✅ We collect only what's needed to make the app work for you
✅ Your journal entries are stored encrypted on-device only — never uploaded
✅ All cloud data lives in the EU (Google Cloud europe-west1)
✅ We never sell your data or share it with advertisers
✅ The app does not call third-party model APIs at runtime — no remote inference, no prompt logging
✅ You can export or permanently delete everything from Settings
1. Who we are
Think Cue ("we", "us", "our") is a mobile application designed to help users manage stress, emotions, and behaviours through evidence-based techniques linked to their calendar events.
Data Controller:
Paweł Rosner
Mochnackiego 19/1, Poland
Privacy contact: thinkcue@pm.me
2. What data we collect
2.1 Account data
| Data | Purpose | Legal basis |
|---|---|---|
| Name | Display in the app | Contract performance |
| Email address | Account identification | Contract performance |
| Apple ID identifier | Authentication | Contract performance |
2.2 Calendar data
We access your device calendar (via Apple EventKit) only with your explicit permission. You can revoke access at any time in iOS Settings → Privacy & Security → Calendars. iOS Calendar sync is off by default and must be enabled manually.
| Data | Purpose | Legal basis |
|---|---|---|
| Event titles | Categorise events and select relevant tips | Consent |
| Event times and duration | Schedule notifications, generate insights | Consent |
| Event descriptions | Improve on-device tip personalisation | Consent |
| Participant names | Context for event classification | Consent |
2.3 Self-reported wellbeing data
| Data | Purpose | Legal basis |
|---|---|---|
| Mood ratings (1–5) | Track patterns, generate insights | Consent |
| Emotion tags | Identify stress triggers, personalise content | Consent |
| ABC journal entries | Self-reflection — stored on-device only, never uploaded | Consent |
| Technique feedback | Improve recommendations | Consent |
2.4 Survey data
| Data | Purpose | Legal basis |
|---|---|---|
| Primary goals | Personalise tips and content | Consent |
| Stress triggers | Match techniques to your needs | Consent |
| Prior mindfulness experience | Adjust technique difficulty | Consent |
| Learning preferences | Optimise content format | Consent |
| Work context | Contextualise recommendations | Consent |
2.5 Technical data
| Data | Purpose | Legal basis |
|---|---|---|
| Device type and OS version | Ensure compatibility | Legitimate interest |
| App version | Debugging, feature availability | Legitimate interest |
| Crash reports (Firebase Crashlytics) | Fix bugs, improve stability | Legitimate interest |
| Anonymous usage analytics | Understand feature usage | Consent |
2.6 Data we do NOT collect
- Location data
- Contacts or address book
- Photos, camera, or microphone
- Browsing history or data from other apps
- Financial or payment information (handled entirely by Apple)
3. How we use technology
Think Cue was built with the help of modern research tools and large-scale models during design and content curation, but the app you install does not call any third-party model APIs at runtime. There is no remote inference pipeline, no prompt logging, and no external recommendation service in the shipped product.
All event classification, technique matching, and personalisation are computed on your device using deterministic, rule-based logic that you can audit on request. Privacy is prioritised over convenience for the data that matters most.
4. Where your data is stored
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Cloud Firestore | Google Cloud | EU (europe-west1) | All user data storage |
| Firebase Auth | Google Cloud | EU (europe-west1) | User sign-in |
| Cloud Functions | Google Cloud | EU (europe-west1) | Backend processing |
| Firebase Crashlytics | Google Cloud | United States | Crash reporting |
| ABC Journal | On-device (SwiftData) | Your device only | Private journal entries |
International transfers to the US rely on Standard Contractual Clauses (SCCs) and the providers' data processing agreements.
5. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account |
| Calendar events, mood & check-ins | Until you delete them or your account |
| ABC journal entries | On-device only — deleted when you delete the app |
| Consent records | 3 years after account deletion (legal requirement) |
| Crash reports | 90 days |
| Anonymous analytics | 26 months |
When you delete your account, all personal data is deleted immediately. Consent records are retained for 3 years as required by applicable law.
6. Who we share your data with
We do not sell your data. We do not share your data with advertisers.
| Provider | Purpose | Data shared |
|---|---|---|
| Google (Firebase) | Infrastructure, authentication, storage | All app data (encrypted) |
| Apple (Sign in with Apple) | Authentication | Apple ID token |
All providers are bound by data processing agreements that comply with GDPR requirements.
7. Your rights under GDPR
If you are in the EEA, you have the following rights:
- Access: View and export all your data via Settings → Export my data
- Rectification: Edit your profile, events, and survey responses at any time in the app
- Erasure: Permanently delete your account and all data via Settings → Delete account
- Portability: Export your data in JSON format via Settings → Export my data
- Restrict processing: Disable specific processing via Settings → Privacy & Data
- Withdraw consent: Toggle any optional consent off at any time in Settings → Privacy & Data
- Lodge a complaint: Contact the Polish DPA at uodo.gov.pl
To exercise rights not available in-app, contact us at thinkcue@pm.me.
8. Consent management
All optional processing is controlled by you. During onboarding and at any time via Settings → Privacy & Data, you can independently toggle:
| Consent | What it controls | Required? |
|---|---|---|
| Analytics | Anonymous usage tracking | No |
| Personalisation | On-device tip matching using your survey answers | No |
| Notifications | Push notifications for tips and check-ins | No |
The app functions fully without any optional consent — calendar, manual tips, and journalling all work without analytics enabled.
9. Children's privacy
Think Cue is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has provided data, contact thinkcue@pm.me and we will delete it promptly.
10. Security
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 / AES-GCM)
- Authentication uses Sign in with Apple — no passwords are stored by us
- ABC journal entries are encrypted on-device using AES-GCM before storage
- Firestore security rules enforce strict per-user data isolation
- No third-party model API keys are shipped in the app binary — there is no runtime model inference
11. Changes to this policy
Material changes will be announced via in-app notification and reflected in the "Last updated" date above. Where required by law, we will ask for your renewed consent.
12. Contact
Email: thinkcue@pm.me
Address: Mochnackiego 19/1, Poland