T30 Journal — Privacy Policy

1. Who We Are

2. Information We Process

2.1 Journal Content (User-Created)

• Time-block entries and activity descriptions
• Notes
• Emotions (primary, secondary, tertiary selections and intensity)
• Needs (primary and secondary selections)
• Photos attached to entries (captured with camera or selected from photo library)
• Location data associated with entries (GPS coordinates and/or saved custom locations)
• Sleep tracking entries

On the native app, journal content is stored on your device using Core Data. On the web app, Firebase caches synced content locally in your browser (IndexedDB). When you are signed in, journal entries sync to Firebase Firestore and photos upload to Firebase Storage, both hosted on Google Cloud. Access is restricted by Firebase Authentication and Firestore security rules so that only you can read or write your own journal data.

2.2 Account Identity

If you use Sign in with Apple, the app processes:

• Apple user identifier (opaque token)
• Name (if you choose to share it during sign-in)
• Email address (if you choose to share it during sign-in; Apple may provide a private relay address)
• Firebase authentication identifier (UID), assigned when your Apple credential is linked to Firebase Auth

Apple credentials are stored locally in your device’s Keychain. Firebase Auth maintains a server-side authentication record that includes your Firebase UID and the linked Apple identity. These are used for account state, sync eligibility, and partner connection features. Apple provides name and email only on the first sign-in; subsequent sign-ins use the locally cached values.

If you use Google Sign-In, the app processes the Google account identifier and profile metadata that Google returns to the app, linked to the same Firebase UID. Credentials are stored per Google’s and Firebase’s sign-in flows.

2.3 Partner Sharing Content

When you opt in to partner features, the app processes:

• Invite code and connection state
• Sharing preferences (which fields your partner can see)
• Partner nudges
• Partner messages, questions, and replies
• Shared check-in data, including activity, notes, emotions, needs, and — when included — GPS coordinates and location names
• Shared photos (stored in Firebase Storage; download URLs stored in Firestore)
• Shared daily summary reports (completion counts, top activities, emotion summary)
• Both partners’ Firebase UIDs and display names on partnership documents

Partner content is user-generated. When sharing is active, a copy of shared data is stored in Firebase Firestore under a partnership document accessible to both connected partners. Shared photos are uploaded to Firebase Storage. Each partner controls what they share.

2.4 App Settings and Preferences

• Display preferences (dark mode, emotion/need display toggles)
• Notification settings (frequency, time window)
• Daily start and end times
• Custom emotion and need color assignments
• Partner notification preferences

Settings are stored in UserDefaults on your device. For premium subscribers with multi-device sync enabled, settings also sync via Apple’s iCloud Key-Value Store and Firebase Firestore.

2.5 Subscription and Purchase Data

If you subscribe to T30 Premium, Apple processes the transaction through StoreKit. We receive a confirmation of your subscription status (active or expired) but do not receive or store your payment method, billing address, or financial account details. Apple’s terms govern the licensed app and purchases; see Apple’s Privacy Policy and Apple’s Standard End User License Agreement (EULA) for licensed applications.

2.6 Device Permissions

The app may request the following permissions, each of which you can grant or deny:

Biometric data (face or fingerprint) is processed entirely on your device by Apple’s Secure Enclave. T30 Journal never receives, stores, or transmits biometric data. We only receive a pass/fail result.

2.7 Push Notifications

When partner notifications are enabled, the app registers for push notifications through Firebase Cloud Messaging (FCM). This involves:

• A device token issued by Apple Push Notification service (APNs) and mapped to an FCM registration token
• The FCM token is stored in Firebase Firestore under your user record so that our server-side functions can deliver partner activity alerts to your device
• Push notification payloads contain only routing identifiers (partnership ID and document ID) — not message text or journal content
• You can disable partner push notifications in the app’s settings at any time

2.8 Server-Side Processing

T30 Journal uses Firebase Cloud Functions (hosted on Google Cloud) to:

• Route push notifications to the appropriate partner when a shared check-in, report, or message is created
• Verify partnership membership for security checks
• Aggregate report data on request

Cloud Functions operate with administrative access to Firestore for these specific purposes. They do not perform bulk data mining or profiling.

2.9 Diagnostics

Apple may provide aggregated crash and performance diagnostics to help us maintain app reliability. This data is governed by your device’s Analytics & Improvements settings and Apple’s privacy practices.

2.10 Support Communications

If you contact us by email, we process your email address and message content to respond to and resolve your request.

2.11 Web Browser Client

When you use T30 Journal on the web, the same categories of journal and account data may be processed as in the native app. In addition:

• Local browser storage: Firebase uses IndexedDB in your browser to cache Firestore data for offline use and faster loading. Firebase Authentication may persist session state in the browser according to Firebase defaults.
• Sign-in flows: Sign in with Apple and Google on the web use each provider’s web authentication. Google sign-in may use a popup or a full-page redirect, as implemented by Firebase.
• Clearing site data: If you clear site data or storage for our website in your browser settings, local cached data may be removed and you may need to sign in again.

We still do not run third-party advertising or analytics trackers on the web journal experience beyond what Firebase and your chosen sign-in providers require to operate authentication and sync.

3. How We Use Information

We use the information described above to:

• Provide journaling, emotion tracking, needs tracking, and time-block features
• Offer access to T30 Journal through our website (browser), consistent with native app functionality where supported
• Store and sync your data across your devices via Firebase
• Enable partner sharing workflows (invites, shared check-ins, reports, photos, and messages)
• Authenticate your account and manage subscription entitlements
• Deliver push notifications for partner activity
• Secure the app via biometric or passcode lock
• Deliver reminder notifications you have configured
• Generate reports, statistics, and analytics within the app
• Export your journal data as PDF or images
• Maintain reliability and resolve support requests

4. Where Your Data Lives

Firebase services are hosted on Google Cloud Platform. Our Firebase project is configured in the United States region. Google encrypts data in transit (TLS) and at rest. For details, see Google Cloud’s security practices.

5. Sharing and Disclosure

• We do not sell or rent your personal data.
• We do not share your data for advertising or cross-context behavioral profiling.
• Google Firebase / Google Cloud Platform processes data necessary for sync, storage, authentication, push notifications, and Cloud Functions, subject to the Google Cloud Data Processing Addendum and Google’s Privacy Policy.
• Apple services (Sign in with Apple, StoreKit, APNs, iCloud Key-Value Store) process data necessary for app functionality, subject to Apple’s Privacy Policy.
• Partner sharing: When active, your connected partner can access shared check-in data, photos, reports, and messages stored in Firebase Firestore. You control what is shared and can disconnect at any time.
• Email providers process support emails you send to us.
• Legal obligations: We may disclose information if required by law or to protect rights, safety, or security.

6. Partner Content Safety

Partner messages, nudges, and shared check-ins are user-generated content. The app provides:

• In-app reporting for inappropriate partner content
• Block and unblock controls for partner connections
• Disconnect to stop all future sharing
• Support contact (Mike@nonmulta.com) for moderation and safety follow-up

When you disconnect from a partner, no new data is shared. Previously shared copies stored in Firebase Firestore may persist until the other person deletes them or deletes their account. Data already downloaded to the other person’s device is subject to their own device management.

7. Your Choices and Controls

8. Data Retention

• Journal data is retained on-device and in Firebase Firestore until you delete individual entries or delete your account.
• Partner shared data (check-ins, photos, reports, messages) in Firebase Firestore under a partnership is removed when either partner deletes their account (the partnership document and its subcollections are deleted server-side as part of that user’s account deletion). It is also removed if you disconnect or delete content through in-app partner controls where applicable.
• Account credentials (Sign in with Apple) are retained in Keychain until you sign out or delete your account. Firebase Auth records are deleted when your account is deleted.
• Push notification tokens are retained in Firestore while your account is active and are removed when the Firebase Auth account is deleted.
• App settings are retained until you uninstall the app or reset them.
• Support emails are retained only as long as necessary for support, legal, and operational purposes.

9. Security

Your journal data is protected by:

• On-device encryption provided by iOS
• Firebase Authentication (only you can access your own data)
• Firestore security rules that enforce per-user and per-partnership access control
• Google Cloud encryption in transit (TLS) and at rest for all Firebase-hosted data
• Keychain encryption for account credentials
• Optional App Lock (Face ID, Touch ID, or device passcode)

Cloud Functions operate with administrative privileges scoped to specific operations (push routing, partnership verification, report aggregation). We follow the principle of least privilege in function design.

We recommend keeping your device passcode enabled and your iOS version up to date.

10. Children’s Privacy

T30 Journal is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at Mike@nonmulta.com and we will delete it.

11. International Users

T30 Journal stores data on your device, optionally in your iCloud Key-Value Store (for settings), and in Firebase (Google Cloud). Our Firebase project is hosted in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States.

Google Cloud provides data transfer mechanisms including Standard Contractual Clauses (SCCs) for transfers from the European Economic Area, the United Kingdom, and Switzerland. See the Google Cloud Data Processing Addendum for details.

If you contact our support, your email may also be processed in the United States.

12. Your Privacy Rights

Depending on where you live, you may have rights including access, correction, deletion, data portability, and the right to object to or restrict processing.

• For data stored in the app: Use the in-app controls described in Section 7, including account and data deletion.
• For complete server-side data removal or other inquiries: Contact Mike@nonmulta.com.

California Residents (CCPA/CPRA)

We do not “sell” or “share” (as defined by the CCPA/CPRA) your personal information. We do not use personal information for cross-context behavioral advertising. You have the right to know, delete, and correct your personal information. To exercise these rights, use the in-app controls or contact us.

European Economic Area and United Kingdom (GDPR/UK GDPR)

Legal bases for processing:

Sub-processors: Google Cloud Platform (Firebase Auth, Firestore, Storage, Cloud Messaging, Cloud Functions) processes data on our behalf under the Google Cloud Data Processing Addendum, which includes Standard Contractual Clauses for international transfers.

You may withdraw consent for optional permissions at any time through iOS Settings. You have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first at Mike@nonmulta.com so we can address your concern.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top. We encourage you to review this policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy or your data:

• Email: Mike@nonmulta.com
• Website: nonmulta.com
• Terms of Use (App Store): Apple Standard EULA