Privacy Policy for Hermi: Clarity Journal

Effective Date: April 5, 2026

This Privacy Policy applies to the mobile applications (Android and iOS) for "Hermi: Clarity Journal" (hereinafter referred to as the "App" or "Application"), developed and operated by an individual developer based in Maharashtra, India (hereinafter referred to as "we", "us", or "our").

By downloading, accessing, or using the App, you agree to the collection and use of your information in accordance with this Privacy Policy.

1. Information We Collect

We collect the following personal information to provide and improve our services:

• Account Information: First name, last name, profile picture (provided via third-party authentication providers such as Google and Apple), and email address.

• User-Generated Content: Journal entries, notes, and related metadata created by you. Your journal entries are securely stored and treated with strict confidentiality. To protect your privacy, the text of your entries (stored via Supabase) is deliberately separated from your personal identity data (managed via Clerk). We do not read your personal entries as a standard practice; internal access to this data is strictly limited and only utilized when absolutely necessary for security purposes, troubleshooting, or if required by law.

• Usage & Diagnostic Data: Information regarding how the App is accessed and used, including crash reports, performance data, and device identifiers.

We do not collect any additional information from your device (such as contacts, precise location, camera, or microphone access) unless explicitly requested and permitted by you for a specific feature.

2. How We Use Your Information & Lawful Basis

Under GDPR and similar frameworks, our lawful bases for processing your data are contractual necessity (to provide the service), your explicit consent, and our legitimate interest in maintaining app stability. We use the collected information to:

• Create and manage your user account.
• Provide authentication and secure access to the App.
• Store your journal entries and preferences securely.
• Monitor and analyze App performance and errors to improve the user experience.

2.1 Google User Data

Hermi: Clarity Journal's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use the data (email, name, and profile picture) to authenticate your account and provide app functionality.

• We do not use Google user data for serving personalized advertisements or retargeting.

• We do not allow humans to read this data unless explicitly permitted by you, required for security purposes, or required to comply with applicable law.

3. Children’s Privacy

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifying parental consent, we will delete that information immediately.

4. Third-Party Service Providers

We employ third-party companies as data processors to facilitate our App. These providers have access to your Personal Information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose:

• Clerk: For secure user authentication and account management (including facilitating Google Sign-In).
• Supabase: For secure cloud database storage of your account data and private journal entries.
• RevenueCat: For processing and managing subscription entitlements.
• PostHog: For product analytics to understand app usage.
• Sentry: For real-time error tracking and crash reporting.

5. Communications and Marketing

Participation in any future promotional communications will be strictly opt-in, and you will have the ability to unsubscribe or opt-out at any time.

6. Advertising and Remarketing

We do not display advertisements within the App, nor do we currently use remarketing services.

7. Payments and Transactions

All payment processing is handled securely through the respective app store platforms (Apple App Store or Google Play Store). We do not collect, process, or store your credit card details or payment information on our servers.

8. Account and Data Deletion

You have the right to request the complete erasure of your account and all associated data. You can delete your account directly within the App's settings, or you can submit a deletion request at any time by visiting this link and following the provided instructions.

Data Association Notice

Your journal entries are programmatically tied to your unique account identifier provided by Clerk. If you use the "Restore Purchase" feature via RevenueCat to move a subscription to a different account, your journal data remains stored with the original account ID and will not automatically follow the subscription to the new account.

9. GDPR Compliance (For EU Users)

If you are a resident of the European Economic Area (EEA), you have data protection rights, including:

• The right to access, update, or delete the information we have on you.
• The right of rectification: To have your information rectified if it is inaccurate.
• The right to object & restrict: To object to or restrict our processing of your Personal Data.
• The right to data portability: To receive a copy of your data in a structured, machine-readable format.
• The right to withdraw consent.

To exercise these rights, please contact us at the email provided below.

10. CCPA, CPRA & CalOPPA Compliance (For California Users)

• Do Not Sell or Share My Personal Information: We do not sell your personal information. We only share data with the service providers listed in Section 4 for operational purposes.
• Right to Know and Delete: You have the right to request the specific personal data we have collected about you and request its deletion.
• Do Not Track (DNT) & Global Privacy Control (GPC): We do not track users across third-party websites. However, we honor GPC signals regarding analytics tracking where technically feasible.

11. DPDP Act Compliance (For Indian Users)

In compliance with the Digital Personal Data Protection Act, you have the right to access, correct, and erase your personal data, as well as the right to grievance redressal. We process your data based on your clear, affirmative consent.

12. Changes to This Privacy Policy

We may update our Privacy Policy periodically. We will notify you of any changes by updating the "Effective Date" at the top of this document.

13. Contact Us & Grievance Officer

If you have any questions, wish to exercise your data rights, or need to file a grievance, please contact the Data Fiduciary/Grievance Officer:

• By Email: shreyastaware@zohomail.in
• Developer Website: shreyastaware.me

We aim to respond to all data requests and grievances within 30 days.