Privacy Policy
Effective date: 21 May 2026 Last updated: 12 June 2026
This Privacy Policy explains how Reflexia ("Reflexia", "we", "us", "our") collects, uses, stores, and protects information when you use the Reflexia mobile application (the "App") for iOS.
We have built Reflexia as a privacy-first, local-first application. The vast majority of your information — including journal entries, mood records, photos, audio and video — never leaves your device. This Policy tells you, in plain language, exactly what we do, what we don't do, and what choices you have.
If you do not agree with this Policy, please do not install or use the App.
1. Who we are (Data Controller)
| Operator | Reflexia (independent developer based in Ukraine) |
| Privacy contact | reflexia.support@gmail.com |
| App | Reflexia — mental wellness, mood and journaling app for iOS |
For users in the European Economic Area (EEA) and the United Kingdom, Reflexia acts as the Data Controller for the limited categories of personal data described below.
Reflexia is currently developed and operated by an individual developer based in Ukraine. Users in the European Union, the United Kingdom, or anywhere else can write directly to reflexia.support@gmail.com with any privacy question, and we will respond within the timeframes set out in Section 17.
2. Summary (TL;DR)
- The App stores all of your personal content — your journal entries, mood logs, audio/video recordings, photos, name, birthday and goals — locally on your device in an AES-256 encrypted database. The encryption key is stored in the iOS Keychain.
- We do not operate user accounts. There is no sign-up, no login, no password, no server-side profile.
- We do not sell your personal information to anyone.
- We do not use advertising, advertising IDs (IDFA), App Tracking Transparency cross-app tracking, or behavioural advertising networks.
- We do not access Apple HealthKit, your location, your contacts, or your calendar.
- If you use the AI Insights feature, only aggregated, non-identifying statistics about your moods (such as your 7-day and 30-day average mood score, dominant mood label and entry count) are sent to a third-party AI provider. Your journal text and recordings are never sent.
- You can export and delete all of your data at any time, directly inside the App. Uninstalling the App also deletes your data.
Example. If you record a voice journal on the morning of 15 March about a difficult conversation with a coworker, we know nothing about it. The audio file, the title you wrote, the mood you logged, and the timestamp all stay encrypted on your device. We have no server that could see, store, copy, or be subpoenaed for that recording.
3. Information we collect and where it is stored
We distinguish between three categories.
3.1 Information stored only on your device
The following information is generated and stored exclusively in the App's local, AES-256-encrypted database on your device. None of it is transmitted to us or to any third party unless you choose to export it.
Profile information (you provide it during onboarding):
- First name (optional, skippable)
- Optional email field (free-text label only — we do not verify or use it)
- Date of birth (optional, skippable)
- Gender (optional: male / female / non-binary / prefer not to say)
- Wellness goals (selected from a preset list)
- Avatar image (local file)
- Optional bio (free text)
Wellness content (created during normal use):
- Mood entries: a numeric mood score (1–6), a mood label (e.g. calm, happy, anxious), timestamps, and the source ("manual" or "journal")
- Journal entries: title, free-text content, timestamps, mood association, an "is private" flag, and references to attached media
- Audio recordings (up to 5 minutes each), video recordings, and photos that you attach to journal entries — stored as files in the App's sandboxed Documents folder
- Widget configuration (which home-screen widgets are enabled and in what order)
- Quote history (which inspirational quotes you have seen / favourited)
Secure storage on your device (iOS Keychain):
- The encryption key for the local database — generated randomly on your device and never transmitted anywhere
- Any AI provider API key you choose to enter yourself (OpenAI, Google Gemini, Anthropic Claude)
- Cached AI insight text and tip (the last AI-generated insight, refreshed every 24 hours)
App preferences (stored locally):
- Onboarding completion flag
- Acceptance of this Privacy Policy and the Terms of Use
- Analytics consent flag
- Selected AI provider and model
- Permission prompt history
We do not receive or store copies of any of the above on our servers. We have no servers that store your content.
3.2 Information sent to third-party AI providers when you use AI Insights
The App offers an optional AI Insights feature which generates short, personalised wellness summaries based on your mood statistics.
When this feature is invoked, the App sends an HTTPS request directly from your device to the selected AI provider's API. The request contains:
- An aggregated mood profile: your average mood score and dominant mood label for the last 7 and 30 days, the number of mood entries you have made in those windows, a mood variability label (e.g. "stable", "highly variable"), and a 30-day trend direction.
- Your device language code (for example "en", "uk") so that the response is generated in your language.
- Your total entry count (used to choose a "just getting started" vs. "established user" prompt variant).
- The API key used to authenticate the request (see below).
The following information is never included in this request:
- Your journal text, journal titles, audio recordings, video recordings, or photos
- Your name, optional email, birthday, gender, goals, or any other profile attribute
- Any device identifier, advertising identifier, IP address from us (the network connection itself naturally reveals your IP to the AI provider — see their policies)
Which AI provider receives the data depends on your settings:
| Provider you select | Whose account processes the request |
|---|---|
| Default — used out of the box. The underlying AI is Google's Gemini; Reflexia did not build its own AI model. | An API key supplied by Reflexia and embedded in the App. Your aggregated mood statistics are processed by Google under Reflexia's Google Cloud account. |
| OpenAI (optional) | An API key you provide and store on-device. The request is processed under your OpenAI account. |
| Google Gemini (optional) | An API key you provide. The request is processed under your Google account. |
| Anthropic Claude (optional) | An API key you provide. The request is processed under your Anthropic account. |
Important disclosure regarding the Default provider. Reflexia does not operate its own AI model. When you have not configured your own AI provider, AI Insight requests are sent to Google's Gemini API using an API key owned by Reflexia. The AI itself is Google's product; Reflexia's role is limited to supplying the API key and shaping the prompt. Google receives your aggregated mood statistics (as described above) under our developer account and processes them under Google's API terms and privacy policy (see Section 6).
No negotiated Data Processing Agreement (DPA) for the Default provider. When you use the Default provider, Reflexia communicates with Google's public Gemini API as an ordinary developer customer. We have not negotiated an enterprise-grade DPA with Google for this traffic. Google's standard API terms govern the processing. If you want a stricter, individually-negotiated arrangement, configure your own API key with the provider of your choice — in that case the request goes under your own customer relationship with that provider, and any DPA you have with them applies.
No model training on your data. To the best of our knowledge and according to the API terms in effect at the time of writing, the request payloads described above (aggregated mood statistics, no journal content) are not used by Google, OpenAI, or Anthropic to train their general-purpose AI models when sent through their paid API endpoints (as opposed to consumer-facing chat products). Each provider's terms describe their own training and retention practices in detail; please review the links in Section 6 for the most up-to-date position. Reflexia does not store, log, or use the AI request or response content for any of its own purposes, including training or analytics, beyond the 24-hour on-device cache described in Section 8.
When you bring your own API key (OpenAI / Gemini / Claude), the request is sent under your own account with that provider. Your relationship with that provider, and that provider's privacy policy, governs how the data is processed. Reflexia does not see, log, or proxy the request.
In addition, when you enter a new API key in the App, the App makes a single small request to that provider to verify the key and list the models available to you. No mood data is sent during this verification.
The AI Insights feature is opt-in by widget: it only runs when the AI Insights widget is enabled on your home screen. You can disable it in Profile → Widgets at any time, in which case no AI requests are ever made. If you disable AI Insights, the feature will not generate insights for you and the widget will not appear on your home screen. Existing insights cached on your device will be cleared automatically within 24 hours.
Example. If you have logged 12 moods this week, the AI request might contain:
{ "avgScore7d": 4.2, "dominantMood7d": "calm", "entries7d": 12, "lang": "en", ... }. The text "I felt anxious before my presentation today" — which you wrote in a journal entry — is not part of that request, never has been, and never will be under this design.
3.3 Optional analytics (currently disabled)
The App contains the technical scaffolding for Google Firebase Analytics. At the time this Policy was written, Firebase Analytics is fully disabled in the App and no analytics data is being sent.
If we enable analytics in a future release, it will only fire when you have explicitly given your consent on the Consent screen ("Help improve Reflexia by sharing anonymous analytics"). We will update this Policy and ask for your consent again before any data is sent. The events we would send are strictly limited to non-identifying product usage events (for example: "an onboarding step was viewed", "a mood was saved with score 4", "the breathing exercise was started"). Free-text fields — your journal content, your titles, your notes — are never included in analytics events.
If and when analytics is enabled, the user properties we would set are limited to: your derived age (an integer, computed from your birthday), your device language, your selected AI provider, the build environment (development or production), and whether you have completed onboarding.
You can turn analytics off at any time in Profile → Privacy. Turning analytics off has no effect on your access to any feature of the App — analytics is purely opt-in product-improvement telemetry; the App's features do not depend on it.
4. How we use the information
We use the limited information described above strictly for the following purposes:
- To provide the App's core functionality — store and display your moods, journal entries, breathing and meditation sessions, statistics, widgets and reminders. (Legal basis under GDPR: performance of the contract / your use of the App.)
- To personalise your in-App experience — show your name on the home screen, set the App language, and tailor onboarding. (Legal basis: legitimate interests / your consent given by entering the information.)
- To generate AI-powered wellness insights when you have enabled the AI Insights widget — by sending the aggregated mood statistics described in Section 3.2 to the AI provider of your choice. (Legal basis: your consent / contract.)
- To improve the App through optional, opt-in product analytics, if and when this feature is activated. (Legal basis: your explicit consent.)
- To comply with legal obligations when applicable.
We do not use your information for advertising, profiling for advertising purposes, automated decision-making with legal effects, or sale to third parties.
5. Permissions the App requests
The App requests the following iOS permissions only when you trigger a feature that needs them. You can revoke each one at any time in iOS Settings → Reflexia.
| Permission | Why we ask for it |
|---|---|
| Camera | To record a video journal entry, take a photo for a journal entry, or set an avatar. The video/photo is saved on your device only. |
| Microphone | To record an audio journal entry or the audio track of a video entry. The recording is saved on your device only. |
| Photo Library | To attach a photo from your library to a journal entry, or to set an avatar. We only read the photos you explicitly select. |
| Notifications (Local) | To deliver reminders that you schedule inside the App. All notifications are scheduled and delivered locally by iOS — we do not send remote push notifications. |
| Face ID / Touch ID / Passcode | To unlock journal entries that you have marked as "private". The biometric check is performed by iOS; we never see your biometric data. |
We do not request: HealthKit, Location, Contacts, Calendar, Reminders, Motion & Fitness, Bluetooth, Speech Recognition, Apple Music, or App Tracking Transparency (we do not perform cross-app tracking).
6. Third parties
We try to keep the number of third parties to an absolute minimum. The third parties that may receive data, and only under the conditions described, are:
6.1 AI providers (when you use AI Insights)
Depending on the AI provider you select (including the Default Google Gemini option accessed under Reflexia's key), one of the following companies will receive the aggregated mood statistics described in Section 3.2:
| Provider | Role | Reference |
|---|---|---|
| Google LLC (Gemini API) — used by the Default and Google Gemini options | Independent data processor / controller of the data you submit through the API | https://policies.google.com/privacy and Google's Generative AI Additional Terms |
| OpenAI, L.L.C. — used by the OpenAI option | Independent data processor / controller of the API request | https://openai.com/policies/privacy-policy |
| Anthropic, PBC — used by the Anthropic Claude option | Independent data processor / controller of the API request | https://www.anthropic.com/legal/privacy |
When you use the Default provider, the request is processed under Reflexia's Google account; Google's privacy terms govern Google's processing of that request, but you remain Reflexia's user. When you supply your own API key, the request is processed under your own account with that provider and the relationship is directly between you and them.
6.2 Apple Inc.
iOS itself stores App data in the device sandbox, manages the iOS Keychain (where we store encryption keys), delivers local notifications, and provides the share sheet used for exports. Apple's Privacy Policy applies to those system services: https://www.apple.com/legal/privacy/.
6.3 Google Firebase (technical inclusion, not active)
The Firebase SDK is technically present in the App binary as preparation for an optional analytics opt-in. At the time of writing, Firebase is not initialised and no data is sent to Firebase. When and if Firebase Analytics is activated, it will be gated by your explicit consent (see Section 3.3). Firebase's privacy practices, if it ever becomes active for you, are described at https://firebase.google.com/support/privacy.
6.4 Recipients of your export file
When you use the App's Export feature, the App produces a .reflexia archive (a ZIP file) and hands it to the iOS Share Sheet. From there, you alone decide who receives the file — for example by AirDrop, Files, Mail, Messages, or a third-party cloud app. Reflexia does not upload the export anywhere; we never see it.
6.5 Payment processors (when paid features arrive)
The App is currently free of charge. When we introduce paid features in the future (subscriptions or one-off in-app purchases), all payment processing will be handled by the App Store (Apple Inc.) under Apple's own payment terms. We will not receive your credit-card or bank-account information; we will only see the anonymised receipt that Apple sends us so we can unlock the purchased content for you. This Policy will be updated and presented for re-consent before any paid feature launches.
6.6 Website hosting (Firebase Hosting)
This Privacy Policy and the Terms of Use are served from a static website hosted on Google Firebase Hosting. When your browser (including the in-App browser used by the Consent screen) loads these pages, Firebase Hosting receives standard HTTP request metadata — including your IP address, browser user agent, the URL you requested, and the time of the request — which Google retains for limited periods for service-delivery, security, abuse-prevention and aggregate analytics purposes, as described in Google's Cloud Privacy Notice. Reflexia does not place additional tracking on these pages (no third-party scripts, no analytics SDKs, no advertising).
6.7 Business transfer
If Reflexia is involved in a merger, acquisition, financing or sale of all or a portion of its assets, your personal data may be transferred or disclosed in connection with the transaction. Because we hold so little of your personal data outside your device, the practical effect of any such transfer would be limited; nevertheless, we will provide notice of any such transfer through the App and through this Policy, and the acquiring party will be bound by the commitments we have made to you here.
6.8 No other recipients
We do not share, rent, sell, or otherwise disclose your personal data to advertisers, data brokers, social networks, analytics providers (beyond the optional Firebase opt-in above), CRM tools, marketing partners, or any other third party.
7. International transfers
Because the App is local-first, your content does not cross borders for storage. The limited exceptions are:
AI Insights — when enabled, your aggregated mood statistics are transmitted to the selected AI provider, which may process the request on servers located outside your country, including in the United States and the European Union. Each provider declares its own transfer mechanisms — such as the EU-US Data Privacy Framework (DPF) for Google and Anthropic (which are DPF-certified) and the EU Standard Contractual Clauses (SCCs) — in their respective privacy policies linked in Section 6.
Website hosting (this page) — Firebase Hosting may serve content from Google data centres outside your country and Google retains short-term request metadata as described in Section 6.5. Google relies on the EU-US Data Privacy Framework and SCCs for these transfers.
If you do not wish your aggregated data to be transferred outside your country, simply disable the AI Insights widget in Profile → Widgets. The App will continue to function fully for all local features.
8. How long we keep your information
We retain personal data only for as long as is necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. When deciding how long to retain a particular category of data, we consider:
- the amount, nature and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure;
- the purpose for which we hold the data and whether that purpose can be achieved by other means;
- any applicable legal, regulatory or accounting requirements;
- the existence of any actual or anticipated legal claim involving the data.
Concrete retention periods that apply to Reflexia today:
| Data category | Where it lives | Retention |
|---|---|---|
| Journal entries, mood logs, audio/video recordings, photos, profile fields, widget configuration | Encrypted database on your device | Until you delete the individual entry, reset the App from Profile → Backup → Reset, or uninstall the App. We have no server copy to retain. |
| iOS Keychain items — the database encryption key, your AI provider API keys, AI insight cache (text and tip) | iOS Keychain on your device | Until you delete the App, replace the key from the AI Settings screen, or trigger a reset. AI cache rotates automatically when stale (see below). |
| AI insight cache (the last AI-generated text + tip) | On your device | Refreshed every 24 hours, or sooner if your mood entry count or device language changes. The cache is overwritten in place, never accumulates. |
| AI request data on the provider's side (Google / OpenAI / Anthropic) | Provider's servers | Governed by that provider's own retention policy (see the links in Section 6). Reflexia has no control over and no visibility into provider-side retention. |
| Analytics events (if and only if you opt in) | Firebase Analytics | Subject to the standard Firebase Analytics retention window. We configure this for the shortest period available (currently 2 months for user-level data and 14 months for event-level aggregates). |
| Website request metadata (this Policy page, the Terms page) | Firebase Hosting (Google) | Short-term, governed by Google's Cloud Privacy Notice. We do not separately retain copies of these logs. |
| Email correspondence with you about a privacy request | Our email inbox | Up to 12 months after the request is resolved, unless a longer period is needed to defend a legal claim or comply with a legal obligation. |
Because we hold no server-side copy of your in-App content, uninstalling the App permanently deletes your data from the only place we ever stored it. We cannot recover your data after uninstall — please use the Export function first if you want to keep a copy.
9. Your rights
Wherever you are located, we honour the following rights. To exercise any of them, contact us at reflexia.support@gmail.com.
9.1 Rights under the GDPR (EEA / UK)
If you are located in the European Economic Area, the United Kingdom or Switzerland, you have the following rights:
- Right to be informed — this Policy provides that information.
- Right of access — you can request a copy of any personal data we hold. In practice, because all of your personal data is on your device, the in-App Export function (Profile → Backup → Export) provides this in real time as a
.reflexiaarchive. - Right to rectification — you can edit your profile, mood entries and journal entries directly in the App at any time.
- Right to erasure ("right to be forgotten") — you can delete individual entries in the App, reset all data from Profile → Backup → Reset, or simply uninstall the App. Where we hold any data outside your device (we do not, today), we will delete it on request.
- Right to restrict processing — you can disable AI Insights and Analytics in Profile.
- Right to data portability — the Export function produces your data in a structured, machine-readable format (JSON + media).
- Right to object to processing based on legitimate interests — contact us.
- Rights related to automated decision-making and profiling — we do not perform automated decision-making with legal or similarly significant effects.
- Right to withdraw consent — at any time, where processing is based on consent (such as AI Insights or Analytics), without affecting the lawfulness of processing before withdrawal. If you withdraw consent, the related feature may stop working for you as described in Sections 3.2 and 3.3.
- Right to lodge a complaint with a supervisory authority in your country of residence.
We will respond to a request that invokes any of these rights within one month of receipt. Where the request is particularly complex or where we have received a number of requests, we may extend this period by up to two further months, in which case we will tell you about the extension and the reasons for it within the first month, as permitted by Article 12(3) GDPR.
9.2 Rights under the CCPA / CPRA (California residents)
If you are a California resident, you have the right to:
- Know what categories of personal information we collect, how we use it, and whether it is disclosed.
- Access the specific pieces of personal information we hold about you (the Export function provides this).
- Delete your personal information (use the in-App reset, or uninstall the App).
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.
- Limit use of sensitive personal information — we use sensitive information (such as mental health data) solely to provide the App's wellness features to you.
- Non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.
To exercise any of these rights, contact us at reflexia.support@gmail.com. You may use an authorised agent. We will verify the request by asking you to provide reasonable proof that you are the user of the device on which the data was created. We will respond within 45 days, with an extension of up to 45 further days where reasonably necessary, as permitted under California Civil Code § 1798.130.
9.3 Rights under other applicable laws
Users in Brazil (LGPD), Canada (PIPEDA), Turkey (KVKK), South Africa (POPIA), Saudi Arabia (PDPL), Ukraine ("On Personal Data Protection") and other jurisdictions have substantially similar rights. Contact us at reflexia.support@gmail.com with the law you wish to exercise rights under, and we will respond within the time required by that law.
9.4 Washington My Health My Data Act ("MHMD")
If you are a resident of Washington State, the Washington My Health My Data Act (RCW 19.373) grants you specific rights with respect to consumer health data — broadly defined to include data revealing or reasonably linkable to your past, present or future mental health. Because the App's mood entries, journal text and AI-derived insights may meet that definition, we acknowledge:
- We do not sell consumer health data and have no plans to do so.
- The App processes consumer health data only on your device and (with your consent) in the aggregated form sent to your chosen AI provider for AI Insights, as described in Section 3.2.
- You can withdraw your consent for AI Insights at any time by disabling the widget. You can delete all consumer health data by resetting the App or uninstalling it. You may also email us at reflexia.support@gmail.com for any MHMD request.
9.5 Right of access — quick path
For all rights frameworks above, the in-App Export function (Profile → Backup → Export) gives you a complete copy of your personal data in a structured, machine-readable format (JSON for records plus original media files), immediately and without our involvement. This satisfies the right of access and the right to data portability under GDPR, CCPA and most other regimes.
10. How we protect your information
We have implemented technical and organisational measures appropriate to the nature of the data:
- Encryption at rest. The local database that contains all of your content is encrypted with AES-256. The encryption key is generated randomly on your device on first launch, stored in the iOS Keychain so that it is available only on that device, and never transmitted anywhere.
- Encryption in transit. All network requests (AI Insights, model discovery, opening of the Privacy Policy or Terms in-App) use HTTPS / TLS.
- iOS Data Protection. Files stored by the App benefit from iOS's hardware-backed file encryption.
- Biometric lock for private entries. Journal entries you mark as "private" require Face ID, Touch ID or your device passcode before they can be opened. The check is performed by iOS itself.
- Sandboxing. As an iOS app, Reflexia runs in Apple's app sandbox; other apps cannot access our files.
- No accounts, no servers. Because we do not operate a backend that stores your content, there is no server-side database for a third party to breach.
- Minimisation. We collect only the data described in this Policy.
No method of electronic storage or transmission is 100% secure. If we ever become aware of a security incident affecting your personal data, we will notify you and the appropriate regulators as required by applicable law.
11. Cookies and similar technologies
The App is a native iOS application and does not use cookies, web beacons, pixels, SDKs for cross-app tracking, advertising identifiers (IDFA), the App Tracking Transparency framework for tracking (we do not prompt for ATT because we do not track), or any equivalent technology.
Our website (this page) and the Terms of Use page also do not set any HTTP cookies. The pages load fonts from fonts.googleapis.com / fonts.gstatic.com (Google Fonts), which Google's Privacy FAQ for Fonts confirms does not set user cookies. We do not embed any analytics, advertising, or social-media scripts.
The pages do use one localStorage entry, named reflexia.lang, to remember your chosen UI language between visits. This is functional / strictly-necessary storage under Article 5(3) of the EU ePrivacy Directive and does not require a separate consent banner. You can clear it at any time from your browser's site-data settings; doing so simply means the language will be auto-detected again on your next visit.
The in-App links to this Privacy Policy and to the Terms of Use are opened in the in-App browser (Apple's Safari view). It may use standard browser cookies for its own purposes; we cannot read or write them.
12. Children's privacy
Reflexia is intended for users 13 years of age or older.
We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that a child under 13 has been using the App, please contact us at reflexia.support@gmail.com. We will help you delete the relevant data from the device.
Where applicable law requires a higher age of digital consent (for example, 16 years under some EU Member States' implementation of the GDPR), the App should not be used without parental consent below that age.
13. Sensitive information notice
Some of the information you enter into Reflexia (such as mood entries, journal text describing your feelings, or audio/video notes about your mental state) may constitute "special category" data under the GDPR (data concerning health) or "sensitive personal information" under the CCPA/CPRA.
We process this sensitive information only:
- on your device, under your control, for the App's core purpose; and
- as aggregated, non-identifying statistics sent to your selected AI provider when you use AI Insights, with your consent.
We do not use this information for any purpose other than providing the App's features to you.
14. Crisis and safety
Reflexia is a self-care and wellness product. It is not a medical device, it does not provide a medical diagnosis, and it is not a substitute for professional help.
If you are in a mental health crisis, in danger, or thinking about harming yourself or others, please contact a local emergency number, a qualified mental health professional, or a crisis hotline in your country.
15. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will:
- update the "Effective date" and "Last updated" at the top of this document;
- post the updated Policy at the same URL inside the App; and
- for material changes (for example, enabling a new third-party data flow), present the updated Policy on the Consent screen at the next App launch and ask you to re-accept before continuing to use the affected feature.
Continued use of the App after a non-material update constitutes acceptance of the updated Policy.
16. Apple App Store account-deletion requirement
Apple requires apps that let users create an account to also let them delete their data and account from inside the app. Reflexia does not create accounts at all — there is nothing to "delete" on a server. Nevertheless, we provide an equivalent in-App control: Profile → Backup → Reset wipes every record, file, Keychain item and preference that the App has created on your device. Uninstalling the App achieves the same outcome. This satisfies the spirit and the letter of App Store Review Guideline 5.1.1(v) "Account Sign-In" for our model.
17. Contact us
For any privacy question, data subject request, or to exercise any of the rights described in Section 9:
- Email: reflexia.support@gmail.com
We aim to acknowledge all enquiries within 5 business days and respond substantively within the time limits set by the applicable law — currently one month under the GDPR (extendable by two further months for complex requests) and 45 days under the CCPA / CPRA (extendable by 45 further days). We will tell you in advance if we need to use an extension and why.
If you are in the EEA / UK and you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
This Privacy Policy was last updated on 12 June 2026. A copy of the most current version is always available at https://reflexia.app/privacy and inside the App on the Consent screen and in Profile → Privacy.