— LEGAL —
PRIVACY POLICY
How we collect, use, and protect your personal information.
Effective date: January 1, 2026 · Last updated: April 9, 2026
Privacy Policy
Version: 2026-05-v1 Effective Date: 2026-05-20 Controller: Ansett Solutions (trade name "Selfism")
This Privacy Policy explains what personal data we collect when you use the Selfism mobile application and related services ("Service"), how we use it, who we share it with, and the rights you have. If you have questions, contact support@selfism.community.
1. Who We Are
Ansett Solutions, operating under the trade name "Selfism", is a private company registered in India. For European Union, United Kingdom, and other jurisdictions that recognize the concept of "data controller", Ansett Solutions is the controller of the personal data described in this Policy.
2. Data We Collect
We collect the following categories of personal data:
Account data — name, email address, password hash, profile photo (optional), country, state (India only), gender, and self-described bio. Collected at signup and editable in Settings.
Consent records — timestamps and versions of your acceptance of our Terms of Service, Privacy Policy, Educational Disclaimer, and confirmation that you are 18 or older.
Usage data — actions you take in the app: completed lessons, journal entries, secret notes (encrypted at rest using a per-user key and PIN-protected on access), community posts and comments, mood logs, boundary logs, audio-story listens (including Guest of the Day episodes and Pods), AI chat messages, and similar interactions.
AI conversations — the text of your messages to Ask AI, Dark Coach, Situation Practice, Checkmate, and any other AI-driven feature. These messages are transmitted to our third-party AI providers for inference.
Guest of the Day story submissions — when you submit a story via the in-app "Submit Story" form attached to the Guest of the Day tile and player, we store the subject line and the story text you wrote, alongside a label derived from your account display name (or "Anonymous") for the review queue. This data is stored on the same Supabase database as the rest of your account data and is visible only to Selfism reviewers. Submissions are reviewed by humans and may serve as creative inspiration for future dramatized episodes; if used, all identifying details are fictionalized and the produced episode does not name, depict, or claim to be you. See Terms of Service § 4 for the full submission terms.
Payment data — handled by Apple App Store, Google Play, and our subscription processor (RevenueCat). We receive a tokenised identifier and subscription status; we do not receive your card details.
Device & technical data — IP address (used transiently for security and routing, not stored long-term), device model, operating-system version, app version, language, and crash diagnostics.
Sensitive personal data — because Selfism involves reflection on emotions, relationships, and mental wellbeing, some content you create (journal entries, secret notes, AI chats, mood logs) may constitute "special category" or "sensitive" personal data under laws including GDPR Article 9 and India DPDP Act 2023. We process this data only on the basis of your explicit consent, given by accepting this Privacy Policy and using the Service.
We do not collect: precise geolocation, contacts, calendar, browsing history outside the app, biometric data, government identifiers, or health data from medical devices.
3. How We Use Your Data
We use your data to:
- Provide and operate the Service (create accounts, sync your content, deliver features);
- Personalise your experience based on your stated preferences and in-app activity;
- Generate AI responses based on your messages;
- Process subscription payments via Apple, Google, and RevenueCat;
- Send transactional emails (account confirmation, password reset, subscription receipts, policy updates);
- Detect and prevent fraud, abuse, and violations of our Terms;
- Diagnose crashes and improve reliability;
- Comply with legal obligations.
We do not use your personal data to train any AI model. We do not sell your personal data.
4. Legal Bases We Rely On
Where the GDPR, UK GDPR, India DPDP Act 2023, or similar law applies, we process your personal data on one or more of the following legal bases:
- Consent — for sensitive personal data and for any processing where consent is the appropriate basis. You can withdraw consent at any time by deleting your account (Profile → Settings → Privacy & Security → Delete My Account) or by emailing support@selfism.community. Withdrawing consent does not affect the lawfulness of processing already carried out, but it stops further processing of your data;
- Contract — to deliver the Service you have signed up for;
- Legitimate interests — for security, fraud prevention, product analytics where pseudonymised, and similar purposes, balanced against your rights;
- Legal obligation — to comply with laws and respond to lawful requests.
5. Who We Share Data With (Sub-Processors)
We use the following service providers to operate the Service. Each is bound by a contract requiring confidentiality and data-protection commitments.
| Provider | What it processes | Why | Region |
|---|---|---|---|
| Supabase | All account, profile, content, and consent data | Database, authentication, file storage | US/EU regions per Supabase config |
| Expo / EAS | Push tokens, build & crash telemetry | App delivery, push notifications | US |
| RevenueCat | Subscription identifier, purchase history | Subscription management across stores | US |
| Apple App Store | Payment data | iOS purchases | Per Apple's policy |
| Google Play | Payment data | Android purchases | Per Google's policy |
| Google Gemini (Google LLC) | AI chat message text | LLM inference for Ask AI / Dark Coach / etc. | Per Google's policy |
| Resend | Email address, message body | Transactional email delivery | US/EU |
| Sentry | Anonymised stack traces, device class | Crash diagnostics | US/EU |
We do not share personal data with any party for advertising or marketing purposes.
We may share data with law-enforcement or regulatory authorities where required by valid legal process, and we will (where lawful) notify you when we do so.
6. Where Your Data Is Stored
Data is stored on cloud infrastructure operated by Supabase. Depending on the region of your Supabase project, this may be in the United States, the European Union, or other regions. We may transfer data internationally as needed to operate the Service. Where data leaves a region with restricted transfer rules (e.g., EU/UK to a third country), we rely on appropriate safeguards including Standard Contractual Clauses or equivalent.
For users in India, your data may be processed both inside and outside India. By using the Service you consent to such cross-border processing where lawful under the DPDP Act 2023.
7. How Long We Keep Data
We retain your personal data while your account is active. When you delete your account:
- Account, profile, content, and consent data: deleted within 30 days.
- AI chat logs: deleted within 30 days.
- Crash diagnostics (anonymised): up to 90 days.
- Payment-processor records: retained by Apple, Google, and RevenueCat per their own retention periods (we do not control these).
- Backup snapshots: deleted as backups roll forward, typically within 90 days.
- Records we are legally required to keep: retained for the legally required period.
If we discontinue the Service. If Selfism is wound down, sold, or otherwise ceases operations, we will use commercially reasonable efforts to give you at least 30 days' prior notice via email and in-app notification, during which you may request a copy of your personal data via Profile → Settings → Privacy & Security → Request My Data, or by emailing support@selfism.community. After that notice period, personal data will be deleted within 90 days, except (a) data we are legally required to retain, and (b) anonymised or aggregated data which by its nature cannot identify you. In the event of a sale or merger, your personal data may be transferred to the acquiring entity, which will be bound by terms no less protective than this Policy or you will be given the option to delete your data before the transfer completes.
8. Your Rights
Regardless of where you live, you can: access your data, correct it, delete it, export it, and withdraw consent. Self-service in the app: Profile → Settings → Edit Profile (correct your data), Profile → Settings → Privacy & Security → Request My Data (export), Profile → Settings → Privacy & Security → Delete My Account (delete). For anything you can't self-serve, email support@selfism.community and we will respond within 30 days.
8.1 European Union & European Economic Area (GDPR) and United Kingdom (UK GDPR)
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten"), subject to lawful exceptions;
- Restrict processing in certain circumstances;
- Object to processing based on legitimate interests;
- Data portability — receive your data in a structured, machine-readable format;
- Withdraw consent at any time (this does not affect prior lawful processing);
- Lodge a complaint with your national supervisory authority (e.g., the ICO in the UK, your national DPA in the EU).
8.2 United States — California (CCPA / CPRA)
If you are a California resident you have the right to:
- Know what personal information we collect, use, share, and sell;
- Request access to and deletion of your personal information;
- Opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context advertising);
- Correct inaccurate personal information;
- Limit use of sensitive personal information;
- Non-discrimination for exercising your rights.
We do not knowingly sell or share the personal information of consumers under 16. Selfism is 18+ only, so this provision rarely applies.
8.3 United States — Other State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa (ICDPA), Delaware (DPDPA), New Hampshire (NH SB 255), New Jersey (NJDPA), and any other state that grants similar rights have substantially the same rights as California residents: access, correction, deletion, portability, opt-out of targeted advertising and "sale" (we do neither), and appeal. Contact us at support@selfism.community to exercise these rights.
8.4 India (DPDP Act 2023)
If you are a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the right to:
- Access information about the personal data processed;
- Correction, completion, updating, and erasure of personal data;
- Grievance redressal through us as the Data Fiduciary;
- Nominate another person to exercise rights in case of death or incapacity.
Our Grievance Officer can be contacted at support@selfism.community (subject line: "DPDP Grievance"). We will respond within the timelines required by the DPDP Act.
8.5 Canada (PIPEDA + Quebec Law 25)
You have the right to access and correct your personal information and to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or, for Quebec residents, the Commission d'accès à l'information.
8.6 Australia (Privacy Act 1988 & APPs)
You have the right to access and correct personal information and to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
8.7 Brazil (LGPD)
You have the rights granted by Law No. 13,709/2018 (LGPD), including confirmation of processing, access, correction, anonymisation, blocking, deletion, portability, and information about sharing. Our Data Protection Officer can be reached at support@selfism.community.
8.8 Other jurisdictions
If you reside in any jurisdiction with data-protection rights not enumerated above, those rights apply to your data and we will honor them on request to the extent required by applicable law.
9. Security
We protect your data with HTTPS for all network traffic, Row-Level Security in the database so users can only read their own rows, password hashing per industry standards, and client-side AES-256 encryption for Secret Notes / Diary entries. Each user gets a unique 256-bit data-encryption key generated when they first set a PIN. Diary content is encrypted with that key on your device before it leaves; the PIN gates access to your entries inside the app. The encryption key is stored alongside your profile so you can recover entries after a forgotten PIN (via email reset) or on a new device, which means we technically have access to the key on our servers — we do not read or process diary content, but if you require true zero-knowledge end-to-end encryption with no recovery path, please do not store sensitive material in Diary entries. We chose this trade-off so users do not permanently lose entries to a forgotten PIN or device loss.
No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and the appropriate authorities within the timelines required by applicable law.
10. Children
The Service is intended for users 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you believe we hold data about a person under 18, contact us and we will delete it.
11. AI and Automated Processing
A substantial portion of the Service's content — including audio stories, pod episodes, training modules, situation-practice scenarios, dialogue scripts, ready-reply drafts, daily quotes, and the responses you receive from Ask AI / Dark Coach — is generated, narrated, or substantially assisted by artificial intelligence (large language models and AI voice-synthesis systems). We do not make solely automated decisions that produce legal or similarly significant effects about you. AI output is illustrative and educational; it is not a decision and may be wrong.
In compliance with the EU AI Act (Regulation (EU) 2024/1689), our AI features are categorised as limited-risk AI systems. We disclose AI-generated content clearly and prominently in the app, both at the point of generation (in interactive features) and through the persistent in-app safety banner.
12. Push Notifications and Marketing
We send transactional notifications (account confirmation, subscription state, policy updates, and the two daily reminder slots if you've opted in) using your device's push token. You can disable push notifications entirely at your device's OS settings level, or from within the app at Profile → Settings → Notification Settings.
We do not currently send marketing or promotional push notifications. If we introduce them in the future, they will be opt-in and managed via the same Notification Settings screen, and we will update this Policy to reflect the change.
13. Cookies and Analytics
The mobile app does not use cookies. We do not currently use third-party advertising or behavioral analytics SDKs. If we add analytics in the future, we will update this Policy and, where required, seek consent.
14. Changes to This Policy
We may update this Policy. Material changes will trigger a new version number and a re-acceptance prompt the next time you open the app. We will also notify you by email.
15. Contact
For privacy questions, complaints, or to exercise your rights:
Email: support@selfism.community Postal: Ansett Solutions, India (full postal address available on request via the support email)
If you are not satisfied with our response, you may also contact your local data-protection authority.
By using Selfism, you acknowledge that you have read and understood this Privacy Policy.