Privacy Policy

EOF Security, LLC ("Refuge", "we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, how long we keep it, how you can have it deleted, and your rights regarding your data when you use the Refuge mobile application ("the app").

1. Information We Collect

Account information

When you create an account, we collect your email address and display name via Firebase Authentication. You may also sign in with Apple or Google, in which case we receive only the information those services share (typically your email and a display name). We also store your IP address temporarily for signup rate-limiting and abuse prevention.

Mood and wellness data

The app collects the following wellness data that you actively enter:

• Mood entries: a numeric mood score (1–5), along with energy and anxiety levels, the time of day (morning or evening), and an optional note
• Category tracking: subjective ratings (e.g., sleep quality, stress) and quantity measurements (e.g., hours of sleep, caffeine intake) across both default and custom categories you create
• Medication tracking: names and adherence status of medications you choose to record
• Journal entries: free-text journal entries and guided journal responses, including any reflections you write during guided sessions
• Meditation and breathing sessions: duration and type of meditation timer and breathing exercise sessions you complete

All mood, journal, and category data is associated with your account and stored in Google Cloud Firestore.

Health data

With your explicit permission, the app can read data from Apple Health (iOS) or Health Connect (Android). The specific health data we access includes:

• Step count: daily step totals
• Resting heart rate: resting heart rate readings
• Heart rate variability (HRV): heart rate variability measurements
• Sleep: sleep session duration and stages
• Exercise time: daily exercise minutes
• Mindful minutes: meditation and breathing session durations (written to Apple Health / Health Connect when you complete a session in the app)

Health data access requires your opt-in consent through the standard system permission dialog. You can revoke this permission at any time in your device's health settings. Health data read from your device is used only to auto-fill your daily check-in within the app and is stored alongside your mood entries in Firestore. We do not sell, share, or use health data for advertising purposes.

AI-processed data

If you use AI-powered features (mood analysis, guide conversations, meditation guidance, or journal reflection), your relevant mood data and messages are sent to Anthropic (our AI provider) for processing. Anthropic processes this data solely to generate responses and does not use it to train AI models. AI-generated analysis results are stored in your account in Firestore.

Subscription information

If you purchase a Refuge Premium subscription, payment is processed by Apple or Google. We use RevenueCat to manage and verify subscriptions. RevenueCat receives a non-personal subscriber ID and purchase receipts. We do not collect or store your payment card details.

Usage data

We collect anonymous usage analytics through Firebase Analytics (e.g., which screens are visited, app crashes). This data does not identify you personally and is used solely to improve the app.

2. How We Use Your Information

• To provide and operate the Refuge app and your account
• To display your mood history, trends, and wellness insights within the app
• To generate AI-powered mood analyses and guide conversations at your request
• To auto-fill daily check-ins with health data you have authorized (steps, heart rate)
• To record mindful minutes to your device's health platform after meditation or breathing sessions
• To verify your subscription status
• To send essential service communications (e.g., password reset emails)
• To prevent abuse and enforce rate limits
• To improve the app based on aggregate, anonymous usage patterns

We do not use your health data, mood data, or journal entries for advertising, marketing, or any purpose other than providing the app's core functionality to you.

3. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the following service providers as necessary to operate the app:

• Google Firebase: authentication, data storage, analytics, and cloud functions
• Anthropic: AI processing for mood analysis, guide conversations, and meditation guidance (data is sent only when you initiate these features)
• RevenueCat: subscription management and verification
• Apple / Google: in-app purchase processing

Each provider is contractually bound to handle your data in accordance with applicable privacy laws. We do not share your data with any other third parties.

4. Data Security and Encryption

We use industry-standard and additional security measures to protect your data:

• Encryption in transit: all data transmitted between the app and our servers is encrypted using TLS
• Encryption at rest: sensitive fields in your mood entries, journal text, and AI analysis results are encrypted using per-user encryption keys before storage in Firestore
• Key management: encryption keys are managed via Google Cloud Key Management Service (KMS). You may also opt in to self-managed encryption where you control your own key
• Firebase App Check: verifies that requests originate from the genuine Refuge app
• Firebase security rules: enforce that users can only access their own data
• Rate limiting: protects against abuse of AI features

Your data is processed and stored on Google Cloud servers located in the United States. Google Cloud Platform is certified under ISO 27001 and SOC 1, 2, and 3. No method of transmission or storage is 100% secure, but we take reasonable and extensive steps to protect your information.

In the unlikely event of a data breach that affects your personal information, we will notify you in accordance with applicable law, including California Civil Code § 1798.82.

5. Data Retention

We retain your data as follows:

• Account data and wellness entries (mood, journal, categories, medications): retained for as long as your account is active. You can delete individual entries at any time within the app.
• AI analysis results and guide conversations: retained for as long as your account is active. Older analyses may be automatically summarized or pruned to manage storage.
• Signup rate-limit records (IP-based): automatically expire and are deleted after 1 hour.
• Usage analytics: retained by Firebase Analytics per Google's standard retention policy (14 months by default for event-level data).
• Health data: health data read from Apple Health or Health Connect is stored as part of your mood entries and follows the same retention as wellness entries above. The app does not maintain a separate copy of your health data.

When you delete your account, all associated data is permanently deleted from our systems within 30 days (see Section 6 below).

6. Your Rights and Choices

Access and export

You can view all your mood entries, journal entries, and tracked data within the app at any time. The app provides built-in export features to download your data as a text file, PDF, or encrypted backup file. You may also contact us to request a full data export.

Deletion

You have multiple options to delete your data:

• Delete individual entries: you can delete any mood entry or journal entry from within the app at any time
• Delete all data: use the "Delete all my data" option in Settings → Advanced to erase all your entries while keeping your account
• Delete your account: use Settings → Delete Account to permanently delete your account and all associated data. This action cannot be undone.
• Request deletion by email: contact us at privacy@refuge.ink to request deletion

When you delete your account or request deletion, all personal data (including mood entries, journal entries, category data, medication records, AI analyses, guide conversations, subscription records, and encryption keys) is permanently removed from our Firestore database within 30 days. Anonymous, aggregated analytics data that cannot be linked back to you may be retained.

Health data permissions

You can revoke the app's access to Apple Health or Health Connect at any time through your device's system settings. Revoking access stops the app from reading new health data but does not delete health data already stored in your entries. To remove previously stored health data, delete the relevant entries or your account.

Opt-out of analytics

You can opt out of Firebase Analytics on your device by disabling ad tracking in your device settings. This does not affect your ability to use the app.

7. Children's Privacy

Refuge is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include: the right to know what personal information we collect, use, and disclose; the right to delete your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right to non-discrimination for exercising your privacy rights.

We do not sell or share your personal information for cross-context behavioral advertising. Mood data, journal entries, and health-related category values may constitute "sensitive personal information" under California law. We use this data only to provide and improve the Service, and we do not use it for purposes other than those disclosed in this Privacy Policy. To exercise your California privacy rights, contact us at privacy@refuge.ink.

9. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you via the app or email. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, data requests, or concerns, please contact us at: