Privacy Policy
Table of Contents
- Information We Collect
- How We Use Your Information
- Legal Bases for Processing (EU/EEA/UK)
- Data Sharing and Third Parties
- Data Retention
- Your Rights and Choices
- Data Security
- Children's Privacy
- International Data Transfers
- California Privacy Rights (CCPA)
- Cookies and Tracking Technologies
- Changes to This Policy
- Contact Us
This Privacy Policy explains what personal information Soulform LLC ("we," "us," "our," or "Soulform") collects when you use the Soulform mobile application (the "App") and website at soulform.app (the "Website") (collectively, the "Services"), why we collect it, how we use it, how we protect it, and your rights regarding your data.
This policy applies to users worldwide, including users in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), California (USA), and all other jurisdictions.
By installing, accessing, or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Services.
For questions about this policy or to exercise your privacy rights, contact us at: soulformapp@gmail.com
1. Information We Collect
We collect the following categories of information when you use the Services:
A. Account Information
| Data Type | Examples | Purpose |
|---|---|---|
| Email address | your.email@example.com | Account creation, sign-in, password recovery, account notifications |
| Password | (securely hashed, never stored in plain text) | Account authentication |
| Display name | If you choose to provide one | Personalization |
B. Assessment and Spiritual Growth Data
| Data Type | Examples | Purpose |
|---|---|---|
| Assessment responses | Your answers to the 42-question Soulform assessment | Calculate your spiritual growth profile |
| Stage scores | Computed scores for each developmental stage | Provide personalized results and recommendations |
| Assessment history | Timestamps and results of previous assessments | Track your progress over time |
| Practice data | Practices you've added, completed, or removed | Personalize your practice library and track engagement |
| Practice completion history | Dates and times of practice completions | Calculate streaks and provide encouragement |
C. Payment and Subscription Data
| Data Type | Examples | Purpose |
|---|---|---|
| Subscription status | Active, canceled, expired | Determine access to premium features |
| Plan type | Monthly or annual | Manage your subscription |
| Payment source | Whether you subscribed via web, Apple, or Google | Route support inquiries |
| Stripe customer ID | Internal identifier (not your card number) | Link your payment account |
| Billing dates | Subscription start, renewal, and expiration dates | Manage billing and send reminders |
Important: We do not store your credit card number, CVV, or full payment details. All payment processing is handled by Stripe, Apple, or Google, who are PCI-DSS compliant.
D. Usage and Analytics Data
| Data Type | Examples | Purpose |
|---|---|---|
| Screen views | Screens you visit in the App or pages on the Website | Understand user journeys and improve UX |
| Feature interactions | Button taps, navigation patterns | Improve functionality |
| Session information | Session start/end times, session duration | Understand engagement patterns |
| Error logs | Crash reports, error messages (without personal content) | Debug issues and improve stability |
E. Device and Technical Information
| Data Type | Examples | Purpose |
|---|---|---|
| Device model | iPhone 15, Samsung Galaxy S24 | Ensure app compatibility |
| Operating system | iOS 17.4, Android 14 | Technical support |
| Browser type | Safari, Chrome, Firefox | Website compatibility |
| App version | 1.0.0 | Version-specific debugging |
| IP address | Collected automatically by servers | Security, fraud prevention |
| Time zone | America/Los_Angeles | Localize notification timing |
F. Notification Data
| Data Type | Examples | Purpose |
|---|---|---|
| Push notification token | Device token for Expo Push Notifications | Send practice reminders (only with your opt-in) |
| Notification preferences | Your chosen reminder times | Schedule notifications at your preferred times |
G. User-Generated Content
| Data Type | Examples | Purpose |
|---|---|---|
| Feedback messages | Text you submit through in-app feedback | Improve the Services based on your input |
| Journal entries | Personal reflections in Soul Journal | Stored for your personal use and review |
| Screenshots | Images you optionally attach to feedback | Help us understand reported issues |
H. Information We Do NOT Collect
- Precise geolocation (GPS coordinates)
- Contacts or address book
- Photos or camera access (except optional feedback screenshots)
- Microphone or audio recordings
- Health data from HealthKit or Google Fit
- Credit card numbers or full payment details
- Browsing history outside the Services
- Social media accounts or connections
2. How We Use Your Information
Primary Purposes
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core features | Account info, assessment data, practice data | Contract performance |
| Calculate your spiritual growth profile | Assessment responses | Contract performance |
| Track your progress over time | Assessment history, practice completions | Contract performance |
| Personalize your experience | Stage scores, practice preferences | Contract performance |
| Process subscriptions and payments | Account info, payment/subscription data | Contract performance |
| Send account-related messages | Email address | Contract performance |
| Send practice reminders | Push token, notification preferences | Consent |
Operational Purposes
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Improve stability | Error logs, crash reports | Legitimate interest |
| Understand usage patterns | Analytics data | Legitimate interest |
| Prevent fraud and abuse | IP address, device info | Legitimate interest |
| Respond to support requests | Feedback, account info | Contract performance |
| Comply with legal obligations | As required by law | Legal obligation |
What We Do NOT Do
- We do not sell your personal information to third parties
- We do not share your assessment data with advertisers
- We do not use your data to build advertising profiles
- We do not share your individual results with anyone without your consent
3. Legal Bases for Processing (EU/EEA/UK)
If you are located in the European Union, European Economic Area, or United Kingdom, we process your personal data under the following legal bases:
| Legal Basis | When We Use It |
|---|---|
| Contract Performance | Processing necessary to provide the Services' features (assessment, results, practices, subscriptions) |
| Consent | Push notifications, optional marketing communications, non-essential cookies |
| Legitimate Interests | Analytics, security, fraud prevention, service improvement |
| Legal Obligation | Compliance with applicable laws and regulations |
You may withdraw consent at any time for processing based on consent (e.g., by disabling push notifications in your device settings or adjusting cookie preferences on the Website).
4. Data Sharing and Third Parties
We share your data only in the following limited circumstances:
Service Providers (Data Processors)
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Firebase | Authentication, database, hosting | Account info, assessment data, analytics |
| Stripe | Payment processing | Email, subscription status, payment metadata (not card numbers) |
| Expo (EAS) | App updates, push notifications | Device info, push tokens |
| Google Cloud Platform | Server infrastructure | All data stored in Firebase |
| Google Fonts | Typography on Website | IP address (standard web request) |
Other Disclosures
- Legal Requirements: When required by law, court order, or legal process
- Protection of Rights: To protect Soulform's rights, property, or safety
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
We Do NOT Share
- Your assessment data with advertisers
- Your personal information with data brokers
- Your spiritual growth profile with third parties for their own purposes
- Your journal entries with anyone
5. Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Account information | Until account deletion + 30 days | Enable account recovery |
| Assessment data | Until account deletion | Historical progress tracking |
| Subscription data | Until account deletion + as required by tax law | Legal and financial compliance |
| Journal entries | Until account deletion | Your personal records |
| Analytics events | 90 days (rolling) | Service improvement and debugging |
| Error logs | 30 days | Debugging and stability |
| Feedback/Support | 2 years | Reference for product improvement |
After account deletion: We delete your personal data within 30 days, except where retention is required by law (e.g., financial transaction records may be retained for up to 7 years as required by tax regulations).
Anonymized/Aggregated data: We may retain anonymized or aggregated data (which cannot identify you) indefinitely for research and analytics purposes.
6. Your Rights and Choices
All Users
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of personal data we hold about you | Contact soulformapp@gmail.com |
| Correction | Request correction of inaccurate data | Contact soulformapp@gmail.com or update in-app |
| Deletion | Request deletion of your personal data | Account Settings > Delete Account or contact soulformapp@gmail.com |
| Portability | Receive your data in a machine-readable format | Contact soulformapp@gmail.com |
| Opt-out of notifications | Stop receiving push notifications | Device Settings > Notifications > Soulform |
EU/EEA/UK Users (GDPR)
In addition to the above, you have the right to:
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Withdraw consent at any time for consent-based processing
- Lodge a complaint with your local data protection authority
Response Timeline
- EU/EEA/UK: 30 days (extendable to 60 days for complex requests)
- California: 45 days (extendable to 90 days with notice)
- Other jurisdictions: Within a reasonable timeframe, typically 30 days
7. Data Security
Technical Safeguards
- Encryption in transit: All data transmitted via HTTPS/TLS
- Encryption at rest: Data stored in Firebase with Google Cloud encryption
- Secure authentication: Passwords are hashed using industry-standard algorithms
- Access controls: Role-based access to production systems
- Firestore Security Rules: Database-level access restrictions per user
- Payment security: Payment processing handled by PCI-DSS compliant providers (Stripe, Apple, Google)
Your Responsibilities
- Using a strong, unique password
- Keeping your device secure with a passcode/biometrics
- Signing out when using shared devices
- Reporting suspected unauthorized access to soulformapp@gmail.com
While we use reasonable efforts to protect your data, no system is completely secure. We cannot guarantee absolute security of your data.
8. Children's Privacy
The Services are intended for users 13 years of age and older.
We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at soulformapp@gmail.com. We will promptly delete such information.
9. International Data Transfers
Your personal data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For EU/EEA/UK Users
When we transfer your data outside the EU/EEA/UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): Our service providers maintain SCCs for data transfers
- Adequacy Decisions: Where applicable, we rely on EU adequacy decisions
- Additional Safeguards: We implement supplementary measures as required
10. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the CCPA and CPRA:
Your CCPA Rights
| Right | Description |
|---|---|
| Right to Know | Request what personal information we collect, use, disclose, and sell |
| Right to Delete | Request deletion of your personal information |
| Right to Correct | Request correction of inaccurate personal information |
| Right to Opt-Out of Sale | We do not sell your personal information |
| Right to Non-Discrimination | We will not discriminate for exercising your rights |
Sale of Personal Information
We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to do so.
Submitting Requests
To exercise your CCPA rights, email soulformapp@gmail.com with "CCPA Request" in the subject line.
11. Cookies and Tracking Technologies
On the Mobile App
The App does not use cookies. We use Firebase Analytics and Crashlytics SDKs to collect analytics and error data as described above.
On the Website
| Technology | Type | Purpose | Duration |
|---|---|---|---|
| Firebase Hosting | Essential | Serve website content securely | Session |
| Google Fonts | Essential | Load typography | Cached by browser |
Currently, the Website does not use advertising cookies, tracking pixels, or third-party analytics cookies. If we add analytics in the future, we will update this policy and, where required by law, obtain your consent.
12. Changes to This Policy
- Minor changes: We will update the "Last Updated" date at the top of this policy
- Material changes: We will notify you via in-app notification or email before the changes take effect
Your continued use of the Services after changes are posted constitutes acceptance of those changes.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, contact us:
Email:
soulformapp@gmail.com
Phone: (307) 205-7010
Mailing Address:
Soulform LLC
Registered Agent: Northwest Registered Agent
30 N Gould St Ste N
Sheridan, WY 82801
For EU/EEA/UK users, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.