SpireSage

Privacy Policy

Last updated: March 22, 2026

Introduction

SpireSage ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we handle your information when you use our mobile application.

Data We Collect

  • Account Data: If you sign in, we store your email address and authentication provider (Apple, Google, or email) via Supabase Auth.
  • AI Conversations: Your AI coaching queries and responses are stored server-side to provide conversation history.
  • Usage Tracking: We track daily AI query counts to enforce free-tier rate limits.
  • Subscription Data: RevenueCat processes subscription purchases. Payment is handled securely by Apple/Google.
  • Push Notification Tokens: If you enable notifications, your device push token is stored to deliver updates.
  • Anonymous Analytics: We collect anonymous usage events via PostHog (EU-hosted, GDPR compliant) to improve the app.

Data We Do NOT Collect

  • Device identifiers or advertising IDs
  • Contacts, photos, or camera data
  • Browsing history
  • Location data

Local Storage

Game data (cards, relics, enemies, potions) is cached locally on your device using MMKV for offline access. This data is fetched from our API and can be cleared at any time from Settings.

How We Use Your Data

  • Provide AI coaching responses and conversation history
  • Enforce free-tier usage limits (3 AI queries per day)
  • Deliver push notifications you have opted into
  • Process and manage your Pro subscription
  • Improve app experience through anonymous analytics

Third-Party Services

  • Supabase: Authentication, database, and AI backend (EU data processing available)
  • RevenueCat: Subscription management and payment processing
  • Apple / Google: Payment processing via App Store and Play Store
  • OpenAI: AI model for coaching responses (queries are not used for training)
  • PostHog (EU): Anonymous usage analytics, GDPR compliant, hosted in the EU
  • Expo: Push notification delivery

We do not sell, trade, or share your personal data with third parties for marketing purposes.

Your Rights

You have the right to:

  • Access your stored data
  • Delete your account and associated data
  • Clear locally cached data (Settings > Clear Cache)
  • Opt out of push notifications (Settings > Notifications)
  • Opt out of analytics
  • Request a copy of your data

Data Deletion

You may request the deletion of all data associated with your account by sending an email to support@spiresage.app with the subject line "Data Deletion Request". We will process your request within 30 days.

Security

  • All API communication uses HTTPS/TLS encryption
  • Database access is protected by Row Level Security (RLS)
  • Payments are processed through secure Apple/Google systems
  • Admin endpoints are protected by API key authentication

Children's Privacy

SpireSage is not intended for users under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the app constitutes acceptance of the updated policy.

Contact

For privacy questions or data requests: support@spiresage.app