Privacy Policy

Last updated: June 2026

Vow is a personal productivity and accountability coaching app. It is not a medical or mental-health product. This policy explains what data we collect, why, and how you can control it.

1. Who We Are

Vow is operated by Vow ("we", "us", "our"). For questions about this policy, contact us at privacy@vow-app.com.

2. What Data We Collect

Email address — collected when you join the waitlist or create an account.
Goals and commitment contracts — the goals you declare, your clarifying answers, and the signed commitment text.
Check-in responses — your daily replies to the coach, including whether you followed through and any context you share.
Behavioral patterns — derived data about your commitment history (when you tend to succeed, what triggers misses). This is the core service.
Health signals (optional) — if you grant permission, step counts and workout summaries from Apple HealthKit or Google Fit. These are used solely to passively validate goal progress.
Payment data — handled entirely by Stripe. We never see or store full card numbers. We receive only a Stripe customer ID and subscription status.
Usage data — session timestamps, feature interactions, and crash reports, collected for product improvement.

3. Legal Basis for Processing (GDPR / Swiss DSG)

Contract performance — processing your goals, contracts, and check-ins to deliver the coaching service you requested.
Legitimate interests — usage analytics to improve the product, fraud prevention, and security.
Consent — access to health data (HealthKit / Google Fit). You can revoke this at any time in your device settings.

4. How We Use Your Data

To operate the Vow coaching experience — confronting you with your own stated intentions, tracking consistency, and generating your Behavioral DNA Report.
To send proactive check-in notifications at the time you specify.
To process your subscription via Stripe.
To improve product quality and fix bugs.

We do not use your data for advertising, do not sell it to third parties, and do not use health signals for any purpose other than passively validating goal claims.

5. Health Data

Health data accessed via Apple HealthKit or Google Fit is:

Read-only and summarized (e.g. "workout detected today: yes/no").
Never shared with third parties.
Never used for advertising or data-mining.
Stored under the same per-user isolation as all other data.
Deleted immediately upon account deletion or permission revocation.

This handling is required by Apple's HealthKit guidelines and Google Fit's use policy, which we comply with fully.

6. Third-Party Services

Supabase — our database and authentication provider. Data is stored in EU-region infrastructure, encrypted at rest and in transit (TLS). Per-user Row Level Security ensures your data is isolated from other users. Supabase Privacy Policy.
Anthropic — the AI model powering the Vow coach. Your check-in messages are sent to Anthropic's API to generate coaching responses. Anthropic does not train models on API inputs by default. Anthropic Privacy Policy.
Stripe — payment processing for Premium and Intense subscriptions. Stripe is the data controller for payment card data. Stripe Privacy Policy.
Vercel — hosting for this website. Vercel Privacy Policy.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data — goals, contracts, check-ins, behavioral memory entities, health signals, and reports — is permanently deleted within 30 days. Anonymized, aggregated analytics (no personal identifiers) may be retained indefinitely.

8. Your Rights

Under GDPR and the Swiss Federal Act on Data Protection (DSG), you have the right to:

Access — request a copy of all data we hold about you.
Correction — correct inaccurate data.
Deletion — request deletion of your data ("right to be forgotten").
Portability — receive your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Consent withdrawal — revoke consent for health data access at any time.

To exercise any right, email privacy@vow-app.com or use the in-app data tools described in our Data Export & Deletion page. We respond within 30 days.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Database access uses Row Level Security — no user can query another user's data. We conduct regular security reviews and follow responsible disclosure practices.

10. Children

Vow is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a child has created an account, contact us at privacy@vow-app.com and we will delete it promptly.

11. Changes to This Policy

We will notify you of material changes via email or in-app notice at least 14 days before they take effect. Continued use after that date constitutes acceptance.

12. Contact

Questions, requests, or concerns: privacy@vow-app.com