Your data
stays yours.

FortifyMe is a lifestyle companion. We collect what we need to run the app and nothing more. No advertising, no data brokers, no surprise resales.

What we collect

• Account basics: email, a username you pick, and a hashed password. We never see your real name unless you put it in your username.
• Date of birth: required at signup so we can enforce the 18+ minimum. We store the date for audit; we don't display your age back to anyone.
• Avatar: we assign one from a small set. You can swap it.
• What you write in the app: check-ins, journal entries, identity statements, goals, habit plans, if-then plans, environment notes, future-self letters, restructuring entries, coping logs, community posts, and partner messages. All visible only to you (or your partner / cohort, where the feature explicitly shows it).
• How you use the tools: which breathing / grounding / journaling tools you complete, lesson progress, quote favorites.
• Subscription state: whether you have FortifyMe Pro active. Sent to us by RevenueCat; we don't see your card details.
• Device basics: a push token if you opt in to notifications, your timezone (so reminders land at sane hours), and standard server logs (IP at login, user-agent, error traces) for reliability.
• Consent record: when you accepted this Privacy Policy and the Terms of Use.

What we do with it

• Your check-ins and journal power your own Resilience Score and weekly pattern report — shown only to you.
• Your timezone anchors notifications and weekly scoring to your local calendar.
• Community posts and reactions are visible to people in your cohort under your pseudonymous username + avatar — not your email, not your real name.
• If you opt in to proactive nudges, we look at your check-in patterns to send the occasional supportive push at a useful moment. You can turn this off (Settings → Notifications), and the analysis stops the moment you do.
• We do not sell your data, run ads, train AI models on it, or share it with data brokers.

Where your data lives

Our servers and database run on infrastructure in the United States. A few specific things flow through trusted vendors:

• RevenueCat — handles your FortifyMe Pro subscription state. We send a user ID; we don't send your name, billing email, card number, or country.
• Firebase Cloud Messaging (Google) — delivers push notifications when you opt in. Bodies are generic ("Time for a check-in", "Your buddy needs support") — we never put your journal or check-in content into a notification.
• Apple and Google — verify your Sign-in with Apple / Sign-in with Google tokens, only at sign-in.
• SMTP relay — sends transactional email (password reset, email-change confirmation, account-deletion confirmation). No marketing email.

What your partner and cohort see

If you pair with an accountability buddy, they see your username and the short check-ins and commitments you choose to share — not your journal, not your raw check-ins, not your scores. If you send an SOS, the buddy gets a push that says "Your buddy needs support." No context, no transcript.

In a cohort (community feed), people see your username, avatar, posts, and reactions. Real name, email, date of birth, and everything you write outside the feed stay private.

With a walking partner (Pro), 1:1 messages are direct between the two of you. If you type something that suggests you're in crisis, the app shows you crisis resources on-device before the message sends — that detection happens on your phone, not on our servers.

Your rights

• Export — Settings → Data → Download my data. You get a JSON file with everything we have on you.
• Delete — Settings → Delete account. We immediately strip identifying fields and purge the rows after 90 days. The 90 days exist so you have a way back if you change your mind, and so we can defend against fraud / abuse reports.
• Edit — change your email, password, username, avatar, and notification preferences any time.
• Opt out of algorithmic processing — Settings → Notifications → Turn off proactive nudges. Pattern analysis for nudges stops; your own Resilience Score still computes.
• Block — block any other user from a profile or post; they vanish from your view immediately.

Security basics

Passwords are hashed with bcrypt (cost 12+ in production). Sessions use short-lived access tokens and rotating refresh tokens. TLS in transit. The mobile app pins the API certificate in release builds. We run on managed Postgres with daily backups.

If something goes wrong, email hello@fortifyme.app and we'll triage.

If you're under 18

Don't use FortifyMe. The app is for adults. We don't knowingly collect data from minors; if we discover an under-18 account, we delete it.

Changes

If we materially change this policy, we'll surface it in the app the next time you open it. The date at the top always reflects the last update.

Contact

hello@fortifyme.app. We read every message.