Attune Privacy Policy
Last updated: 2026-05-07
1. What we collect
Attune collects only the minimum necessary to deliver the service.
- Account data: name or display name, email, hashed password, OAuth provider identifiers (Apple ID, Google account).
- Profile data: locale, couple linkage, subscription tier, marketing opt-in.
- Session content: user messages, AI reflections/questions, session summaries, emotion/risk labels.
- Billing: RevenueCat subscription status and event log. We never store raw card data.
- Device/log data: app version, OS version, IDFV, and operational error diagnostics.
- Advertising identifier (IDFA): only when the user grants iOS tracking permission, used for install/event attribution measurement via Airbridge. We do not use IDFA for ad targeting.
2. How we use it
- Generate EFT-based AI counselling responses.
- Detect safety signals (self-harm, crisis) and surface hotlines.
- Sync subscription state and billing history.
- Diagnose errors and improve service quality.
3. Retention
- Raw messages: auto-deleted after 90 days; a masked copy is kept for 13 months.
- Session summaries and memory extracts: retained until account deletion.
- Account deletion: 30-day grace period, then permanent.
- Billing audit log: retained per statutory requirement (5 years), then deleted.
4. Processors
| Processor | Region | Purpose |
|---|---|---|
| Amazon Web Services (AWS) | United States | Lambda, Bedrock, SSM |
| Supabase | United States, EU | Auth, database, RLS |
| RevenueCat | United States | Subscription billing |
| Airbridge (AB180) | South Korea | Install/event attribution measurement |
Processors are bound to the same security obligations. We do not sell personal data and do not share it for third-party marketing.
5. Your rights
- Access, correct, delete: Settings → Account → Export data / Delete account.
- Withdraw consent: marketing opt-in, couple linkage, and AI analysis each withdrawable independently.
- Portability: email support@eftcouples.com; we return a JSON export within 7 business days.
6. Security
- TLS 1.2+ in transit; Postgres and SSM encryption at rest.
- Service-role secrets stored in AWS SSM Parameter Store (SecureString).
- Row-Level Security so each user can only read/write their own rows.
- 90-day key rotation schedule.
7. Not a medical service
Attune is not a substitute for in-person psychotherapy and does not diagnose, treat, or prescribe. In a crisis, please call an in-app hotline (for Korea: 1393, 1577-0199, 112, 119) or visit your nearest emergency room.
8. Age restriction
Attune is 18+. We do not knowingly collect data from minors and will delete it on discovery.
9. Changes
We will notify users of material changes in-app and re-request consent when required.
10. Contact
- Email: support@eftcouples.com
- Data protection officer: (name/phone to be populated)