BetweenUs Join waitlist
Journal Bridge Insights FAQ Join waitlist

Last updated · 2026-04-10 · Jurisdiction: United States

Privacy Policy

Draft. This policy is a working draft that must be reviewed by counsel before the public App Store launch. Placeholder language is flagged inline.

1. Who we are

BetweenUs (“we”, “us”) is a private journaling and self-reflection companion for iOS. You can reach us at support@betweenus.app.

2. What this policy covers

This policy describes how we handle personal information in the BetweenUs iOS app and on the marketing website at betweenus.pages.dev. It does not cover third-party services you reach through links.

3. Information we collect

Account information

When you create an account we collect your first name, last name, email address, a Firebase authentication identifier (UID), and the timestamp your account was created.

Journal content

The core of BetweenUs is your journal. We store the text you write, plus any optional stress level you attach to an entry. Entries are stored in Firebase Firestore, encrypted in transit and at rest, and are readable only by you.

AI-derived reflections

When you ask for a reflection, we save the resulting analysis (attachment-style cues, emotional-intensity score, highlighted themes) alongside the entry that produced it.

Partner pairing metadata (Bridge, opt-in)

If you enable Bridge mode and pair with a partner, we store the pairing relationship, climate snapshots, daily sync scores, and a rolling 30-day climate history. Raw journal entries are never shared with a paired partner.

Usage counters

We track daily counts of AI analyses, Campfire posts, and healing exercises you use, so we can enforce free-tier limits and show you your remaining allowance.

Subscription state

Your subscription tier, expiration date, active product identifier, and grace period are stored via RevenueCat. We do not see or store your payment information — that is handled entirely by Apple.

Biometric preference

We store a single flag: whether you have enabled biometric unlock (Face ID or Touch ID). Biometric data itself never leaves your device. We use the iOS LAContext API, which keeps your face/fingerprint templates in Apple’s Secure Enclave.

4. How we use information

  • To provide the core journaling, reflection, and Bridge features you’ve opted into.
  • To enforce free-tier usage limits and manage subscriptions.
  • To respond to support requests you send us.
  • To maintain the security and integrity of the service.

We do not use your journal entries for advertising, analytics profiling, or any training purpose.

5. AI processing

When you request a reflection on a journal entry, the full text of that entry is sent from the app to a Firebase Cloud Function, which forwards it to Google’s Gemini 2.5 Flash model for analysis. The model returns a structured response, which we store alongside your entry.

Per Google’s paid Gemini API terms, inputs and outputs processed through the paid API are not used to train Google’s foundation models. You can read Google’s current policy on this page: [link to be finalized before launch — ai.google.dev/gemini-api/terms or the equivalent data-usage page].

6. Sharing & disclosure

We share data only with the processors needed to run the service:

  • Firebase (Google) — authentication, database, cloud functions
  • Gemini API (Google) — AI analysis
  • RevenueCat — subscription state management
  • Apple App Store — payment processing

Bridge mode. Only derived insights — climate snapshots, sync scores, and 30-day climate history — are shared with a paired partner. Raw journal entries are never shared, under any circumstances.

We do not sell your data. We do not share it with advertisers or data brokers.

7. Your rights

You can export, correct, or delete your data at any time from inside the app. Deleting your account permanently removes your journal entries, Campfire posts, Bridge data, invites, climate history, and Firebase authentication record.

If you are in the EEA, UK, or California, you have additional rights under GDPR and CCPA respectively, including the right to know what we collect, the right to data portability, and the right to lodge a complaint with your local supervisory authority. Email support@betweenus.app to exercise any of these rights.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, your journal content and associated data are removed from our active systems. Backups age out on a 30-day rolling cycle.

9. Children’s privacy

BetweenUs is not intended for children. [Open decision: age minimum is either 13 (COPPA minimum) or 16 (GDPR, safer for a mental-health context). Defaulting to 16+ pending counsel review.] If we learn we have collected personal information from a child under this age, we will delete it.

10. Security

We use TLS in transit and Firestore encryption at rest. Biometric unlock, if enabled, adds a device-level gate. No system is perfectly secure, but we treat your journal with the care it deserves.

11. International transfers

Our processors (Google, RevenueCat, Apple) are based in the United States. Your data may be transferred to and processed in the United States under standard contractual clauses where required.

12. Changes to this policy

If we make material changes, we’ll notify you in the app before they take effect. The “Last updated” date at the top always reflects the current version.

13. Contact us

Questions about this policy? Email support@betweenus.app — we aim to respond within two business days.