Effective: May 24, 2026 · Last updated: May 24, 2026
We collect the following categories of personal information:
| Category | Examples | Purpose |
|---|---|---|
| Contact information | Email address (if provided via Apple Sign In) | Account creation and authentication |
| Identifiers | Apple-issued anonymized user ID | Link your data to your account securely |
| User-generated content | Worry text, category, deadline, outcome, intensity rating, reflections, chat messages with Mira | Core app functionality — storing and syncing your entries |
| Audio data (voice input) | Voice transcripts from speech-to-text (processed on-device by Apple's Speech Recognition framework). Raw audio is never transmitted to our servers. | Convert spoken worries to text using your device's native speech recognition |
| Auto-extracted memories | People names, relationships, life facts, worry patterns (extracted by AI analysis of your entries) | Pattern detection and personalized insight generation |
| Usage data | Crash logs, error messages (anonymous) | App stability and bug fixes |
| Preferences | First name, primary worry category, notification settings | Personalization |
We do not collect precise geolocation, biometric data, browsing history, contacts, photos, or any data not listed above.
When you use voice input to describe worries, the following happens:
Mira's backend automatically extracts structured information from your worry entries and chat messages to power pattern detection and personalized insights. This processing includes:
We do not use your data for targeted advertising, behavioral profiling, or any purpose beyond providing the app service to you.
We do not sell, rent, or trade your personal data. We share data only as follows:
No other third parties receive your personal data.
We implement the following security measures:
No method of transmission over the Internet is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.
Depending on your location, you may have the following rights:
To exercise any rights, contact us at info@vibecodingturkey.com. We will respond within 30 days.
The app and our backend rely on the following independent sub-processors. Each receives only the data needed for the stated purpose. None of them are advertising or cross-app tracking providers.
| Service | Location | Purpose | Data shared |
|---|---|---|---|
| Supabase | Frankfurt, EU | Database, authentication, file storage, DPA in place | Account ID, email (if Email sign-in), worry entries, chat messages, profile fields, extracted memories |
| Apple StoreKit 2 | Varies | Subscription billing and entitlement | Apple-managed (we do not see payment details) |
| Apple Push Notification Service | Varies | Local reminders, deadline alerts | Device push token only |
| RevenueCat | US | Subscription receipt validation and analytics | Anonymous in-app user ID, subscription status |
| Sentry | Frankfurt, EU | Crash and error reporting for stability | Anonymous in-app user ID, crash stack trace, OS version, app version |
| OpenAI (gpt-4o-mini API) | US | Generates Mira's reflective text responses; extracts memory entities (server-to-server) | Your recent messages, extracted context, memory analysis. DPA in place; data retained 30 days for abuse monitoring; no training on API traffic |
| Microsoft Edge TTS (Bing endpoint) | US | Synthesizes Mira's AI-generated reply text into speech | Only the generated reply text (not your private worry text); no audio retained after synthesis |
| Render | Frankfurt, EU | Hosts voice backend that orchestrates OpenAI + Edge TTS | Transient request payload; no persistent storage |
| Vercel | US | Hosts this website (didnthappen-web) | Standard web request logs only; no sensitive app data |
Note on Edge TTS: Microsoft's Edge TTS endpoint is provided by the open-source edge-tts library. It is not an official Microsoft service with a standard Data Processing Addendum. We use it for cost efficiency and developer convenience. If you require official Microsoft Azure Speech Service compliance, please contact info@vibecodingturkey.com.
We do not use third-party advertising, behavioural analytics, or cross-app tracking SDKs. Our SDKs do not request App Tracking Transparency authorisation because no tracking occurs.
Your personal data may be stored and processed in multiple jurisdictions:
By using the app, you consent to these transfers. For transfers to the US, we rely on Standard Contractual Clauses (SCCs) and other mechanisms available under applicable law (including the UK/EU adequacy frameworks where applicable).
California (CCPA/CPRA): We do not sell or share personal information. You have the right to know, delete, and correct personal information we collect. Contact us to exercise your rights within 45 days. We do not discriminate against users for exercising their rights.
European Economic Area (GDPR): Our legal basis for processing is contract performance (providing the app service). You have the right to access, rectify, erase, restrict, and port your data, and to lodge a complaint with your supervisory authority. We respond within 30 days of your rights request.
Under California law, we collect the following categories of personal information:
| Category (CCPA SPI) | Examples | Sold/Shared? |
|---|---|---|
| Identifiers | Email, Apple ID, Apple-generated UUID | No |
| Commercial information | Subscription plan, trial status, purchase history | No |
| Biometric information | Speech transcripts (audio converted to text only) | No |
| Internet activity | App crash reports, stability logs | No |
| Geolocation | None collected | N/A |
| Sensitive personal information (Article 9 GDPR) | Worry entries, mental health data, chat with Mira | No — processed only with explicit consent |
| Inferred information | Patterns of anxiety, worry themes, relationship networks (AI-extracted) | No |
Right to know: Contact info@vibecodingturkey.com to request what personal information we hold and the purposes for processing.
Right to delete: Request deletion of your personal information via Settings → Delete Account or info@vibecodingturkey.com.
Right to correct: Contact us to correct inaccurate personal information.
If you are a California resident, you may request information about the types of personal information we share with third parties for their direct marketing purposes. We do not sell or share personal information with third parties for commercial purposes, so we have nothing to disclose under this law. If your circumstances change and we begin selling or sharing, we will update this policy and honor opt-out requests.
Under the EU AI Act (in force from 2 August 2026), this notice informs you that DidntHappen uses AI systems in the following limited-risk categories:
We do not use AI for content moderation decisions that restrict your access to the service. We do not use emotion-recognition or facial-recognition AI.
If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33, and we will notify you without undue delay where the risk is high (Article 34).
We may update this Privacy Policy. We will notify you of material changes via an in-app banner before the change takes effect. The updated policy will also be posted at this URL with a new effective date. Continued use after changes constitutes acceptance.
DidntHappen is a small developer without mandatory Data Protection Officer appointment under GDPR Article 37 (not a public authority, not carrying out systematic monitoring of data subjects at scale). However, we comply with all GDPR requirements including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, confidentiality, and accountability. Data processing is documented and requests for data rights are handled within 30 days under Articles 15–22.
For GDPR inquiries: info@vibecodingturkey.com. If you are not satisfied with our response, you may file a complaint with the supervisory authority in your country (list: edpb.europa.eu).
Performance of contract: Your use of DidntHappen is based on the contract between you and us. We process your account data, worry entries, and preferences to perform this service.
Consent: You consent to process mental-health sensitive data (worry entries) by accepting these terms. You withdraw consent by deleting your account.
Legal compliance: We may process data where required by law (e.g., tax records, abuse investigation).
Legitimate interests: We process crash logs and usage patterns to improve app stability and security.
Data controller: DidntHappen
Email: info@vibecodingturkey.com
Support: https://didnthappen-web.vercel.app/support
Right to lodge a complaint with a supervisory authority: EEA/UK residents may complain to their local data-protection authority. A list is published at edpb.europa.eu.