Privacy Policy

App: everQUIN Effective date: _to be set on first public release_ Last updated: 2026-04-25

⚠️ Draft. This document is a starting point written by the engineering team to reflect what the app actually does. Have a privacy lawyer review before publishing, especially if you operate in or serve users in the EU (GDPR), the UK (UK GDPR), California (CCPA/CPRA), or jurisdictions with health-data rules. This template aims for honest, plain-language disclosure consistent with the app's actual behavior.

Plain-language summary

everQUIN runs almost entirely on your device. What you write, log, and reflect on stays on your phone in encrypted local storage.
We do not have user accounts, servers that store your data, or third-party analytics.
We do not use AI conversation services. No data is sent to OpenAI, Google Gemini, Anthropic, or any other large-language-model provider.
Sharing is something you do, not something we do. When you tap "share," your phone's own share sheet opens; you choose the recipient and channel. We never see who you shared with.
You can delete your data at any time from inside the app (Profile → Privacy → Delete all data). This is irrevocable.
Children under 13 should not use this app. It contains discussion of mortality, relationships, and self-knowledge that is intended for adults.

If any of this changes in a future version, we'll update the policy and notify you in-app at least 14 days before the change takes effect.

1. What information the app processes

1a. Information you provide directly

When you complete onboarding and use the app, you may enter:

Your first name (used only to address you in the app's UI)
Your birth date (used to compute the temporal-timeline display — days lived, days remaining)
A self-narrative ("I am ___" sentence — your starting story)
Inner-ring relationships: the names, statuses (living/passed/estranged), and one-word descriptors of parents, partners, and other people you choose to add to your qSOIL ring map
qMARVEL entries: titles and descriptions of life experiences you log on your EKG timeline
qTENSOR response logs: notes on how you handle stimulus-response moments (when this feature ships)
Practice entries: journal entries from the 90-day Pillar Practice
Verses you favorite or save
Notification time preferences
Self-assessment results: qJOHARI windows estimates, qMASLOW level diagnostics, etc.

1b. Information automatically generated

Local activity log: internal events like onboarding-step-completed and share-recorded, used only to drive in-app features (such as the Profile dashboard's count of shares). This log is on-device only and viewable in Profile → Privacy → Activity Log.
Daily-verse rotation state: which verses you've seen in your daily rotation, so we can give you variety.
Streak data: if you opt in, the date of your last completed practice.

1c. Information we do not collect

We do not collect your last name, email address, phone number, or precise location.
We do not collect device identifiers, advertising IDs (IDFA / AAID), or fingerprintable device characteristics.
We do not collect contact information for the people in your rings — only the names you type in.
We do not collect the contents of your phone's contacts list. The app may ask permission to access contacts so the system share sheet can suggest recipients, but the contact data does not leave your device.
We do not record audio, photos, or video.
We do not track which apps you switch to or use alongside everQUIN.

2. Where information lives and how it's protected

2a. On-device storage

All data you enter is stored locally on your phone using Hive, an encrypted local database. The encryption key is held in your phone's secure keychain (iOS Keychain / Android Keystore). If you uninstall the app, all data is deleted along with it.

2b. We do not run servers that store your personal data

The everQUIN app does not have user accounts. There is no server we maintain that stores your name, your reflections, your ring members, or any other input. Nothing you type leaves your device unless you explicitly tap "share."

2c. The bundled canon

The 307-verse everQUIN canon ships inside the app as a static read-only file. Loading the canon does not require any network connection. Your reading of any verse is not reported anywhere.

3. When information leaves your device

There are exactly three situations where information leaves your device. All three are user-initiated.

3a. Sharing a verse

When you tap "share" on a verse, your phone's standard share sheet opens. You choose what to send, who to send it to, and which app/channel to use (iMessage, WhatsApp, Mail, etc.). The verse text and the everQUIN attribution are passed to that app/channel. We never see what you shared, who you shared it with, or whether the recipient responded.

We log a local record that you shared a verse (so the Profile dashboard can show your share count). The recipient's name is recorded only if you typed it in or selected it from your ring members; if you used the system share sheet's contact picker, no recipient identifier is logged.

3b. App store reviews and crash reports

If you choose to leave a review on the App Store or Google Play, that review is governed by Apple's or Google's terms — not ours.

If you opt in (when prompted by your phone) to send anonymous crash reports to your platform vendor (Apple App Analytics or Google Play Console), those reports include only crash stack traces and device characteristics. They do not include your reflections, journal entries, or any user-entered data. You can opt out at any time in your phone's settings.

3c. In-app purchases (when shipped)

If a future version of the app offers paid features through in-app purchases, the purchase itself is processed by Apple or Google. We receive a confirmation that you have a valid subscription; we do not receive your payment details, full name, billing address, or other purchase metadata.

4. Permissions the app may request

The app asks for these permissions only when you take an action that requires them. You can decline any permission and the app will degrade gracefully — features that need a permission will explain what's needed and continue to work in a reduced form.

| Permission | When asked | What it enables | Refusable? | |---|---|---|---| | Notifications | After onboarding, when you set a daily reminder time | Lets the app deliver your daily verse / practice reminder at the time you chose | Yes — you can manually open the app daily | | Contacts (read-only) | The first time you use share-to-friend | Lets the system share sheet suggest people from your contacts list. The app itself never reads or stores your contacts. | Yes — you can type recipient names manually | | Photos library (write-only) | The first time you save a verse share card to your camera roll | Lets you save a generated share-card image | Yes — share via system share sheet instead | | Local storage | Automatic | Used for Hive encrypted database, no user prompt required on iOS/Android | N/A (required for the app to function) |

Notably absent: location, microphone, camera, motion, calendar, health data. The app does not need any of these.

5. Children

The app is not directed to children under 13. The app discusses mortality (the temporal timeline), intimate relationships, life experiences including loss, and self-knowledge work — content intended for adults. We do not knowingly collect data from children. If you believe a child under 13 has used the app, contact us and we'll help with deletion.

For users 13–17: parental guidance is recommended for the temporal-timeline and grief-related content (qMARVEL chapters on the Forge, qTENSOR § grief pause, etc.).

6. Your rights

Because all your data is on your device, your rights to access, export, correct, and delete your data are exercised directly through the app:

Access: Profile → Privacy → View My Data
Export: Profile → Privacy → Export My Data (generates a JSON file you can save to Files / Drive / iCloud)
Correct: Edit any entry in-app (ring members, marvels, journal entries, etc.)
Delete a single item: Long-press → Delete on any item
Delete everything: Profile → Privacy → Delete all data → confirm. This wipes the local database. It cannot be undone.
Uninstall: Removing the app from your phone deletes all data immediately.

If you are in the EU, UK, California, or another jurisdiction granting specific privacy rights (right to erasure, right to portability, right to object to processing, etc.), you can exercise them all through the in-app actions above. We do not retain copies on any server.

7. Data retention

Your data is retained on your device until you delete it or uninstall the app. We do not have a copy.

If you opt into a future end-to-end encrypted backup feature (not in v1.0), retention will be governed by terms presented at the time you enable it.

8. AI and machine learning

Future versions of the app may include narrowly-scoped AI features (verse search, pattern recognition over your own journal, daily theme curation). When and if these ship, the following commitments apply:

AI features will be opt-in with explicit per-feature consent at the moment of activation.
The default mode of any AI feature is on-device inference with no data leaving your phone.
If a feature requires server-side inference, the data sent will be the minimum necessary (e.g., a search query, not your full journal), it will be clearly disclosed at the moment of use, and we will publish the third-party processor's name in this policy.
Conversational chatbots are not on the roadmap. If we ever add one, this section of the policy will be rewritten and you will be notified in-app before it ships.

As of this policy's effective date, no AI or ML features are active in the app.

9. Third-party services in the app

| Service | Purpose | Data received | |---|---|---| | Apple App Store / Google Play | Distribution + crash reports (opt-in) | Crash stack traces if you opt in; never your user-entered content | | Your phone's share sheet | Routing your "share" actions | Whatever you choose to share, to whoever you select | | Google Fonts (Cormorant Garamond, Inter) | Typography in-app | Bundled at build time; no runtime calls home |

That's the complete list. We do not use Google Analytics, Mixpanel, Segment, Amplitude, Firebase Analytics, Sentry, Bugsnag, AppsFlyer, Branch, Adjust, or any other third-party SDK that collects user behavior data.

10. International users

The app is local-first. There is no server-side processing, so there is no cross-border data transfer to disclose. Your data lives in the jurisdiction your phone is in. If you uninstall the app, your data is deleted in that same jurisdiction.

11. Changes to this policy

If we change this policy, we will:

1. Update the "Last updated" date at the top. 2. Display an in-app notice the next time you open the app (a banner you must dismiss to continue). 3. For material changes (e.g., adding any third-party data-sharing or AI feature that sends data off-device), provide at least 14 days' advance notice before the change takes effect.

The full version history of this policy will be maintained in the app's GitHub repository at https://github.com/everquin/everquin-app/blob/main/PRIVACY.md.

12. Contact

For privacy questions, data deletion help, or to report a concern:

Email: privacy@everquin.com _(replace with operating address before publishing)_
Mail: _(operating address — required for app stores)_

We commit to responding to legitimate privacy inquiries within 30 days.

13. Crisis disclosure

The everQUIN framework discusses topics that can surface difficult feelings — mortality, grief, isolation, relationship loss, identity work. The app is not a substitute for professional mental-health care.

If you are in crisis or considering harming yourself, please contact a qualified provider or a crisis service:

United States: 988 Suicide and Crisis Lifeline (call or text 988)
International: findahelpline.com for country-specific resources
Emergency: 911 (US) or your local emergency number

We do not have crisis-detection or crisis-routing built into the app. The app does not collect content that would let us detect crisis. If you write something concerning in your journal, only you will see it.

14. App store privacy summaries

For app store privacy nutrition labels, the following summaries describe what we collect:

Apple Privacy Nutrition Label (App Store Connect):

Data Not Linked to You: none collected.
Data Linked to You: none collected.
Data Used to Track You: none collected.

Google Play Data Safety form:

Data collected: none.
Data shared with third parties: none.
Data is encrypted in transit: N/A — no transit.
You can request data be deleted: yes — directly in-app.

If a future feature ever changes this, the labels will be updated before the feature ships.

Honest about uncertainty

This policy is written to reflect the app's actual technical behavior. We have made our best effort to be precise. If you spot something that contradicts how the app actually works, please tell us at the contact above — we will correct the policy or the app, whichever is wrong.