← Back to Home

Privacy Policy

Last Updated: October 3, 2025

Introduction

Welcome to FlowerFreedom. We are committed to protecting your privacy and handling your personal information with care and respect. This Privacy Policy explains how we collect, use, store, and protect your data when you use our iOS accountability coaching app.

FlowerFreedom provides AI-powered conversations, crisis intervention, progress tracking, and personalized notifications to support you in your recovery journey. Your trust is essential to us, and we've designed our app with privacy as a core principle.

Key Privacy Highlights:
  • We automatically redact personal information (phone numbers, emails, addresses) from your messages before they reach our servers
  • Your biometric data (Face ID/Touch ID) never leaves your device
  • We don't sell your data to third parties
  • We don't use your data for advertising or tracking
  • You can delete your account and all data at any time

1. What Information We Collect

We collect different types of data, which we classify as Personal Information (data that can identify you directly or indirectly) and Technical Information.

Personal Information

Contact Information

Email Address: We collect your email address when you create an account. This is used for authentication, password resets, and important account communications.

Profile Information

  • Your Name: Collected during onboarding to personalize AI coaching responses
  • Motivations: Your reasons for using the app (e.g., "better health," "family")
  • Triggers: Situations or feelings that challenge you (e.g., "stress," "boredom")
  • Fears: What you're most afraid of regarding your journey
  • Personal Notes: Any additional thoughts or reminders you choose to add
  • AI Coaching Style: Your preference for supportive, direct, or blunt coaching

Chat Messages

We collect the messages you send to your AI accountability coach. Important: Before your messages reach our servers, our app automatically detects and removes sensitive information including:

  • Phone numbers (replaced with [PHONE_REDACTED])
  • Email addresses (replaced with [EMAIL_REDACTED])
  • Postal codes and addresses (replaced with [POSTCODE_REDACTED] or [ADDRESS_REDACTED])
  • Credit card numbers (replaced with [CARD_REDACTED])
  • Website URLs (replaced with [LINK_REDACTED])
  • IP addresses (replaced with [IP_REDACTED])

Health & Progress Data

  • Daily Check-ins: Whether you stayed on track each day
  • Streak Information: Your consecutive days of progress
  • Spending Tracking: Optional tracking of money you would have spent on your habit
  • Achievement Milestones: Automatically calculated based on your progress

Technical Information

  • Firebase User ID: A unique identifier for your account
  • Push Notification Token: Allows us to send you motivational notifications
  • Device Type: Used only to check if your device supports Face ID/Touch ID
  • Basic Firebase Analytics: We use this to track non-personal metrics like app crashes and general usage statistics to improve performance.

Security Information (Stored Locally Only)

The following information is stored encrypted on your device only and never sent to our servers:

  • Biometric Authentication Settings: Whether you've enabled Face ID/Touch ID
  • App Passcode: Your 4-6 digit passcode (stored as an encrypted hash)
  • Lock Timeout Preferences: How long before the app locks
Important: Your biometric data (facial recognition, fingerprints) is processed entirely by iOS in the Secure Enclave and never accessed, collected, or stored by FlowerFreedom.

2. How We Use Your Information

We use your information solely to provide and improve FlowerFreedom's services:

Primary Purposes

  • AI Coaching: Process your messages to generate personalized, supportive responses tailored to your journey
  • Crisis Detection: Analyze messages for signs of distress to provide appropriate support resources
  • Personalization: Use your profile data (motivations, triggers, fears) to customize coaching strategies
  • Progress Tracking: Calculate your streaks, savings, and achievement milestones
  • Push Notifications: Send motivational messages at times you've scheduled
  • Account Management: Authenticate your access and maintain your account

What We DON'T Do With Your Data

  • ❌ Sell or rent your data to anyone
  • ❌ Use your data for advertising
  • ❌ Track you across other apps or websites
  • ❌ Share your data with marketers
  • ❌ Use your conversations to train AI models for sale to third parties
  • ❌ Collect your location data

3. How We Store and Protect Your Data

Local Storage (Your Device)

Some data is stored encrypted on your iOS device using Apple's SecureStore:

  • Biometric authentication preferences
  • Passcode hash (encrypted)
  • App lock timeout settings
  • Last conversation reference

Remote Storage (Our Servers)

Your profile data, conversations, and progress tracking are stored securely on our backend servers:

  • Hosting: Cloud Servers based in Germany
  • Encryption: All data encrypted at rest and in transit using HTTPS/TLS
  • Access Control: JWT-based authentication required for all data access
  • Rate Limiting: Protection against unauthorized access attempts
  • Backups: Regular encrypted backups for disaster recovery

Firebase Services

We use Firebase (Google) for authentication and push notifications. Firebase handles:

  • User account authentication
  • Email verification
  • Push notification delivery (FCM tokens)

Firebase's privacy practices are governed by their privacy policy: firebase.google.com/support/privacy

4. Who We Share Your Data With

We share your data with a very limited set of service providers necessary to operate FlowerFreedom:

Firebase (Google)

  • What's shared: Email address, user ID, push notification token
  • Why: User authentication and notification delivery

Our AI Partner

  • What's shared: Your messages (with PII already redacted by our app before transmission)
  • Why: Generate personalized AI coaching responses
  • Temporary Retention: Our AI partner retains conversation data for up to 30 days solely for trust and safety purposes—specifically to detect abuse, harmful content, and violations of their usage policies
  • Automated Safety Monitoring: Data is processed through automated content classifiers during this period. These systems check for policy violations but do not involve human review of your conversations
  • After 30 Days: All data is automatically and permanently deleted from their systems (unless legally required to retain for law enforcement)
  • Never Used for Training: Your conversations are NEVER used to train AI models or improve their products. API data is completely separate from training data
  • Industry Standard: This 30-day safety monitoring period is standard practice across AI service providers and is explicitly permitted under Apple's App Store guidelines

Why This Policy Exists: The 30-day retention allows our AI partner to detect patterns of abuse (e.g., attempts to generate harmful content, policy violations, or misuse of the service). This protects both users and the integrity of the AI system. This is a non-optional industry requirement and cannot be disabled for standard API usage.

Who We DON'T Share With

  • ❌ Advertising networks
  • ❌ Analytics companies (beyond basic Firebase analytics)
  • ❌ Social media platforms
  • ❌ Data brokers
  • ❌ Insurance companies
  • ❌ Employers

5. Your Privacy Rights and Controls

You have complete control over your data:

What You Can Do

  • View: Access all your profile data in Settings → Profile
  • Edit: Update your motivations, triggers, fears, and notes anytime
  • Delete Conversations: Remove individual chat conversations
  • Delete Account: Permanently delete all your data (cannot be undone)
  • Disable Notifications: Turn off push notifications anytime
  • Change AI Style: Adjust coaching tone preference
  • Manage Security: Enable/disable Face ID or app passcode

Account Deletion

You can permanently delete your account at any time through Settings → Profile → Delete Account. This will:

  • Delete all your profile data
  • Delete all your conversations and messages
  • Delete all your progress tracking history
  • Delete your notification preferences
  • Delete your Firebase user account
Important: Account deletion is immediate and permanent. We cannot recover your data after deletion. There is no grace period.

6. How Long We Keep Your Data

  • Active Accounts: We keep your data as long as your account exists
  • After Account Deletion: All data is immediately and permanently deleted with no retention
  • Conversation History (on our servers): Stored indefinitely until you delete conversations or your account
  • Conversation History (with AI Partner): Data shared with our AI partner is automatically and permanently deleted from their systems after 30 days, unless legally required for law enforcement.
  • Inactive Accounts: Currently no automatic deletion (policy to be determined)

7. Children's Privacy

FlowerFreedom is intended for users aged 18 and older due to the sensitive nature of health and recovery content. We do not knowingly collect information from individuals under 18. If you believe someone under 18 has created an account, please contact us immediately at support@flowerfree.com and we will delete the account.

8. International Data Transfers

Our servers are located in Germany and we use Firebase services which may store data in Google's global infrastructure. By using FlowerFreedom, you consent to the transfer of your data to these locations. We ensure all data transfers comply with applicable data protection laws and are secured with encryption.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We'll update the "Last Updated" date at the top
  • We'll notify you via in-app alert for significant changes
  • We'll send an email notification to your registered email
  • Continued use of FlowerFreedom after changes implies acceptance

If you don't agree with changes, you can delete your account before the changes take effect.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@flowerfree.com

Privacy Requests: support@flowerfree.com

Data Deletion Requests: You can delete your account in-app or email us

11. Legal Basis and Compliance

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide the services you've requested
  • Consent: For optional features like push notifications
  • Legitimate Interests: To improve our services and prevent fraud

We comply with applicable data protection laws including GDPR (for EU users) and CCPA (for California residents).