Beatrice Privacy Policy

---

Last Updated: October 24, 2025
Effective Date: October 24, 2025

At Beatrice, we understand that trust is everything—especially when it comes to your friendships and personal life. This privacy policy explains in clear, simple terms what information we collect, why we collect it, and how we protect it.

We will never:

• Sell your personal information to anyone
• Share your friend data with third parties for marketing
• Use your information in ways you haven't agreed to

Our core commitment: Your data is yours. You have complete control over what you share, and you can delete it anytime.

Company Name: Beatrice
Developer: Brian Long
Location: Kansas City, Kansas, United States
Contact: [contact email to be added]
Website: [website URL to be added]

Beatrice is a personal relationship management app designed specifically for adults with ADHD who want to maintain meaningful friendships without overwhelming their executive function. We're a small, bootstrap operation that treats your data with the care and respect it deserves.

We collect information to help you remember important details about your friends and maintain meaningful connections. Here's exactly what we collect and why:

Friend Information:

• Names of your friends
• Photos (optional)
• Phone numbers (optional)
• Relationship types (Friend, Family, Partner, Coworker)
• Connection preferences (how often you want to connect)
• Personal interests (from our Interest Palette - 48 categories)
• Memories and notes about your friends
• Life events and important dates
• Last contact dates

Your Profile Information:

• Voice preference (formal, casual, or playful communication style)
• App usage preferences and settings
• Responses to progressive profiling questions

Communication:

• Any messages you send to our support team
• Feedback you provide through the app

Usage Information:

• When you open the app
• Which features you use
• How often you mark friends as contacted
• App crashes or errors (to fix bugs)

Device Information:

• Device type (iPhone/Android)
• Operating system version
• App version
• Unique device identifier (for authentication only)

Calendar Data (Only if you connect Google Calendar):

• Calendar event titles
• Event dates and times
• Event locations
• Attendee email addresses
• Event descriptions

We explicitly DO NOT collect:

• Your exact location (GPS coordinates)
• Content of your text messages or calls
• Browsing history outside the app
• Social media activity
• Financial information (until we launch paid features)
• Health information
• Biometric data

We use your information ONLY to make Beatrice work better for you. Here's what we do:

1. Friend Management
    
   • Store your friend information securely
   • Display friends who need attention
   • Track when you last connected with each person

1. AI-Powered Features
    
   • Generate personalized conversation starters using Claude AI (Anthropic)
   • Create contextual message suggestions based on friend interests and memories
   • Generate gentle nudges to help you stay connected
   • Process memory notes to extract structured insights

1. Smart Reminders
    
   • Send daily notifications at your preferred time
   • Suggest when to reach out based on your connection preferences
   • Remind you about upcoming social events (if calendar connected)

1. Progressive Learning
    
   • Ask occasional questions to learn about your friends over time
   • Improve message quality based on what you've shared

1. Calendar Integration (Optional)
    
   • Detect social events from your Google Calendar
   • Match calendar attendees to your friends
   • Suggest pre-event conversation topics

• Fix bugs and crashes
• Understand which features are most helpful
• Test new features with a small group before wider release
• Analyze usage patterns (anonymously) to improve ADHD-friendly design

• Send you important updates about the app
• Respond to your support requests
• Notify you about new features you might find helpful

What we will NEVER use your data for:

• Advertising to you
• Selling to third parties
• Training AI models for other companies
• Sharing with data brokers
• Any purpose you haven't explicitly agreed to

Your data security is our top priority. Here's how we keep your information safe:

Encryption:

• All data transmitted between your device and our servers uses industry-standard HTTPS/TLS encryption
• Passwords and authentication tokens are encrypted at rest
• Database backups are encrypted

Access Controls:

• Row Level Security (RLS) ensures you can only access your own data
• Anonymous authentication with secure session management
• No shared access between users
• Developer access is logged and audited

Infrastructure:

• Hosted on Supabase (SOC 2 Type II certified)
• Regular security updates and patches
• Automated backups with encryption
• Monitoring for suspicious activity

Where Your Data Lives:

• Database: Supabase PostgreSQL (cloud-hosted, US-based servers)
• Local Storage: Your device (encrypted, as backup)
• AI Processing: Claude API by Anthropic (temporary, not stored)
• Calendar Tokens: Supabase (encrypted)

Data Retention:

• Active data: Stored as long as you use the app
• Deleted data: Permanently removed within 30 days
• Backups: Retained for 90 days, then permanently deleted
• Anonymous usage analytics: Retained for 2 years

If we discover a security breach that affects your personal information:

1. We'll notify you within 72 hours
2. We'll explain what happened in plain English
3. We'll tell you what information was affected
4. We'll describe what we're doing to fix it
5. We'll offer guidance on protecting yourself

You have complete control over your data. Here's what you can do:

Access Your Data

• View all information we have about you
• Export your data in a readable format (JSON or CSV)
• How: Settings → Privacy → Download My Data

Delete Your Data

• Delete individual friends
• Delete specific memories or notes
• Delete your entire account and all associated data
• How: Settings → Privacy → Delete My Account
• Timeline: Immediate deletion from active systems, complete purge within 30 days

Correct Your Data

• Edit any information at any time
• Update friend details, interests, or preferences
• How: Tap any friend card → Edit

Control What We Collect

• Opt out of Google Calendar integration
• Opt out of push notifications
• Opt out of progressive profiling questions
• How: Settings → Privacy → Data Collection Preferences

If you're in the European Union or European Economic Area, you also have:

Right to Restriction

• Limit how we process your data while we investigate a concern
• Request: contact@beatrice.app [to be updated]

Right to Portability

• Receive your data in a machine-readable format
• Transfer your data to another service
• Request: Settings → Privacy → Download My Data

Right to Object

• Object to data processing based on legitimate interests
• Object to automated decision-making
• Request: contact@beatrice.app [to be updated]

Right to Withdraw Consent

• Withdraw consent for any data processing at any time
• Does not affect the lawfulness of processing before withdrawal

If you're a California resident, you have:

Right to Know

• What personal information we collect
• Categories of sources
• Business purposes for collection
• Categories of third parties we share with (currently: none for marketing)
• Request: Settings → Privacy → Download My Data

Right to Delete

• Request deletion of your personal information
• Exceptions: Legal obligations, security purposes
• Request: Settings → Privacy → Delete My Account

Right to Opt-Out of Sale

• We do not sell your personal information
• We will never sell your information without explicit consent
• If we ever change this policy, we'll make opt-out clear and easy

Right to Non-Discrimination

• We will not discriminate against you for exercising your privacy rights
• Same price, service, and features regardless of privacy choices

Right to Correct

• Correct inaccurate personal information
• Request: Edit directly in app or contact us

UK residents have the same rights as EU/EEA residents under the UK GDPR, enforced by the Information Commissioner's Office (ICO).

In-App: Most rights can be exercised directly through Settings → Privacy

Email: Contact us at [contact@beatrice.app - to be updated]

Response Time:

• We'll acknowledge your request within 48 hours
• We'll complete most requests within 30 days
• Complex requests may take up to 90 days (we'll explain why)

Verification:

• We may ask you to verify your identity to protect your data
• Typically: Confirm your device and email address

No Cost:

• Exercising your privacy rights is always free
• Exception: Excessive or repetitive requests may incur a reasonable fee

Beatrice uses several trusted third-party services to function. Here's who has access to what:

1. Supabase (Database & Authentication)

• What they do: Store your friend data and manage authentication
• What they access: All data you store in Beatrice
• Their privacy policy: https://supabase.com/privacy
• Certifications: SOC 2 Type II, GDPR compliant
• Data location: United States (US-East region)

2. Anthropic (AI Processing)

• Service: Claude AI API
• What they do: Generate message suggestions and process memory notes
• What they access: Friend name, interests, memories, relationship context (ONLY when you use AI features)
• What they DON'T access: Your full friend list, contact info, or calendar
• Data retention: Anthropic does not train models on your data or retain it beyond 30 days for trust & safety
• Their privacy policy: https://www.anthropic.com/privacy
• How it works: 
  • We send: Friend's first name, interests, last contact date, selected memories
  • Claude generates: 3 message suggestions
  • Data is encrypted in transit and not stored by Anthropic for training

3. Expo (Development Platform)

• What they do: Provide app development tools and push notification infrastructure
• What they access: Device tokens (for notifications), crash reports
• Their privacy policy: https://expo.dev/privacy
• Data shared: Device identifier, app version, crash logs (no personal data)

4. Google Calendar (If You Connect It)

• What they do: Provide read-only access to your calendar
• What they access: Calendar events, attendees, locations, dates
• Authentication: OAuth 2.0 (industry standard, no password sharing)
• Permissions requested: Read-only calendar access (we can't edit your calendar)
• Their privacy policy: https://policies.google.com/privacy
• Your control: Disconnect anytime in Settings → Calendar
• Data we store: Only events we classify as "social" (2-10 people, non-work)

5. Apple App Store / Google Play Store

• What they do: Distribute the app and process payments (future)
• What they access: Purchase history, app downloads
• Their policies: 
  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

We currently do not use any analytics services. If we add analytics in the future:

• We'll update this policy 30 days in advance
• We'll use privacy-first analytics only (no ad tracking)
• You'll be able to opt out in Settings

• Share your friend data with advertisers
• Sell your information to data brokers
• Give third parties access to your calendar without explicit permission
• Use your data to train AI models for others
• Share your data with law enforcement without a valid court order

Beatrice is NOT designed for children.

Age Requirement: You must be at least 18 years old to use Beatrice.

COPPA Compliance: We do not knowingly collect personal information from anyone under 13 years of age. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

Parents/Guardians: If you believe your child under 13 has provided us with personal information, please contact us immediately at [contact@beatrice.app - to be updated], and we will delete it within 72 hours.

Target Demographic: Beatrice is designed for adults aged 25-45 with ADHD who want to maintain friendships.

Primary Operation: Beatrice operates primarily in the United States, but we welcome users worldwide.

Where Your Data Is Stored:

• Primary: United States (Supabase US-East data center)
• Backup: Automated backups in US data centers
• Processing: Claude API processes requests in Anthropic's infrastructure

EU/EEA Users:

• We comply with GDPR requirements
• Data transfers from EU to US are protected by: 
  • Standard Contractual Clauses (SCCs)
  • Supabase's GDPR commitments
  • Your explicit consent to use Beatrice

Your Rights:

• EU/EEA residents: Full GDPR rights (see "Your Privacy Rights" section)
• UK residents: Full UK GDPR rights
• California residents: Full CCPA/CPRA rights
• Other jurisdictions: Contact us to understand your specific rights

Data Processing Locations:

• Database: United States
• AI Processing: United States (Anthropic)
• Your Device: Local storage as backup

Questions about international transfers? Contact us at [contact@beatrice.app - to be updated]

How We Handle Updates:

We may update this privacy policy occasionally to reflect:

• New features
• Changes in law
• Improvements to our privacy practices
• Feedback from users

When We Update:

1. Minor Changes (clarifications, typos, contact info):
    
   • We'll update the "Last Updated" date at the top
   • Changes take effect immediately

1. Material Changes (new data collection, new third parties):
    
   • We'll notify you via: 
     • Email (if we have your email)
     • In-app notification
     • Prominent notice on login screen
   • We'll give you 30 days' notice before changes take effect
   • We'll clearly explain what changed and why
   • You can review changes in Settings → Legal → Privacy Policy Updates

Your Choices:

• Continue using the app = accept updated policy
• Don't agree? You can delete your account anytime (Settings → Privacy → Delete Account)

Version History:

• We maintain a history of all policy versions
• View past versions: Settings → Legal → Policy History

Questions? Concerns? Feedback?

We're here to help. Seriously.

Primary Contact:

• Email: [contact@beatrice.app - to be updated]
• Response Time: Within 48 hours for privacy inquiries

Privacy-Specific Requests:

• Subject Line: "Privacy Request - [Your Request Type]"
• Include: Your device ID (found in Settings → About)
• We'll respond within: 48 hours to acknowledge, 30 days to fulfill

Mailing Address:Brian Long
[Mailing address to be added]
Kansas City, Kansas [ZIP]
United States

Legal Representative (EU):[To be added if required based on GDPR Article 27]

Data Protection Authority Contacts:

If you're unsatisfied with our response, you can contact your local data protection authority:

• EU/EEA: Your country's Data Protection Authority 
  • Find yours: https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner's Office (ICO) 
  • Website: https://ico.org.uk/
  • Phone: 0303 123 1113
• California: California Attorney General's Office 
  • Website: https://oag.ca.gov/
  • Privacy Unit: privacy@oag.ca.gov

Bug Bounty & Security Issues:

• Found a security vulnerability? Email: [security@beatrice.app - to be updated]
• We take security seriously and will respond within 24 hours

For our EU/EEA users, here's the legal basis for processing your data:

  Data Type Legal Basis Purpose     Friend information Consent Provide core app functionality   Usage analytics Legitimate interest Improve app performance and features   Account data Contract performance Deliver the service you signed up for   Support communications Legitimate interest Respond to your requests   Calendar data Explicit consent Provide calendar integration feature   AI-generated content Consent Generate personalized messages   Security logs Legal obligation Protect against fraud and abuse    

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

California residents can request information about personal information we've disclosed to third parties for their direct marketing purposes in the prior calendar year.

Current Status: We do not share personal information with third parties for their direct marketing purposes.

If this changes: We'll update this policy 30 days in advance and provide an opt-out mechanism.

In the unlikely event of a data breach affecting your personal information:

Our Response:

1. Contain and investigate the breach immediately
2. Notify affected users within 72 hours
3. Report to relevant authorities as required by law
4. Provide clear, jargon-free explanation of: 
   • What happened
   • What data was affected
   • What we're doing about it
   • What you should do to protect yourself

Your Protection:

• We'll never ask for passwords or payment info via email
• Official notifications will come from @beatrice.app domain only
• We'll provide free identity monitoring if payment info is compromised (future)

Current Status: Beatrice uses AI to generate message suggestions, but YOU always have the final decision.

How AI Works in Beatrice:

• AI suggests conversation starters based on friend interests and memories
• AI helps categorize calendar events as "social" or "work"
• AI processes memory notes to extract structured information

Your Control:

• You can edit or ignore any AI suggestion
• You can turn off AI features entirely (Settings → AI Features → Disable)
• No AI decision affects your account status or access
• AI is a helper, not a decision-maker

Accuracy: AI suggestions are not perfect. Always review before using.

Commitment: We're committed to making this privacy policy accessible to everyone, including users with disabilities.

Current Format:

• Clear headings and structure
• Plain language (minimal legal jargon)
• Readable on screen readers
• Mobile-friendly formatting

Need Help? If you need this policy in an alternative format (large print, audio, etc.), contact us at [contact@beatrice.app - to be updated]

Current Status: Beatrice is a native mobile app. We do not use cookies.

What We Use Instead:

• Local Storage: Your device stores data locally (encrypted)
• Session Tokens: Keep you logged in securely
• Device Identifiers: For authentication only

No Tracking:

• No advertising cookies
• No cross-site tracking
• No social media pixels
• No analytics cookies

Future Web App: If we launch a website, we'll update this policy to explain any cookie usage.

Browser DNT Signals: Not applicable (Beatrice is a mobile app, not a website)

Mobile Tracking:

• We respect iOS "Ask App Not to Track" settings
• We do not use advertising identifiers (IDFA/AAID)
• We do not share data with ad networks

  Right How to Exercise Response Time     Know what data we collect Settings → Privacy → Download Data 30 days   Delete your data Settings → Privacy → Delete Account 30 days   Opt-out of sale Not applicable (we don't sell data) N/A   Correct inaccurate data Edit in-app or contact us Immediate   Non-discrimination Automatic N/A     

Bottom Line:

• Your data is yours
• We collect only what's necessary to make Beatrice work
• We protect your information with industry-standard security
• You have complete control and can delete everything anytime
• We'll never sell your data or use it in ways you haven't agreed to

Questions? We're here to help: [contact@beatrice.app - to be updated]

Thank you for trusting Beatrice with your friendships. We take that responsibility seriously.