Privacy Policy

Effective date: DATE OF FIRST APP STORE RELEASE.

This Privacy Policy explains what data Becoming collects, why we collect it, and your choices about it.

The short version: most of your data lives on your phone, never on a server. A small slice of context is sent to OpenAI when Mira is asked to respond to you. We never sell your data.

1. What we store locally on your device

Everything that drives the garden is stored locally with AsyncStorage. Nothing in this list leaves your phone unless you take a share action.

• Your habits, including the names you typed and any "why does this matter" notes.
• Your daily check-in answers.
• Levels per identity dimension (Discipline, Energy, Focus, Body, Mind, Self-Trust), sync %, current and best stage, XP.
• Streak count, comeback count, completion log per day.
• Your chosen Mira color, garden layout preset, and language.
• Notification toggle and reminder time.
• Auth identity captured at sign-in (provider, user id, email, display name) — used only to keep your progress scoped to your account on this device.

If you tap Profile → "Clear all local data", all of the above is deleted immediately.

2. What is sent to a server

Only when you interact with Mira (the AI chat, the Future Self Letter, or the Monthly Report). When you do, we send the following to OpenAI's API (via our proxy server):

• Your message text.
• A context snapshot containing: your first name (if provided), your sync %, current stage, active-days count, comeback count, streak, per-dimension levels, your chosen identity goal, your recent check-in answers, the language you've selected, and up to the last three "why does this matter" notes you wrote.
• Roughly the last 12 turns of your conversation with Mira.
• The persona / safety instructions Mira runs on.

This data is not used to train OpenAI's models. OpenAI's API default policy treats API inputs as zero-retention for training purposes.

We do not log your messages on our own servers beyond the brief moment the proxy needs to forward them.

3. What we do NOT collect

• We do not run analytics or behavioural tracking.
• We do not have a third-party advertising SDK in the app.
• We do not access your contacts, microphone, camera, calendar, or health data.
• We do not store your conversations with Mira on our servers.

The only network calls the app makes are:

• OpenAI (proxied) for Mira's responses.
• Apple / Google for sign-in (if you choose those).
• Apple StoreKit for subscription purchases.

4. Third parties we use

• OpenAI — to generate Mira's text replies, Future Self Letters, and Monthly Reports. See OpenAI's privacy policy: https://openai.com/policies/privacy-policy
• Apple — for sign-in with Apple, push notifications, and IAP.
• Google — only if you choose to sign in with Google.
• Cloudflare — operates our proxy to OpenAI. We do not write user data to Cloudflare's storage; the proxy is a stateless forwarder.

5. Children

Becoming is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you believe we have, please contact us and we will delete it.

6. Your rights (GDPR / CCPA)

Because we store almost everything on your device, you can:

• Access all your stored data — it's already visible in the app.
• Delete all your stored data — "Clear all local data" in Profile.
• Export — we'll add an export action in a future release.
• Opt out of "sale" of personal information — we don't sell any.

For the small amount of data we do transmit (to OpenAI, to your sign-in provider, to Apple StoreKit), you can request information or deletion by emailing privacy@becoming.app.

If you are in the EU/EEA: our legal basis for processing your AI messages is the performance of the contract (i.e. delivering the Mira feature you signed up for) under GDPR Article 6(1)(b).

7. Security

The app uses HTTPS for every network call. Your local data is protected by the iOS app sandbox / Android private storage. We do not have access to the data on your device.

If you sign in with an email + password, your password is hashed locally and never stored in plain text. We do not currently sync this password to a server.

8. Data retention

• On-device data: retained until you tap "Clear all local data" or uninstall the app.
• OpenAI message data: governed by OpenAI's policy (currently 30-day retention for abuse monitoring, then deletion; zero-retention is available on Enterprise plans).
• Our proxy logs: none retained beyond a brief in-memory forwarding window.

9. International transfers

OpenAI processes data in the United States. If you are in the EU, by using Mira you consent to this transfer. Standard Contractual Clauses are in place between us and OpenAI.

10. Changes

We will note material changes to this policy inside the app and update the "Effective date" above. Continued use after a change means you accept the updated policy.

11. Contact

For privacy questions: privacy@becoming.app.

Becoming is operated by COMPANY NAME, REGISTERED ADDRESS.