Legal
Privacy Policy
Our promise (and what we don't promise)
Aspra is a tool for committed people. We help you track. You do the work. Outcomes are yours.
We do not promise specific results — no weight loss, no financial gain, no mental health improvements, no relationship outcomes. We promise you a calm, premium tool that reflects your actual effort back to you, and we promise to handle your data with the discipline you'd expect from a serious tool.
This Privacy Policy explains what data we collect, what we do with it, who we share it with, how long we keep it, and what rights you have in your jurisdiction. By using Aspra, you agree to the practices described here.
1. Introduction
This policy covers:
- The iOS app branded as Aspra, distributed via the Apple App Store, operated by Trackora LLC.
- The websites at aspra.app and aspra.app, including waitlist, marketing, and purchase pages.
- The server-side functions (Supabase Edge Functions, Cloudflare AI Gateway routing, Google Gemini AI processing, Stripe payment processing, Sentry crash reporting, Langfuse onboarding observability) that operate the AI, sync, and billing features.
Controller: Trackora LLC (a Michigan limited liability company, United States) is the data controller (under GDPR/UK GDPR terminology) or business (under CCPA/CPRA terminology) for your data. For our postal address, contact privacy@aspra.app.
Where to reach us: - Privacy questions and data-rights requests: privacy@aspra.app - Security reports: security@aspra.app - Legal demands and process service: legal@aspra.app
2. Information We Collect
We collect only what is necessary to operate the Service.
2.1 Account information
- Apple User Identifier — when you sign in with Apple, an app-specific anonymous identifier provided by Apple. We do not receive your real email address unless you choose to share it.
- Google User Identifier — when you sign in with Google, an anonymous identifier provided by Google OAuth via Supabase Auth. We receive your email address and (optionally) display name for account-creation purposes.
- Display name — optional, used in-app only.
2.2 Content you create
- Goals, actions, and milestones — the items you create to structure your discipline.
- Log entries — records of which actions you have completed, with timestamps.
- Journal entries — text you write in the journal, including any reflections, future-self letters, or co-reflection content.
- Becoming statement — short identity copy generated from your onboarding answers, stored on your device.
2.3 Usage information
- Device model and iOS version — collected by Apple's StoreKit and (only when you experience a crash or error) by Sentry. See §5.6.
- App version and build number — collected with crash reports.
- Time of crash or error events — collected with crash reports.
2.4 Subscription and payment information
- iOS App Store subscriptions — Apple processes payment. We see only your subscription tier and active/inactive status via StoreKit. We do not see card details, billing address, or your Apple ID email (unless you share it at signup).
- Web subscriptions (Stripe) — Stripe processes payment. We receive your billing email, billing country, last four digits of card (for support purposes), and transaction outcome. We do not see your full card details. See §5.5.
2.5 Pair information (Partner tier only)
- Pair invite code — short alphanumeric code, expires after 7 days.
- Pair association record — links two user IDs as members of a pair. No personal information about your partner is stored separately by Aspra.
2.6 Onboarding responses (transient)
- Selected focus areas and written answers to onboarding prompts, used once to generate your AI plan, then discarded by our Edge Function. See §5.4.1.
2.7 Apple Health data (with permission)
When you grant permission, Aspra reads specific Apple Health data on your device only. See §5.2.
3. How We Use Your Information
We use your information to:
- Provide the Service — store, sync, and display your goals, actions, log entries, journal entries, and pair data. Authenticate you on signin. Process subscription billing.
- Generate AI features — create personalized onboarding plans, weekly reflections, journal co-reflection questions, and monthly action evolution suggestions, as described in §5.4.
- Improve reliability — collect anonymous crash and error reports (Sentry) to fix bugs faster. Collect anonymized onboarding-request telemetry (Langfuse) to detect outages and manage costs.
- Operate the pair feature — sync shared goals, actions, and journal entries between you and one accountability partner of your choosing.
- Comply with law — respond to valid legal process; comply with tax, accounting, and regulatory requirements; investigate fraud or violations of our Acceptable Use Policy.
- Communicate with you — send service-related notifications (billing receipts, subscription renewal reminders, abuse-report responses). We do not send marketing email without your explicit opt-in.
We do not use your information to:
- Train artificial intelligence models. Google's Gemini API does not train on API inputs by default, and we do not opt into any arrangement that would change this.
- Sell, rent, lease, or trade your data with third parties for their independent use.
- Build advertising profiles. There are no advertising SDKs or trackers in the iOS app.
- Track you across other apps or websites.
4. Legal Bases for Processing (GDPR / UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under one or more of the following legal bases:
| Purpose | Legal basis (GDPR Article 6) |
|---|---|
| Providing the Service to you (sync, AI features, pair, account management) | Contract — Article 6(1)(b) |
| Processing payment (Apple IAP or Stripe) | Contract — Article 6(1)(b) |
| Crash and error reporting (Sentry) | Legitimate interest — Article 6(1)(f) — service reliability |
| AI request reliability telemetry (Langfuse on onboarding only) | Legitimate interest — Article 6(1)(f) — cost and outage detection |
| Account security and fraud prevention | Legitimate interest — Article 6(1)(f) |
| Apple Health integration (after explicit grant) | Consent — Article 6(1)(a); for special category health data, Article 9(2)(a) |
| AI processing of free text you write (onboarding answers, journal co-reflection), which may reveal special-category data | Consent — Article 6(1)(a); Article 9(2)(a) for any special-category data, given via the in-app notice shown before processing |
| Compliance with US, EU, UK, or other applicable law | Legal obligation — Article 6(1)(c) |
| Investigation of safety incidents (e.g. credible imminent harm) | Vital interest — Article 6(1)(d) — narrowly invoked |
You may object to processing based on legitimate interest at any time by emailing privacy@aspra.app. We will weigh your specific situation against the interest claimed and respond.
5. Sharing and Disclosure
We share data with third parties only to the extent required to operate the features described in this policy.
5.1 Supabase — database, auth, edge functions
Shared (Partner-tier) goals, shared actions, shared journal entries, and pair records are stored in Supabase (Supabase, Inc., USA). Supabase enforces Row Level Security so only the two members of a pair can access their shared records. Supabase's infrastructure runs on AWS in US and EU regions. Auth session tokens are issued and verified by Supabase Auth.
Your private goals, actions, log entries, and journal entries are not stored in Supabase — they live in your iCloud per §5.2.
5.2 Apple iCloud and CloudKit (private data only)
Your private (non-shared) data is stored locally on your device via SwiftData and synced to your personal iCloud account via Apple's CloudKit framework. This data is governed by Apple's iCloud Terms and Privacy Policy. Aspra has no access to your iCloud storage and cannot read your data on Apple's servers.
Apple Health. When you grant Aspra permission to read Apple Health data, the app reads on your device only:
- Workout start/end times and Apple's standard activity names
- Mindful session start/end times
- Daily totals for step count, walking/running distance, dietary water, and sleep duration
What we do NOT read: heart rate, calories, GPS routes, BPM, or any health metric beyond the metadata and totals needed to determine whether an action's daily target was met.
Nothing read from Apple Health is sent off your device. It is processed entirely on your iPhone. A local Aspra log entry is created (stored in iCloud via SwiftData/CloudKit) referencing the source record's identifier for deduplication. You can revoke Apple Health permission anytime via iOS Settings → Privacy & Security → Health → Aspra.
5.3 Apple App Store (iOS purchases)
Subscriptions purchased inside the iOS app are processed by Apple. Apple is the Merchant of Record for App Store purchases. Apple's terms and privacy policy govern the payment transaction. Aspra receives subscription tier and status via StoreKit; we do not receive card details or billing address.
5.4 Google Gemini via Cloudflare AI Gateway (AI features)
Four features in Aspra call Google Gemini through Cloudflare AI Gateway. All AI requests travel over an encrypted connection. None of your raw inputs are stored by Aspra after the request completes, and none are used to train AI models. Every AI feature has a deterministic local fallback — if the AI service is unavailable, the feature degrades gracefully without a user-visible error.
5.4.1 Onboarding plan generation
During onboarding, Aspra asks you to describe your goals and intentions in free text. These responses are sent to Google Gemini to generate a personalized goal and action plan.
- What is sent: Your selected focus areas and written answers, up to 2,000 characters per answer.
- What is not sent: Your name, email, Apple/Google identifier, or any identifying information.
- Retention: Your raw answers are not stored after onboarding completes — they are processed transiently in the Edge Function and discarded.
- Fallback: A local template-based engine generates the plan if the service is unavailable.
5.4.2 Weekly reflection (Sunday Brief)
Once per week, Aspra generates a short reflective summary of your recent activity by sending aggregated, non-textual statistics to Google Gemini.
- What is sent: Per-action titles, planned-day counts, and completed-day counts for the most recent seven days, plus three aggregate integers (days logged, total planned, total completed).
- What is not sent: Individual log timestamps, journal content, your identifier, the name of your pair partner.
- Retention: The aggregated statistics are processed transiently and discarded. The generated narrative is stored on your device and in your iCloud container.
- Fallback: If unavailable, no card is shown that week.
5.4.3 Journal co-reflection
When you write a journal entry, Aspra can generate a single reflective question to help deepen your reflection by sending the text of that one entry to Google Gemini.
- What is sent: The content of the single journal entry you are working on, plus optionally a short identity statement derived from your onboarding plan.
- What is not sent: Any other journal entry, your historical entries, your identifier, or any goal/action data.
- Retention: The entry text is processed transiently and discarded by the Edge Function. The generated question is stored on your device alongside the entry.
- Scope: At most one question per entry. No follow-up conversation, no chat thread, no memory across entries.
- Fallback: One of eight hardcoded fallback questions is shown if unavailable.
- In-app disclosure and consent: Because a journal entry may contain sensitive (special-category) information, co-reflection is presented with an in-app notice explaining that the entry will be sent to Google Gemini to generate the question. Choosing to use the co-reflection feature after this notice constitutes your explicit consent under GDPR Article 9(2)(a). If you do not want your entry processed by AI, do not use the co-reflection feature — your journal entry is saved without it.
5.4.4 Monthly action evolution (Kaizen)
At most once per month, Aspra may suggest evolving an action you have completed consistently by sending aggregated completion statistics per goal to Google Gemini.
- What is sent: Your goal titles, action titles, action frequency labels, and completion-rate numbers over the previous 28 days.
- What is not sent: Individual log timestamps, journal content, vision statements, your identifier, or any pair-partner data.
- Retention: The statistics are processed transiently and discarded. The suggested action title (if you accept it) is stored on your device.
- Frequency: Maximum one suggestion per goal per 60 days.
- Fallback: No suggestion is shown if unavailable.
5.4.5 Common AI safeguards
- All four features route through Cloudflare AI Gateway, which provides request routing, rate limiting, and aggregate telemetry. Cloudflare does not store request content.
- Server-side input validation rejects prompt-injection patterns before any data reaches Google.
- Hard per-user rate limits and a lifetime cap of two AI onboarding generations per user.
5.5 Stripe (web purchases — Aspra is Merchant of Record)
If you purchase a subscription on aspra.app or aspra.app, payment is processed by Stripe, Inc. (stripe.com), USA. Stripe is our payment processor; Trackora LLC is the Merchant of Record.
- What is sent to Stripe: Your billing name, billing email, billing address, payment card information, transaction amount.
- What Aspra receives from Stripe: Your billing name, billing email, billing country, last four digits of card (for support), transaction outcome, Stripe Customer ID. We do not see your full card number, CVV, or full billing address.
- What is NOT sent to Stripe: Your goal content, action content, journal entries, AI-generated content, Apple Health data, pair information, or any in-app activity. Stripe receives only the data needed to process the payment.
- Stripe Tax calculates and remits US sales tax, EU VAT, UK VAT, AU GST, and other transactional taxes where applicable.
- Stripe's privacy policy: stripe.com/privacy.
5.6 Sentry (crash and error reporting)
We use Sentry (Functional Software, Inc., dba Sentry, USA) to collect anonymous crash and error reports from the iOS app and the server-side Edge Functions.
What is sent to Sentry when an error or crash occurs:
- A stack trace (the call sequence at the moment of failure).
- The device model (e.g. "iPhone 15 Pro") and iOS version.
- The Aspra app version and build number.
- The time of the event.
- A SHA-256 cryptographic hash of your internal user identifier (a one-way fingerprint that cannot be reversed to identify you).
- Your active subscription tier (
lonewolf,partner, orfree) — a non-identifying tag used to filter errors.
What is NOT sent to Sentry:
- Your name, display name, or email address.
- Your IP address.
- The content of your goals, actions, milestones, journal entries, or onboarding answers.
- Screenshots, video, or any visual representation of the app's screens.
- Device serial numbers, advertising identifiers, or any persistent device fingerprint.
Retention: Sentry retains crash and error data for 90 days, after which it is automatically deleted.
Opt-out: Sentry is enabled by default to support reliability. There is currently no in-app toggle to disable error reporting. Account deletion removes your user identifier from any subsequent reports.
Sentry's privacy policy: sentry.io/privacy.
5.7 Langfuse (onboarding telemetry only)
We use Langfuse to monitor reliability and cost of the onboarding AI request only. Sunday Brief, journal co-reflection, and Kaizen requests are deliberately not sent to Langfuse.
- What is sent: A one-way SHA-256 hashed user identifier, whether the request succeeded or failed, the number of tokens used, response time in milliseconds, and any error codes.
- What is NOT sent: Your written answers, your raw user ID, your email, your name.
- Retention: Up to 90 days, then automatically purged.
Langfuse: langfuse.com.
5.8 No advertising, no data brokers, no behavioral tracking
Aspra contains no advertising SDKs, no data-broker integrations, no behavioral tracking pixels, and no cross-app or cross-site tracking. We do not sell, rent, or trade your personal data.
6. Data Retention
| Data type | Retention |
|---|---|
| Account record + private content (iCloud) | Until you delete your account or revoke iCloud sync |
| Shared content + pair records (Supabase) | Until you or your partner deletes the account or unpairs |
| Apple Health log entries | Until you delete your account; raw Apple Health data never leaves your device |
| Onboarding answers (Edge Function) | Transient — discarded after the request completes |
| AI generation inputs (Sunday Brief, Journal, Kaizen) | Transient — discarded after the request completes |
| Stripe transaction records | 7 years (US IRS tax records requirement) |
| Apple App Store transaction records | Per Apple's policy; outside Aspra's control |
| Sentry crash/error data | 90 days |
| Langfuse onboarding telemetry | 90 days |
| Pair invite codes | 7 days from creation |
| Marketing/waitlist email (if you joined) | Until you unsubscribe |
Upon account deletion, all data marked above as "until you delete your account" is removed immediately or queued for deletion. Transaction records, crash data, and tax records persist for the durations stated, then are purged.
7. Your Rights by Region
You have rights over your personal data. The specific rights depend on where you live. The following sections enumerate the rights by jurisdiction. To exercise any right, email privacy@aspra.app with your account email and a description of the right you wish to exercise. We respond within the time limits required by the applicable law.
7.1 European Economic Area (EEA) and United Kingdom — GDPR / UK GDPR
You have the right to:
- Access the personal data we hold about you (Article 15).
- Rectification of inaccurate or incomplete data (Article 16).
- Erasure ("right to be forgotten") — Article 17.
- Restriction of processing in certain circumstances — Article 18.
- Portability — receive your data in a structured, commonly used, machine-readable format — Article 20.
- Object to processing based on legitimate interest — Article 21.
- Withdraw consent at any time (where processing is consent-based) — Article 7(3).
- Not be subject to a decision based solely on automated processing that has legal or similarly significant effects — Article 22. (Aspra's AI features generate suggestions, not legal decisions, and you remain in control of accepting or rejecting any AI output.)
- Lodge a complaint with the supervisory authority in your country.
Data Subject Access Requests (DSARs) can be submitted to privacy@aspra.app. We respond within 30 days.
EU / UK representative: Trackora LLC is US-based and has not yet appointed a formal representative under GDPR Article 27 (EU/EEA) or UK GDPR Article 27 (United Kingdom). We will appoint EU and UK representatives as our regular processing volume in those regions requires. In the interim, EU and UK privacy enquiries can be sent to privacy@aspra.app, and you retain the right to lodge a complaint with the supervisory authority in your country.
7.2 California — CCPA / CPRA
You have the right to:
- Know the categories and specific pieces of personal information we have collected about you.
- Delete personal information we hold about you, subject to limited exceptions.
- Correct inaccurate personal information.
- Opt out of sale or sharing of personal information. Aspra does not sell or share your personal information, as those terms are defined in CCPA/CPRA. There is nothing to opt out of.
- Limit use of sensitive personal information. Apple Health data, where collected with your consent, qualifies as sensitive personal information; we use it only as described in this policy and do not share it externally.
- Non-discrimination — we will not deny you services or charge a different price for exercising your rights.
Requests: privacy@aspra.app. We respond within 45 days, extendable to 90 days for complex requests.
7.3 Canada — PIPEDA + provincial privacy laws
You have the right to:
- Access your personal information.
- Correct inaccurate information.
- Withdraw consent to processing.
- File a complaint with the Office of the Privacy Commissioner of Canada or the relevant provincial privacy commissioner.
Requests: privacy@aspra.app.
7.4 Australia — Privacy Act 1988 (Cth) and Australian Privacy Principles
You have rights to:
- Access the personal information we hold about you (APP 12).
- Correct inaccurate information (APP 13).
- Complain to us first; if unresolved, complain to the Office of the Australian Information Commissioner (OAIC).
Requests: privacy@aspra.app.
7.5 Japan — Act on the Protection of Personal Information (APPI)
You have rights to:
- Disclosure of personal information we hold.
- Correction, addition, or deletion of personal information.
- Cessation of use or third-party provision of your personal information.
Requests: privacy@aspra.app. We respond in writing. Japanese-language correspondence will be reviewed; we reserve the right to engage translation as needed for complex requests.
7.6 South Korea — Personal Information Protection Act (PIPA)
You have rights to:
- Access personal information.
- Correction or deletion.
- Suspension of processing.
Requests: privacy@aspra.app. Korean-language correspondence will be reviewed.
7.7 Brazil — Lei Geral de Proteção de Dados (LGPD)
You have the rights to:
- Confirmation of processing and access to your data (Article 18 I, II).
- Correction of incomplete, inaccurate, or outdated data (Article 18 III).
- Anonymization, blocking, or deletion of unnecessary or excessive data (Article 18 IV).
- Portability to another service provider (Article 18 V).
- Deletion of personal data processed with your consent (Article 18 VI).
- Information about public and private entities with which we have shared data (Article 18 VII).
- Information about the possibility of denying consent and the consequences (Article 18 VIII).
- Revocation of consent (Article 18 IX).
Requests: privacy@aspra.app.
7.8 India — Digital Personal Data Protection Act 2023 (DPDP)
You have rights to:
- Access and a summary of personal data we process.
- Correction, completion, updating, and erasure of your personal data.
- Grievance redressal via our designated Grievance Officer.
- Nominate another person to exercise your rights in the event of death or incapacity.
Grievance Officer (DPDP Act, India): Rony Faraj Trackora LLC Email: privacy@aspra.app
(The Grievance Officer designation may be reassigned at any time by updating this Privacy Policy. India's DPDP Act does not require external filing for Grievance Officer changes — the published Privacy Policy is the canonical source.)
Aspra's Data Protection Officer (where applicable) and Grievance Officer can both be reached at privacy@aspra.app.
7.9 Switzerland — revised Federal Act on Data Protection (FADP)
You have rights similar to those under GDPR, including access, rectification, deletion, and objection. Requests: privacy@aspra.app.
7.10 Other regions
If you are in a region not specifically enumerated above, you may exercise applicable data-protection rights by emailing privacy@aspra.app. We will determine the applicable framework and respond in accordance with the rights granted to you under local law.
7.11 China — deferred
We have not enrolled the Service for compliance with the People's Republic of China's Personal Information Protection Law (PIPL) and do not market to or target users in the PRC. If you reside in the PRC, we do not knowingly process your personal data; do not use the Service if you reside in the PRC until we have published a PRC compliance update.
8. Children's Privacy
The Service carries a 17+ age rating and is not directed to anyone under 17. You must be at least 17 to use the Service, as described in the Terms of Service.
We do not knowingly collect personal data from anyone under 17 — and, in any event, not from children under 13 under the US COPPA, nor under the equivalent minimum age in your jurisdiction (e.g. 16 in some EU member states). If you are a parent or guardian and believe someone under 17 has provided us with personal data, please contact privacy@aspra.app and we will assist with deletion.
9. International Data Transfers
Aspra is operated by Trackora LLC, a US-based company. Personal data is processed primarily in the United States.
For EU/EEA/UK/Swiss users, data transferred from those regions to the US occurs under Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) and the equivalent UK International Data Transfer Addendum (IDTA). Our processors (Supabase, Stripe, Sentry, Cloudflare, Google) are independently certified or have entered into SCCs that cover their portion.
For Australian users, transfers comply with APP 8 (cross-border disclosure) under the Australian Privacy Act 1988.
For Canadian users, transfers comply with PIPEDA's accountability principle — Aspra remains responsible for personal data transferred to processors outside Canada.
For Brazilian users, transfers comply with LGPD Articles 33–36 (international data transfer rules).
10. Security
We use commercially reasonable technical and organizational measures to protect your data, including:
- Encryption in transit (TLS 1.2 or higher) for all network communication.
- Encryption at rest (provided by Supabase, Apple iCloud, Stripe, Sentry, and our other processors).
- Keychain storage for authentication tokens on your device — never in unencrypted UserDefaults.
- Row Level Security on Supabase tables ensuring shared data is accessible only to the two pair members.
- No service-role key in client code — the Supabase anonymous key in the iOS app is intentionally public and protected by RLS at the database layer.
- Hashed user identifier in Sentry, Langfuse, and all third-party telemetry — never raw IDs.
- Input validation in Edge Functions before passing user content to any AI provider.
No security measure is perfect. If we become aware of a security incident affecting your personal data, we will notify you and, where required, the relevant supervisory authority, within the time limits set by applicable law (72 hours under GDPR Article 33).
Report security issues to security@aspra.app.
11. Cookies and Website Tracking
The iOS app does not use cookies and has no advertising identifiers.
The websites at aspra.app and aspra.app use a minimal set of strictly-necessary cookies and similar technologies for session management and checkout flow. We do not use behavioral advertising cookies. We do not allow third-party advertising networks to set cookies on our websites.
For full website cookie disclosure, see the cookie notice posted at the bottom of aspra.app and aspra.app pages.
12. Account Deletion
You may permanently delete your account and all associated data at any time:
Settings → Delete Account in the iOS app.
This action will permanently and irreversibly:
- Delete all private goals, actions, log entries, journal entries, and your authentication identifier from your device and iCloud container.
- Delete all shared goals, actions, journal entries, and pair records from Supabase.
- Cancel all pending local notifications.
- Sign you out of Supabase Auth and remove your session.
- Clear your authentication identifier from the device Keychain.
After deletion: future Sentry events from your account will no longer carry your hashed user ID (the hash had been derived from your now-deleted UUID). Stripe transaction records and Apple App Store transaction records persist as required by tax law and Apple's policies. Existing Sentry crash data from before deletion persists for the 90-day Sentry retention window.
This action cannot be undone.
13. Changes to This Policy
We may update this Privacy Policy. Material changes will be:
- Announced via in-app banner.
- Posted at aspra.app/privacy with a new effective date.
- Emailed where we have your email and the change materially affects your rights.
- Made effective no sooner than 30 days after notice for material changes.
The "Last updated" date at the top of this document reflects the current version. Continued use of the Service after a material change constitutes acceptance.
Prior editions are archived and available on request to privacy@aspra.app.
14. Data Export
Aspra lets you export your personal data (goals, actions, log entries, journal entries) as a CSV spreadsheet or PDF summary. Exports are generated entirely on your device — no data is sent to any server during the export process. The resulting file is shared via your device's standard Share Sheet. Partner data and Apple Health raw metrics are not included in exports.
To export: Settings → Export Data.
15. Contact
| Purpose | |
|---|---|
| General privacy questions, DSARs, data-rights requests | privacy@aspra.app |
| Security reports | security@aspra.app |
| Legal demands, process service, IP claims (non-DMCA) | legal@aspra.app |
| DMCA notices | rony@trackora.dev |
| Billing inquiries | billing@aspra.app |
| Refund requests | refunds@aspra.app |
| Acceptable Use / abuse reports | abuse@aspra.app |
| Accessibility issues | accessibility@aspra.app |
For our postal address, contact privacy@aspra.app.