← Back to home

Privacy Policy

Effective Date: March 22, 2026

What Went Right Today? is designed to be a private, simple reflection tool. This policy explains what data is collected, how it is used, and how it is handled.

Information we collect

Account information

We use third-party authentication providers, such as Google and Apple, to allow you to sign in securely. When you sign in, we receive basic profile information from the provider, which may include your name, email address, and profile image (if available). We use this information solely to create and manage your account.

If you choose to sign in with Apple, you may have the option to hide your email address. In that case, we receive a private relay email address provided by Apple instead of your personal email address.

This is used to:

  • create and manage your account
  • allow you to sign in securely
  • display your profile information inside the app

Reflections you write

Reflections you create in the app are stored so they can be displayed back to you.

  • Reflection content is treated as private
  • Sensitive reflection content is encrypted before being stored
  • Reflection content is not used for analytics, advertising, or shared with third parties

Usage and operational data

We collect limited technical and usage information necessary to operate and secure the app, such as:

  • request metadata (for example, timestamps and general usage patterns)
  • security-related data (such as IP address for rate limiting and abuse prevention)

This data is used only for:

  • maintaining service reliability
  • protecting against abuse
  • understanding overall app usage at a high level

We do not use this data to profile you or analyze your personal reflections.

How your data is used

Your data is used only to:

  • provide and maintain the app
  • allow you to access your reflections
  • improve reliability and performance
  • enforce security measures

We do not sell your data or use your reflections for advertising.

Your reflections and personal data are never shared with Google, Apple, or any other authentication provider. These providers are used only to verify your identity during sign-in.

Data retention and deletion

  • Reflections you delete are removed from your main history immediately
  • Deleted reflections can be restored for up to 30 days
  • After 30 days, they are permanently deleted

If you delete your account, your data is handled according to the app's deletion and retention rules.

Data security

We take reasonable measures to protect your data:

  • data is encrypted in transit
  • sensitive reflection content is encrypted before storage
  • access to data is limited to what is necessary to operate the service

Third-party services

We use third-party services to operate the app, including:

  • Google (for authentication)
  • Apple (for authentication)
  • hosting and infrastructure providers

These providers may process data as necessary to provide their services. They do not have access to your reflections.

Your control

You can:

  • edit or delete your reflections at any time
  • restore deleted reflections within the retention window
  • delete your account
  • request a copy of the data associated with your account

Data access requests

You may request a copy of the data associated with your account. This may include account information, reflection data, and other data we retain to operate and secure the service.

Changes to this policy

We may update this policy from time to time. Updates will be reflected on this page with a revised effective date.

Contact

If you have questions about this policy, you can contact us at: privacy@whatwentright.app