PsychPod

Privacy Policy

Last updated: April 2026

Summary

PsychPod is designed with privacy in mind. Your account data (email, name) is stored securely. Your check-in data is private to you by default. Your journal entries are stored on your device only — never uploaded. Research sharing is entirely optional.

What we collect

When you use PsychPod, we collect:

  • Account information: email address, name, encrypted password
  • Check-in data: your answers to daily check-ins and the computed wellbeing scores
  • Profile information you choose to provide: age range, region
  • Tracked habits: custom behaviours you opt to track

We do not collect your IP address, precise location, contacts, camera, microphone, or any device identifiers beyond what is required for authentication.

Journal entries stay on your device

Free-text journal entries written during check-ins are stored locally on your device only. They are never uploaded to our servers or synced across devices.

Research sharing (opt-in)

If you explicitly opt in via Settings, an anonymised copy of your check-in data is shared for research purposes. Shared data contains:

  • A randomly generated anonymous identifier (not linked to your identity)
  • Your age range and region (if provided)
  • Your check-in scores and answers
  • How long you have been using the app

Shared data never includes your name, email, exact location, IP address, or the name of any habit you track. You can withdraw consent at any time, and all shared data is automatically and permanently deleted.

Legal basis

Data is processed under GDPR Article 6(1)(a) — explicit consent. Mental health data is special category data under GDPR Article 9 and is processed only with your explicit consent.

Your rights

Under GDPR and equivalent laws, you have the right to:

  • Access your data (download via Settings → Download my data)
  • Rectify incorrect data
  • Erase your data (Settings → Delete my account)
  • Restrict processing
  • Data portability (your export is in JSON format)
  • Object to processing
  • Withdraw consent at any time

Security

Data is encrypted in transit (HTTPS) and at rest (AES-256). Authentication is handled by Supabase, which holds SOC 2 Type 2 and ISO 27001 certifications. Passwords are hashed with bcrypt and never accessible to us.

Data retention

Your data is retained for as long as your account is active. When you delete your account, all your data is permanently removed within 30 days. Anonymised research data is deleted immediately upon consent withdrawal.

Third parties

PsychPod uses these services to operate:

  • Supabase (hosted in EU/US): database and authentication
  • Vercel: web hosting
  • Resend: sending password reset and confirmation emails only

We do not use advertising networks, analytics that track individuals, or social media tracking pixels.

Children

PsychPod is intended for users aged 16 and over. If you are under 16, please use the app only with explicit parental or guardian consent.

Medical disclaimer

PsychPod is a wellbeing tool for self-reflection and pattern recognition. It is not a medical device. It does not provide medical advice, diagnosis, or treatment. If you are experiencing a mental health crisis, please contact a mental health professional or emergency services.

Contact

For privacy questions, data requests, or concerns, email privacy@psychpod.org.

← Back to home