InnFeel ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights when using the InnFeel mobile application and the website at innfeel.app (together, the "Service"). This document is GDPR-compliant for users in the European Union and CCPA-compliant for users in California.
1. Who we are
The data controller is the publisher of InnFeel. For all requests (privacy, support, legal, account deletion): [email protected]. General contact: [email protected].
Coach interactions: messages exchanged with the AI Wellness Coach (used to generate the response, then stored to maintain conversation context).
Collected automatically:
Technical data: device type, operating system, app version, IP address, language, time zone.
Usage data: screens viewed, features used, error logs (used solely to fix bugs and improve the Service).
Subscription data: Pro / Zen subscription status (received via Apple App Store, Google Play, or RevenueCat). We never see your payment card details.
What we do NOT collect:
Precise location data (GPS).
Contacts on your phone (unless you explicitly use the "find friends from contacts" feature, in which case hashed phone numbers are used only for matching, never stored long-term).
Health-related data from HealthKit / Google Fit.
Advertising identifiers (we do not show ads).
3. Why we use your data (legal basis)
Provide the Service (contractual basis): create your account, store your auras, deliver messages, sync subscriptions.
Personalize your experience (legitimate interest): adapt the AI Coach to your language, generate insights based on your patterns.
Improve the Service (legitimate interest): error logs, anonymous usage statistics.
Comply with legal obligations: respond to lawful requests, prevent fraud and abuse.
We do NOT sell your data to third parties. We do NOT use your data for behavioral advertising.
4. Sharing your data
Your data is shared only with the following processors, exclusively to operate the Service:
MongoDB Atlas (database hosting, EU/US region).
Railway / Cloudflare (server hosting and CDN).
Cloudflare R2 (storage of media: photos, videos, audio).
Apple App Store / Google Play (in-app purchases).
RevenueCat (subscription management).
Anthropic Claude / OpenAI (AI Wellness Coach — your messages are sent to these models, retained 30 days max for safety analysis, then deleted).
Resend (transactional email delivery).
Microsoft Edge TTS (text-to-speech for guided meditations).
Each of these processors operates under a Data Processing Agreement (DPA) that requires them to protect your data in accordance with the GDPR.
5. Your visibility within the Service
InnFeel is an intimate social app. By default:
Your auras are visible only to your accepted friends (or your "Close Friends" sub-list if you enable that mode).
Your direct messages are visible only to the recipient(s).
Your statistics, mood patterns, and Coach conversations are private — no human at InnFeel reads them.
There is no public feed, no "discover" page, no algorithm.
6. Retention period
Account data: kept while your account is active.
Auras and messages: kept while your account is active. Old auras can be auto-purged after 365 days (configurable in settings).
Backups: encrypted backups kept maximum 30 days.
Error logs: kept maximum 90 days.
After deletion request: full deletion within 30 days, except for legal obligations (financial proofs kept 10 years).
7. Your rights
Under GDPR (EU) and CCPA (California), you have the right to:
Access your data (export available in the app: Settings → Account → Export my data).
Correct incorrect data (directly in your profile).
Delete your account and all associated data (Settings → Account → Delete my account).
Restrict or object to certain processing.
Portability: receive your data in JSON format.
Lodge a complaint with your local data protection authority (in France: CNIL).
To exercise these rights: [email protected]. We respond within 30 days.
8. Security
All connections use HTTPS / TLS 1.2+.
Passwords are hashed (bcrypt) — never stored in plain text.
Authentication tokens are stored in iOS Keychain / Android Keystore.
Media files are stored on Cloudflare R2 with access controls.
Internal access to data is restricted and logged.
9. Children
InnFeel is intended for users aged 13 and over. Children under 13 are not authorized to create an account. If we discover an account belonging to a child under 13, we will delete it without notice.
10. International transfers
Your data may be processed outside the European Union (notably in the United States, where some of our processors are located). These transfers are subject to Standard Contractual Clauses (SCC) approved by the European Commission.
11. Cookies (website only)
The website innfeel.app uses NO advertising or tracking cookies. Only strict technical cookies (session) are used. The mobile application does not use cookies.
12. Changes to this Policy
This Policy may be updated. The "Last updated" date at the top reflects the most recent version. Significant changes will be notified to you within the application.