Privacy Policy

Overview

This Privacy Policy applies to the Lifecycle mobile app and the public website at joinlifecycle.app. The service is intended for users who are at least 13 years old. By using the service, you acknowledge the data practices described here.

Information we collect

• Account and identity data such as your email address, authentication identifiers, and basic profile details.
• Journal entries, habits, mood or reflection inputs, goals, reminders, and other profile or onboarding answers you choose to provide.
• AI-related content such as chat messages, stored memories, rolling context, and derived insights generated from your activity.
• Voice and transcription data when you use voice-to-text features, including raw audio processed for transcription and any transcript text you keep in the app.
• Subscription and entitlement status used to determine trial, premium, and restore-purchase access.
• Avatar and media information when you choose to upload a profile image.
• Support communications and technical request data when you contact us or visit the website.

How we use information

• Provide account access, authentication, and app functionality.
• Store and display your journals, habits, reminders, profile details, and progress.
• Generate AI-powered insights, chat responses, and polished transcription output.
• Operate subscriptions, entitlement checks, purchase restoration, and support workflows.
• Improve reliability, investigate abuse, enforce limits, and protect the service.

Authentication and sign-in

Lifecycle supports email/password authentication through Supabase Auth, Google sign-in through a browser-based OAuth flow, and Sign in with Apple on iOS through Apple's native authentication sheet. Google sign-in uses the system browser and redirects back into the app after authentication completes. Sign in with Apple is handled natively by iOS, returns a signed identity token to the app, and never opens a browser.

When you choose Sign in with Apple, Apple may give Lifecycle your name and a private relay email address (or your real email if you choose to share it). The app stores this information in your Lifecycle account profile. Apple also provides Lifecycle with a one-time authorization code that the Lifecycle backend exchanges for a long-lived refresh token; this token is stored only so that Lifecycle can revoke your Apple credentials with Apple when you delete your account, as required by Apple App Store policy.

AI and transcription services

Lifecycle uses third-party providers to power AI features. OpenAI is used for features such as insights, chat, and text-polishing workflows. AssemblyAI is used for speech transcription. In the current implementation, recorded audio is sent to the Lifecycle backend, which then securely forwards transcription requests to AssemblyAI without exposing the provider API key to the mobile app.

Because these features rely on third-party processing, you should avoid submitting information you would not want handled by those providers. We do not state broader retention or model-training promises here unless and until they are separately confirmed.

Notifications and reminders

Lifecycle can request notification permission so the app can schedule local reminder notifications. In the current implementation, reminder scheduling is local to your device rather than a remote marketing push system.

Avatars and media

If you upload an avatar, the image is stored in Supabase Storage and served through a public avatar URL so it can load inside the app. Do not upload images you do not want associated with your account.

How we share information

We share information only as needed to operate the service, including with:

• Supabase for authentication, database, and storage services.
• OpenAI for AI-powered processing.
• AssemblyAI for speech transcription.
• RevenueCat for subscription and entitlement support.
• Apple and Google for in-app billing and store-managed subscriptions.
• Google when you choose Google sign-in.
• Apple when you choose Sign in with Apple on iOS.
• Other parties if required by law, to enforce rights, or to protect users and the service.

Website analytics and cookies

The public website is primarily a marketing, legal, and support surface. Lifecycle does not currently describe any advertising tracker or marketing-cookie program for this site. Standard infrastructure providers may still process basic technical logs needed to deliver the site.

Security

Lifecycle uses a range of pre-production security controls, including request validation, rate limiting, security headers, generic server error responses, and reduced sensitive logging. No system can promise absolute security, so you use the service at your own risk.

Retention and your choices

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, prevent abuse, and maintain billing or operational records. Some information may remain in backups or store-managed records for a limited period after account changes.

You can update some account information in the app. For deletion requests, email brenden@joinlifecycle.app or review the public account deletion page. Data export is not part of v1.

Children

Lifecycle is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you are 13 or older but under the age of majority where you live, your parent or guardian should review this policy with you. If you believe we have collected information from a child under 13, contact us at the email below.

Changes and contact

We may update this Privacy Policy as the product evolves. When we do, we will post the revised version on this page. Questions can be sent to brenden@joinlifecycle.app.