Privacy Policy

Your privacy is important to us

Last Updated: 11 November 2025

Scope

This Privacy Policy explains how SpiritIndex ("we," "us") collects, uses, shares, and safeguards personal information when you use our mobile apps, web app, and sites (the "Service").

We act as a data controller for consumer accounts. For enterprise/clinical pilots where SpiritIndex processes data on behalf of an organization, we act as a processor under a separate DPA.

What We Collect

A) You Provide:

  • Account data (name, email, password or SSO).
  • Profile data (preferred language, assessment preferences).
  • Assessment inputs & journal entries (your responses in the app).
  • Support requests and feedback.
  • Payment info (processed by our payment provider; we do not store full card numbers).

B) Collected Automatically:

  • Device & log data (app version, device model, OS, IP address, timestamps).
  • Usage analytics and diagnostics (events, crashes, performance).
  • Cookies/SDKs for authentication, preferences, and analytics.

C) From Third Parties:

  • App stores (receipt status, subscription entitlements).
  • Payment processors (payment status, last 4 digits & expiry token).
  • SSO providers (email, name, org identifier, if applicable).

We do not collect precise geolocation or contact lists. We do not sell personal information.

Purposes & Legal Bases (GDPR)

We process data to:

  1. Provide and improve the Service, features, scoring and dashboards (contract necessity).
  2. Personalize content and measure usage (legitimate interests / consent where required).
  3. Communicate about updates, security, billing, and support (contract / legitimate interests).
  4. Process payments and manage subscriptions (contract).
  5. Ensure security, prevent fraud/abuse, and comply with law (legitimate interests / legal obligation).
  6. With your explicit consent, enable optional features such as email newsletters or research participation.

Sensitive Data

Assessment inputs may reflect personal wellbeing experiences. We treat these as sensitive and apply enhanced access controls. SpiritIndex is a general-wellbeing service and not a HIPAA-covered entity. We do not use sensitive inputs for advertising.

Sharing

We share limited data with service providers under contract, solely to operate the Service:

  • Cloud & hosting: (e.g., AWS/GCP/Azure)
  • Analytics & diagnostics: (e.g., Firebase/Google Analytics, Crashlytics)
  • Payments: (e.g., Stripe, Apple, Google)
  • Email & in-app messaging: (e.g., SendGrid/Customer.io)

We may disclose data if required by law, to protect users, or in connection with a merger/acquisition (subject to this Policy).

We do not sell or "share" personal info for cross-context behavioral advertising as defined by the CCPA.

International Transfers

We may transfer data to the U.S. and other countries where we and our providers operate, using appropriate safeguards (e.g., SCCs for EEA/UK/Swiss data).

Retention

We retain personal data while your account is active and as needed for the purposes above, then delete or de-identify it. You can request deletion at any time (see "Your Rights").

Security

We implement organizational and technical measures including encryption in transit, access controls, least-privilege principles, secure development practices, and vendor due diligence. No method is 100% secure; please protect your credentials.

Children

The Service is not directed to children under 13 (or under 16 where required). We do not knowingly collect children's data. If you believe a child has provided data, contact us for deletion.

Your Rights

Depending on your jurisdiction (e.g., GDPR/UK GDPR, CCPA/CPRA, PIPEDA, etc.), you may have rights to access, correct, delete, port, or restrict processing of your data, and to object or withdraw consent.

  • EU/UK users may contact privacy@spiritindex.app to exercise rights or lodge a complaint with a supervisory authority.
  • California users may exercise CCPA rights and use an authorized agent; we will not discriminate for exercising rights.

Research & Analytics

De-identified and aggregated insights may be used to improve assessment quality and product performance. We do not use identifiable assessment content for advertising.

Automated Decision-Making

SpiritIndex may generate scores or insights based on your inputs. You may contact support to request human review or context.

Data Deletion & Account Closure

You can delete entries in-app and request full account deletion via Settings → Delete Account or by emailing privacy@spiritindex.app. We will confirm and delete consistent with legal/contractual requirements.

Changes to This Policy

We will update this Policy as needed and post the revised date above. Material changes will be communicated in-app or by email where required.

Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Privacy inquiries & rights requests: egomemmanuel@gmail.com
  • Security reports: egomemmanuel@gmail.com
  • Mailing address: Available on request
Questions about your data? Visit our Privacy FAQ or contact our support team.