Privacy Policy

2.1 Information You Provide to Us Directly

This is information that you knowingly and actively provide to us when using our Services.

• Account and Profile Information: When you sign up for an account with the App, we collect your first name, last name, email, country, and time zone.
• Sensitive User Content: Our App is designed to help you navigate relationship breakups. To do this, we collect the information you voluntarily provide in your journal entries, your answers to prompts and quizzes, and other content you generate within the App. We understand this information is deeply personal and sensitive, and we treat it with the highest level of care and confidentiality. If you withdraw your explicit consent for this processing, the App will no longer function. You may withdraw consent only by deleting your account, at which point all related sensitive User Content will be permanently deleted within the timelines set out in Section 6.2.
• Newsletter and Communications: We collect your email address when you sign up for our newsletter. We also collect any information you provide when you contact us for customer support, send us feedback, or communicate with us in any other way.
• Payment Information: We use the third-party service Payhip to process payments for our Services. When you make a purchase, you will be directed to Payhip's secure platform to provide your payment details (such as credit card number, name, and billing address). This information is provided directly to Payhip and is subject to their privacy policy. We do not collect, store, or have access to your full credit card information. We do, however, receive transactional information from Payhip, which may include your name, email address, the date of the transaction, and what you purchased, to confirm your payment and grant you access to the Services.

2.2 Information We Collect Automatically

When you access our Services, we may automatically collect certain information about your device and your usage.

• Usage Data: We use services such as Google Analytics to better understand how you interact with our Website and App. This may include details about the features you use, the pages you visit, the dates and times of your visits, and how long you spend on each page. We rely on pseudonymous identifiers, which are classified as personal data under the GDPR. We process this information based on your consent, which you can manage at any time through our website’s cookie banner or within the App settings.
• Device and Technical Information: We collect information from your device, including your IP address, browser type, operating system, and device identifiers.
• Crash and Performance Data: We use Sentry to help us identify and fix bugs, crashes, and other performance issues in the App. To do this, Sentry may collect logs and technical data from your device. While we strive to prevent this, it is possible that some personal information from your User Content may be inadvertently included in these logs. We process this information based on our legitimate interest in maintaining a secure, stable, and reliable App.
• Cookies and Similar Technologies: We use cookies on our Website to operate and analyse our Services. You can learn more about how to manage cookies in your browser's settings.

2.3 Information Processed for Specific Purposes

• AI Analysis for App Improvement: With your explicit and separate consent, we may use artificial intelligence (AI) to analyse your User Content to identify patterns and insights that help us improve the App’s features and overall effectiveness.
  
  Before analysis, we apply technical measures to remove or replace direct identifiers (such as names, contact details, or locations). The AI then paraphrases and summarises your entries to highlight common themes rather than individual details. Our internal experts only review these summaries, never your raw journal entries.
  
  While these safeguards significantly reduce the risk of your information being linked back to you, complete anonymisation cannot be guaranteed, and there remains a small possibility of re-identification. Participation in this analysis is entirely optional, and you can withdraw your consent at any time without affecting your use of the App.
  
  We have conducted a Data Protection Impact Assessment (DPIA) to assess and mitigate the risks associated with this AI processing.

3.1 To Provide Our Core Services (Based on Contract and Explicit Consent)

Our primary purpose is to provide you with the journaling, educational, and wellness features of the App.

• Lawful Basis (General Information): We process your Account Information (name, country, etc.) to fulfill our contract with you, as outlined in our Terms of Service. This is necessary to create your account and deliver the basic features of the App.
• Lawful Basis (Sensitive Information): Our App's core service is to provide you with a private platform for personal reflection through journaling and guided exercises. To deliver this service, it is necessary for you to provide User Content, such as journal entries and quiz answers. As this information is sensitive by nature, we process it on the legal basis of your explicit consent. This consent is essential for the App to function, and for us to lawfully store and provide you with access to your personal content. Without it, the App cannot operate, and you must delete your account.

3.2 For Security and Performance (Based on Legitimate Interest)

We have a legitimate interest in ensuring our Services are stable, secure, and functioning correctly.

• Purpose: We use Sentry to monitor the App for bugs, crashes, and performance issues. This helps us diagnose and fix technical problems to provide you with a reliable service.
• Lawful Basis: We process the necessary technical and diagnostic data based on our legitimate interest in maintaining and securing a high-quality, functional application for our users.

3.3 For Service Improvement (Based on Your Optional Consent)

We are always looking for ways to make our App more effective. This type of processing is entirely optional and is not required to use the core features of the App.

• Purpose: The AI model generates pseudonymised and paraphrased versions of your entries to produce theme-based summaries. These summaries may be reviewed by internal experts to identify patterns that help us refine the App’s content and features.
• Safeguards: Direct identifiers are filtered before analysis. Experts only review paraphrased summaries, not raw entries. Access is restricted and logged, and all processing occurs on secure, controlled systems.
• Transparency: Although we take strong precautions, AI processing of sensitive text always carries a residual risk of re-identification. We disclose this risk openly so that you can make an informed choice.
• Your Rights: You are not required to consent to this processing. If you do not opt in, you can still use all core features of the App. You may also withdraw your consent at any time without affecting your ability to use the App.
• Lawful Basis: We will only perform this analysis with your explicit, specific, and optional opt-in consent. To be clear: This is separate from the consent required for the core journaling service. The App remains fully functional if you choose not to consent. Our internal expert will only ever see the paraphrased AI-generated summaries, never your raw, original journal entry. You can withdraw this specific consent at any time without affecting your use of the App.

3.4 For Communications and Legal Obligations

• Communications: We may use your contact information to respond to your inquiries or send important service updates, based on our legitimate interest in providing good customer service and keeping you informed.
• Legal Compliance: We may process any of your information where necessary to comply with a legal obligation, such as responding to a court order or lawful request from a government authority.

4.1 With Our Service Providers

We engage third-party companies and individuals to perform services on our behalf to help us operate and improve our Services. These service providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Our providers include:

• Payment Processors: As described in Section 2, we use Payhip to process payments. They handle your payment information directly according to their own privacy policies.
• Analytics Providers: We share data with analytics providers like Google Analytics to help us understand usage patterns and improve our Services. This includes pseudonymous identifiers and data about your interactions with our App and Website. While this data does not include direct identifiers like your name or email, it is treated as personal data, and we only process it with your consent.
• Error and Performance Monitoring Services: We use Sentry to help us identify and fix technical issues in our App. This service may process diagnostic data and device information as described in Section 2.
• Infrastructure and Hosting Providers: We use Heroku to host our application. Your personal information is stored on their secure servers. While we select server regions located in Australia, the global nature of cloud services means your data may be stored and processed in other countries where Heroku and its service providers operate. We address this in the "International Data Transfers" section below.
• Email and Communication Providers: We use third-party services to send newsletters (if you opt-in) and other essential service-related communications.

4.2 For Legal Reasons

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

• Comply with a legal obligation, court order, or a lawful request from a government authority.
• Protect and defend the rights, property, or safety of Resilience Labs PTY LTD, our users, or the public.
• Prevent or investigate possible wrongdoing in connection with the Services.

4.3 In a Business Transfer

If Resilience Labs PTY LTD is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Anonymised and Aggregated Data

We may share or publicly disclose information that has been aggregated and anonymised in a way that it cannot reasonably be used to identify you. For example, we may use your anonymous feedback for marketing purposes (with your consent) or share statistical insights about our user base.

6.2 Data Retention

We will only retain your personal information for as long as is reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

• Account Information and User Content: We retain your account information and all User Content (such as journal entries and quiz answers) for as long as your account is active. This is necessary to provide you with the core functionality of the App. If you choose to delete your account, we will permanently delete this information within 30 days of account deletion.
• Other Information: We may retain other information, such as anonymised analytics data and crash logs, for a limited period necessary to fulfill the purposes outlined in this policy (for example, 90 days for crash logs).
• Legal Requirements: We may be required to retain certain information for longer periods to comply with our legal obligations, resolve disputes, or enforce our agreements. For example, records related to payments may be kept for several years as required by financial laws.

Once we no longer have a legitimate business need to process your personal information, we will either delete or anonymise it.

How to Exercise Your Rights

You can exercise some of these rights directly through the settings in your account. For any requests you cannot fulfill yourself, or for any questions about your rights, please contact us using the details in the "How to Contact Us" section below. We will respond to your request in accordance with applicable data protection laws.

Right to Lodge a Complaint

If you have a concern about how we handle your personal information, we hope you will contact us first to allow us to resolve it. However, you also have the right to lodge a complaint with a relevant data protection supervisory authority in your country of residence.