting

  • Abuse prevention

  • Fraud prevention

  • Security

  • Debugging and analytics

  • Ensuring safe and reliable operation of the App

This Device ID:

  • Does not contain personal information

  • Is not linked to your iCloud or Apple ID

  • Is not used to track you across other apps or websites

1.4 Usage & Performance Data (De-Identified)

We collect limited, aggregate analytics such as, but not limited to:

  • App version

  • Screens viewed

  • Feature usage

  • Non-identifiable device information

  • Crash logs (opt-in via Apple)

This data:

  • Is de-identified

  • Is not linked to your affirmations or Inputs

  • Is never used for tracking or advertising

1.5 Optional Email Information

If you subscribe to our mailing list or contact support, we collect:

  • Your email address

  • Any message you send us

Emails are used only for communication you request. You may unsubscribe at any time.

We do not sell or share email addresses with advertisers.

2. How Your Data Is Stored

2.1 On-Device Storage

Your personal content is stored on your device unless you choose to sync with iCloud.

2.2 iCloud / CloudKit

If iCloud sync is enabled:

  • Data is stored in your private iCloud using Apple’s CloudKit.

  • Data in iCloud is encrypted according to Apple’s security standards.

  • We do not have access to your iCloud data.

2.3 Our Servers

We do not store your affirmations, reflections, or any personal content on our servers.
However, our servers may retain limited operational logs such as request timestamps, a randomly generated Device ID, error information, or other technical metadata necessary for rate limiting, security, debugging, and safe operation of the App.
These logs never include your affirmations, sharing, or any content stored in your iCloud.

3. How We Use Your Information

We use your data solely to:

  • Provide personalised affirmations and visualisations

  • Ensure the App works correctly

  • Prevent abuse and maintain safety

  • Improve performance through de-identified analytics

  • Respond to support requests

  • Send optional email updates (if subscribed)

We do not:

  • Sell your data

  • Share your data with advertisers

  • Use Inputs or Outputs to train AI models

  • Track you across apps or websites

  • Use tracking identifiers (IDFA, etc.)

4. AI Processing and Safety

4.1 Transmission to AI Provider

Your Inputs are sent securely to OpenAI to generate Outputs.

4.2 Temporary Safety Logs

The AI provider may retain de-identified logs for a short period to:

  • Detect misuse

  • Maintain safety

  • Ensure system reliability

These logs:

  • Are not tied to your identity

  • Do not include personal content from iCloud

  • Are not used for model training

5. Sensitive Content & Emergencies

Resonate does not review Inputs in real time and cannot detect emergencies.

The App is not a substitute for:

  • Medical care

  • Mental health treatment

  • Therapy or counselling

  • Legal or financial advice

  • Crisis or emergency support

If you are in distress or experiencing an emergency, contact local emergency services or qualified professionals immediately.

6. Third-Party Service Providers

We use the following third-party services to operate and improve the App. These providers may process limited technical or de-identified information needed for their functionality.

None of these providers have access to your affirmations, reflections, Inputs, or any iCloud-stored content.

AI Provider

  • OpenAI — processes your Inputs to generate AI content.

Analytics & Performance

  • Mixpanel — de-identified usage analytics.

  • Firebase SDK (Google) — conversion tracking for advertising campaigns. Firebase may collect technical information such as device type, app interactions, and de-identified usage data to measure ad performance.

  • Apple App Store Connect — crash logs and performance diagnostics (opt-in).

Subscription & Paywall Services

  • Superwall — manages paywall interactions and subscription events.

Backend & Operational Services

  • Supabase — handles remote configuration, rate limiting, and operational logs.
    No personal content is stored on our servers.

Email (Optional)

If you subscribe to email updates in the future, we will disclose the email service in use here.

7. Data Deletion

7.1 In-App Deletion

You may delete your affirmations and Inputs directly within the App.

7.2 Delete iCloud Data

To delete data stored in iCloud:

  • Open your device’s iCloud settings

  • Manage storage for Resonate

  • Delete the App’s iCloud data

Deleting the App does not automatically delete iCloud data.

7.3 Email Data

Email addresses collected for mailing lists or support can be permanently deleted on request.

7.4 Device ID

We generate and use a random, app-specific Device ID to help protect the Service, including rate limiting, fraud prevention, abuse detection, and security. Because this identifier is important for the integrity and safe operation of the App, we may need to retain it and associated logs even if you stop using the App.

Where applicable law gives you a right to request deletion of personal data, we will consider such requests on a case-by-case basis. However, we may continue to retain certain technical identifiers and security logs where necessary for our legitimate interests in protecting the Service, complying with legal obligations, or resolving disputes.

8. Children’s Privacy

You must be at least 13 years old to use Resonate.
We do not knowingly collect information from children under 13.
If we learn such information was collected, we will delete it promptly.

9. GDPR Rights (EU & UK Users)

If you are located in the EU or UK, you have the following rights:

  • Right of Access — request a copy of your data

  • Right to Rectification — correct inaccurate information

  • Right to Erasure — delete your data (handled via iCloud/App)

  • Right to Restrict Processing

  • Right to Object

  • Right to Data Portability

  • Right to Withdraw Consent

  • Right to Lodge a Complaint with your data protection authority

Lawful bases for processing include:

  • Contract (providing the App)

  • Legitimate Interest (security, rate limiting, analytics)

  • Consent (email subscriptions)

International Transfers

Some services may process data outside your region.
We rely on legally approved mechanisms such as Standard Contractual Clauses where required.

10. CCPA Rights (California Users)

California residents have the right to:

  • Know what categories of personal information we collect

  • Request deletion of personal information

  • Correct inaccurate information

  • Understand the categories of third parties we share data with

  • Opt out of the sale or sharing of personal information (we do not sell or share)

  • Not be discriminated against for exercising their rights

Categories of personal information collected include:

  • Technical identifiers (Device ID)

  • Usage data (de-identified)

  • Crash logs (if shared with Apple)

  • User-provided email (if subscribed or contacting support)

We do not sell or share personal information.

California users may submit requests via support@wordsthatresonate.com.

11. Data Security

We take reasonable technical and organisational measures to protect your information, including:

  • HTTPS encryption during transmission

  • Apple’s iCloud encryption for data at rest

  • Limited, de-identified analytics

  • No server storage of personal content

No system is completely secure. You are responsible for maintaining the security of your device and Apple ID.

12. International Users

Your iCloud data is stored by Apple and may be processed in data centres in multiple regions, depending on your Apple ID and Apple’s infrastructure.

We do not transfer or store your affirmations or Inputs on our servers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or legal requirements.

The latest version will always be available on our website.

14. Contact Us

If you have questions or privacy requests, contact us at:

support@wordsthatresonate.com