Privacy Policy

Effective: April 15, 2026 · Last updated: April 15, 2026

1. Information We Collect

We collect the following categories of personal information:

Category	Examples	Purpose
Contact information	Email address (if provided via Apple Sign In)	Account creation and authentication
Identifiers	Apple-issued anonymized user ID	Link your data to your account securely
User-generated content	Worry text, category, deadline, outcome, intensity rating, reflections	Core app functionality — storing and syncing your entries
Usage data	Crash logs, error messages (anonymous)	App stability and bug fixes
Preferences	First name, primary worry category, notification settings	Personalization

We do not collect precise geolocation, biometric data, browsing history, contacts, photos, or any data not listed above.

2. How We Use Your Information

To create and maintain your account.
To store, sync, and display your worry entries across devices.
To calculate your personal Reality Gap score and statistics.
To send you push notifications you have opted into (deadline reminders, morning check-ins). You can withdraw consent at any time in iOS Settings.
To diagnose crashes and improve app stability using anonymous error logs.
To comply with our legal obligations.

We do not use your data for targeted advertising, behavioral profiling, or any purpose beyond providing the app service to you.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only as follows:

Supabase (database provider): Your worry entries and account data are stored on Supabase servers (PostgreSQL). Supabase acts as a data processor under our instructions and does not use your data for its own purposes. Data is stored in the US.
Apple: Sign In with Apple transactions are processed by Apple. We receive only the anonymized identifier and optional email Apple provides.
Legal requirements: We may disclose information if required by law, court order, or to protect the safety of users or the public.

No other third parties receive your personal data.

4. Data Retention

Your account data and worry entries are retained while your account is active.
If you delete your account (Settings → Delete Account), all personal data is permanently deleted from our servers within 30 days.
Anonymous crash logs are retained for up to 90 days, after which they are automatically purged.
You may request earlier deletion by contacting us at privacy@didnthappen.app.

5. Security

We implement the following security measures:

Encryption in transit: All data is transmitted over HTTPS/TLS.
Encryption at rest: Data stored in Supabase is encrypted at rest.
Row-level security: Database policies ensure each user can only access their own data — no other user or process can read your worry entries.
Authentication: Account access is protected by Sign In with Apple or email/password authentication.

No method of transmission over the Internet is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Delete your account and all associated data from within the app (Settings → Delete Account), or by contacting us.
Data portability: Export your worry data in JSON format from the app's Settings screen.
Withdraw consent: Disable push notifications at any time in iOS Settings → DidntHappen → Notifications.
Opt out of telemetry: Crash reporting is anonymous and cannot be linked back to you.

To exercise any rights, contact us at privacy@didnthappen.app. We will respond within 30 days.

7. Children's Privacy (COPPA)

DidntHappen is rated 4+ on the App Store and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@didnthappen.app and we will delete the information promptly.

8. Sign In with Apple

We support Sign In with Apple as an authentication method. When you use this feature:

Apple generates a unique anonymized identifier for your account on our service.
You choose whether to share your real email or use Apple's private relay email.
We never receive your Apple ID password.
Apple's Privacy Policy governs the data Apple collects during authentication.

9. Subscriptions and Payments

All subscription payments for DidntHappen Pro are processed by Apple through the App Store. We do not collect, store, or process payment card information. Your subscription can be managed through your Apple ID account settings. Apple's Privacy Policy applies to payment processing.

10. Third-Party Services

The app uses the following third-party services:

Service	Purpose	Data shared
Supabase	Database & authentication	Account ID, worry entries
Apple StoreKit 2	Subscription management	None (handled by Apple)
Apple Push Notification Service	Local notifications	Device push token (Apple only)

We do not use any third-party advertising, analytics, or tracking SDKs.

11. International Data Transfers

Your data may be stored and processed in the United States, where our database provider (Supabase) operates. By using the app, you consent to this transfer. We ensure appropriate safeguards are in place.

12. California and EEA Residents

California (CCPA/CPRA): We do not sell personal information. You have the right to know, delete, and opt-out of sale (though we do not sell). Contact us to exercise your rights.

European Economic Area (GDPR): Our legal basis for processing is contract performance (providing the app service). You have the right to access, rectify, erase, restrict, and port your data, and to lodge a complaint with your supervisory authority.

13. Changes to This Policy

We may update this Privacy Policy. We will notify you of material changes via an in-app banner before the change takes effect. The updated policy will also be posted at this URL with a new effective date. Continued use after changes constitutes acceptance.

14. Contact and Data Controller

Data controller: DidntHappen

Email: privacy@didnthappen.app

Support: https://didnthappen-web.vercel.app/support

Home Terms of Use Support