# RageReflect by 5ntuner.ai Privacy Policy
**Last Updated:** March 25, 2026
**Version:** 1.0.0 – Launch Edition
**Effective Date:** November 15, 2025
## Introduction
RageReflect (“we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application (“App”).
**Data Controller:**
5ntuner.ai
Email: spark@5ntuner.ai
Website: https://5ntuner.ai
For users in the European Union, EEA, or UK, we are the data controller under GDPR.
## Important: App Status
### Wellness Application – Not a Medical Device
RageReflect is a **wellness application** for stress relief and emotional self-regulation. It is **NOT** a medical device, and this Privacy Policy covers wellness data, not Protected Health Information (PHI) under HIPAA.
**HIPAA Status:** We are **not** a HIPAA-covered entity. We are a direct-to-consumer wellness app. Your data is protected by this Privacy Policy and applicable privacy laws (GDPR, CCPA), not HIPAA regulations.
### Launch Edition Data Collection
As an inaugural release, we collect data to:
– Improve app stability and performance
– Identify and fix bugs
– Enhance user experience
– Develop new features based on user feedback
**Transparency:** This data collection is standard for modern applications and is explained in detail below. All data collection complies with GDPR, CCPA, and applicable privacy laws.
## 1. Information We Collect
### 1.1 Personal Data
**Account Information (if you create an account):**
– Email address
– Display name
– Authentication provider (Google, Apple Sign-In, or email/password)
– Account creation date
– User preferences and settings
**OAuth Authentication:**
– If you sign in with Google or Apple, we receive your email and basic profile information from these providers
– We do not have access to your Google/Apple account passwords
### 1.2 Usage Data
**App Interaction Data:**
– Features used (e.g., Calm Me Down, Pepper Sprinkle, Sarcasm, Slap Face)
– Session duration and frequency
– Stress relief metrics (self-reported ratings)
– Utility preferences and customization
– Navigation patterns within the app
**Technical Data:**
– Device type and model
– Operating system version (iOS/Android)
– App version
– IP address (anonymized for analytics)
– Device identifiers (anonymized)
– Crash logs and error reports
– Performance metrics
### 1.3 Health Data (Optional)
**Self-Reported Data:**
– Stress levels (your subjective ratings)
– Mood indicators
– Relief effectiveness ratings
– Reflection notes (if you choose to save them)
**Important:** Health data is **not** shared with third parties and is encrypted both in transit and at rest.
### 1.4 Content Data
**User-Generated Content:**
– Written reflections (if you save them)
– Customization inputs (e.g., uploaded images for personalization)
– Feedback and support messages
**AI Interaction Data:**
– Inputs and prompts you provide to AI features (e.g., Sarcasm)
– AI-generated responses
– This data may be temporarily processed for service delivery and improvement
## 2. How We Use Your Data
### 2.1 Primary Purposes
We use your data to:
**Service Delivery:**
– Provide and operate the App’s features
– Enable authentication and account management
– Personalize your experience
– Sync data across your devices (if enabled)
**App Improvement:**
– Analyze usage patterns to improve features
– Identify and fix bugs and crashes
– Develop new utilities and features
– Conduct quality assurance and testing
**Communication:**
– Send important service updates
– Respond to your support requests
– Send feedback surveys (if you opt-in)
– Notify you of new features (if you opt-in)
**Security & Compliance:**
– Detect and prevent misuse or abuse
– Ensure app security and data protection
– Comply with legal obligations
– Protect rights, property, and safety
### 2.2 Legal Basis (for GDPR compliance)
We process your data based on:
– **Consent:** When you opt-in to optional features (e.g. email updates)
– **Contract Performance:** To provide the services you requested
– **Legitimate Interests:** To improve the App and ensure security
– **Legal Compliance:** When required by law
You can withdraw consent at any time via Settings or by contacting us.
## 3. Data Sharing and Third Parties
### 3.1 We Do NOT Sell Your Data
**We never sell, rent, or trade your personal information to third parties for marketing purposes.**
### 3.2 Service Providers We Use
We share data with trusted service providers who help us operate the App:
**Infrastructure & Hosting:**
– **Supabase** (database, authentication, backend services)
– Location: USA (with GDPR-compliant data processing agreements)
– Purpose: Store account data, authentication, app backend
– Privacy: https://supabase.com/privacy
**AI Services (if applicable):**
– **Mistral AI** (if using AI features like Sarcasm)
– Purpose: Generate AI responses for stress relief features
– Data sent: Only the specific prompts you provide
– Retention: Temporary processing, not stored long-term
– Privacy: https://mistral.ai/privacy
**Analytics (Anonymized):**
– **GlitchTip** (crash reporting)
– Data sent: Anonymized usage patterns, crash logs
– Purpose: Improve app stability and performance
– No personally identifiable information shared
**Authentication Providers:**
– **Google Sign-In** (if you use Google OAuth)
– **Apple Sign-In** (if you use Apple OAuth)
– These providers handle authentication according to their privacy policies
– We only receive basic profile info (email, name)
### 3.3 Legal Disclosures
We may disclose data if required by:
– Law enforcement or government requests
– Court orders or legal process
– Protection of our legal rights or safety of users
– Prevention of fraud or illegal activity
We will notify you of such requests when legally permitted.
### 3.4 Business Transfers
If RageReflect (5ntuner.ai) is acquired or merges with another company, your data may be transferred. We will notify you and ensure continued privacy protection.
## 4. International Data Transfers
### 4.1 Cross-Border Processing
Your data may be processed and stored on servers located outside your country, including:
– United States (Supabase servers)
### 4.2 Safeguards
For transfers from the EU/EEA/UK to other countries, we use:
– **Standard Contractual Clauses (SCCs)** approved by the EU Commission
– **Adequate safeguards** to protect your data rights
– **GDPR-compliant data processing agreements** with all service providers
## 5. Data Retention
### 5.1 Retention Periods
**Account Data:**
– Retained as long as your account is active
– Deleted within 30 days after account deletion request
**Usage Data:**
– Retained for up to 2 years for analytics and improvement
– Anonymized after 1 year (no longer linked to your identity)
**AI Interaction Data:**
– Temporary processing only (not stored long-term)
– May be anonymized and retained for model improvement
– You can request deletion at any time
**Crash Logs & Error Reports:**
– Retained for up to 6 months for debugging
– Automatically deleted afterward
### 5.2 Data Deletion
You can request deletion of your data at any time:
– **In-App:** Settings → Privacy → Delete My Account
– **Email:** spark@5ntuner.ai
We will delete your data within 30 days, except where retention is required by law.
## 6. Your Privacy Rights
### 6.1 GDPR Rights (EU/EEA/UK Users)
You have the right to:
**Access:** Request a copy of your personal data
**Rectification:** Correct inaccurate or incomplete data
**Erasure:** Delete your account and data (“right to be forgotten”)
**Restriction:** Limit how we process your data
**Object:** Object to processing based on legitimate interests
**Withdraw Consent:** For consent-based processing, at any time
**How to Exercise Rights:**
– Email: spark@5ntuner.ai
– In-App: Settings → Privacy → Data Rights
We will respond within 30 days (GDPR requirement).
**Complaints:** You can lodge a complaint with your local data protection authority.
### 6.2 CCPA Rights (California Users)
You have the right to:
**Know:** What personal data we collect and how we use it
**Delete:** Request deletion of your personal data
**Opt-Out:** Opt-out of data “sales” (we don’t sell data, so this is automatic)
**Non-Discrimination:** We won’t discriminate against you for exercising rights
**How to Exercise Rights:**
– Email: spark@5ntuner.ai (include “CCPA Request” in subject)
– We will verify your identity and respond within 45 days
### 6.3 Global Rights
Regardless of location, you can:
– Access your data via Settings → Privacy
– Delete your account and data
– Opt-out of optional data collection
– Update your preferences at any time
## 7. Data Security
### 7.1 Security Measures
We protect your data with:
**Encryption:**
– End-to-end encryption for sensitive data (health data, reflections)
– TLS/SSL encryption for data in transit
– AES-256 encryption for data at rest
**Access Controls:**
– Role-based access for our team
– Multi-factor authentication for admin access
– Regular security audits
**Infrastructure:**
– Secure cloud hosting (Supabase)
– Automated backups
– Intrusion detection systems
**Development Practices:**
– Regular security updates
– Penetration testing
– Code reviews for security vulnerabilities
### 7.2 Limitations
**No system is 100% secure.** Despite our safeguards:
– We cannot guarantee absolute security
– You use the App at your own risk
– Use strong passwords and protect your device
If a data breach occurs, we will notify affected users as required by law (within 72 hours under GDPR).
## 8. Children’s Privacy
### 8.1 Age Restriction
RageReflect is **not intended for users under 18** (or applicable minimum age in your jurisdiction).
### 8.2 No Knowingly Collection
We do not knowingly collect data from children under 13 (USA) or 16 (EU).
If we discover we have collected data from a minor, we will:
– Delete it immediately
– Notify parents/guardians if possible
– Take steps to prevent future collection
**Parents:** If you believe your child has provided data to us, contact spark@5ntuner.ai immediately.
## 9. Cookies and Tracking
### 9.1 Minimal Tracking
We use minimal tracking technologies:
**Essential Cookies:**
– Authentication tokens (necessary for login)
– Session management
– Security measures
**Analytics (Anonymized):**
– Usage patterns (which features are used)
– Crash reporting (to fix bugs)
– Performance metrics (app speed, load times)
**No Third-Party Advertising:**
– We do NOT use advertising trackers
– We do NOT share data with ad networks
– We do NOT track you across other apps or websites
## 10. Changes to This Privacy Policy
### 10.1 Updates
We may update this Privacy Policy to:
– Reflect new features or services
– Comply with legal changes
– Improve clarity or transparency
### 10.2 Notification
**Material changes** will be notified via:
– In-app notification
– Email (to your registered email)
– Prominent notice in the App
**Effective date** of changes will be indicated at the top of this policy.
**Continued use** of the App after changes = acceptance of updated policy.
## 11. Contact Us
### 11.1 Privacy Questions
For privacy concerns, data requests, or questions:
**Email:** spark@5ntuner.ai
**Website:** https://5ntuner.ai
**Subject Line:** “Privacy Inquiry” or “Data Request”
### 11.2 Data Protection Officer (if applicable)
For EU users with GDPR questions:
**DPO Email:** spark@5ntuner.ai (mark as “GDPR Request”)
### 11.3 Supervisory Authority
EU/EEA/UK users can contact your local data protection authority:
– UK: Information Commissioner’s Office (ICO)
– EU: Your country’s data protection authority
– Find your authority: https://edpb.europa.eu/about-edpb/board/members_en
## 12. Legal Information
### 12.1 Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to its conflict of law principles.
For users in specific jurisdictions, additional regulations apply:
– **European Union, EEA, and UK users:** General Data Protection Regulation (GDPR)
– **California users:** California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
– **Other jurisdictions:** Applicable local data protection and privacy laws
Where local laws provide greater privacy protections, those laws will apply.
### 12.2 Entire Agreement
This Privacy Policy, together with our Terms of Service, constitutes the entire agreement regarding data privacy.
## Your Consent
**By using RageReflect, you acknowledge that you have read, understood, and agree to this Privacy Policy.**
**Last Updated:** November 15, 2025
**Version:** 1.0.0 – Launch Edition
**Effective Date:** November 15, 2025
RageReflect is a product of 5ntuner.ai.
© 2026 5ntuner.ai. All rights reserved.
*Thank you for trusting RageReflect with your wellness journey. Your privacy is our priority.*