Privacy Policy

Yovel is operated by Mohamed Dakkak, a sole proprietor based in the State of Maine, United States. You can reach us at [email protected].

We collect only the data needed to make Yovel work for you. Every piece is listed below.

• Email address and display name — from Firebase Authentication when you sign up. Used to identify your account.
• Routine generations — the AI-generated daily routines we create for you, plus the inputs (current period, weather override if set, place context, mood snapshot) that produced them.
• Mood entries — what you tell us about how you feel, when you log a mood.
• Completion records — which routine activities you marked done or skipped, and when.
• AI-generated daily reflections (Pro after day 7) — once you've used Yovel for at least one day, we generate a short reflection on your previous day's activities (a 2-3 sentence recap and a single suggestion for today). The reflection is derived from your own activity completion history and your mood logs. It's stored in your account and deleted when you delete your account. We do not share these reflections with anyone.
• Location (in-the-moment only) — when you grant location access, your device's coordinates are rounded to approximately 110 meters of precision and used once to fetch your location's place type from Google Places. The rounded coordinates are cached on our server for 5 minutes to avoid duplicate lookups, then discarded. We do not maintain a location history.
• Health data (sleep + steps) — Apple Health is a Pro-only, opt-in feature that requires two separate consents: the iOS HealthKit permission prompt AND a default-off toggle in Settings → Connections → Apple Health. When both are on, we read your sleep duration from last night and your step count for today to inform routine generation and to write a brief one-to-two-sentence acknowledgment shown above your routine on Home (e.g., “eight hours of rest behind you…”). We do not store the raw HealthKit numbers on our server. We do store the AI-written acknowledgment text on your routine record so the card renders consistently when you reopen Home; that text is deleted along with the routine when you delete your account. Turning the in-app toggle off is immediate — the very next routine generation skips HealthKit entirely and sends nothing health-related to our servers.
• Subscription state — whether you have an active Pro subscription, the product, the renewal date. Source: Apple/RevenueCat.
• Preferences — your settings choices: theme, marketing-email opt-in, "help improve" opt-in, voice persona preferences, image-description preferences, accessibility toggles.
• Daily usage counters — how many routines you generated today (used to enforce free-tier and Pro fair-use limits).
• Device push notification tokens — when you grant notification permission, your device's Firebase Cloud Messaging token is stored at users/{uid}/tokens/{tokenId} so we can send you streak reminders and daily moment notifications. One entry per device. Tokens are deleted automatically when they become invalid (e.g., after an app reinstall) and when you delete your account. We never share these tokens with anyone.
• In-app feedback you submit — when you tap Settings → Send feedback and submit a note, we store the category you picked (bug / suggestion / praise / other), the message body you wrote (up to 500 characters), and your account ID at feedback/{id}. We use it to decide what to build next. We do not auto-attach app version, OS, device model, route history, or any other diagnostic data — what you see in the form is exactly what we receive. Deleted on account deletion. We never share feedback with anyone outside of Yovel.
• Public posts you share — when you create a post in the social feed, we store the message body, your account ID, your display name, the time you posted, and a server-side moderation tag at posts/{postId}. Posts are visible to all signed-in Yovel users — that is the point of the feed. We do not auto-attach app version, OS, device model, location, or any diagnostic data. Posts that trip our crisis-resource classifier are refused at submit time and are never stored. Every post you authored is removed when you delete your account.
• Reports you file — when you tap the More menu on a post and report it, content reports go to reports/{reportId}. We see the post id, the reason you picked (spam, harassment, hate speech, self-harm, sexual content, violence, or other), and your account id. Used to keep the feed safe — we review reports within 24 hours. The post author is never told who reported them. Deleted with your account.
• Block list — users you've blocked are stored at users/{uid}/blocked/ with the blocked account id and the time you blocked them. Other users never see this list. We also keep a server-only reciprocal index at users/{targetUid}/blockedBy/{uid} so the blocked account's posts never appear in your feed and your posts never appear in theirs. Both lists are deleted with your account.
• Device identifier hash — a one-way SHA-256 hash of your device's vendor identifier (iOS) or Android ID, salted with a server-side secret pepper. We never see or store your raw device ID — it is sent once at signup and discarded. The hash is used only to detect abuse patterns (e.g., the same physical device opening many accounts). Stored on your account record at users/{uid}.hashedDeviceId. Deleted when you delete your account.
• Email address (hashed for security logs) — a one-way SHA-256 hash of your email address is stored alongside security event records to detect abuse patterns across signup attempts (for example, the same email address being used to attempt multiple signups). The hash cannot be reversed to your original email. Your raw email address remains stored in your account record per Firebase Auth defaults — see the existing "Email address and display name" disclosure above for that. Deleted when you delete your account.
• Security event records — server-only logs of signup attempts, rate-limit refusals, and App Check verification failures stored at securityEvents/{eventId}. Used solely for abuse prevention and the day-30 abuse-pattern review. Records auto-expire after 30 days via a Firestore TTL policy. Records linked to your account are also deleted immediately when you delete your account. We never share these records with anyone outside of Yovel.
• Email verification codes — when you sign up with email + password, we generate a 6-digit code and email it to you (via Resend) to confirm you own the address. Only a SHA-256 hash of the code is stored at emailVerifications/{token}; the raw code lives only in your inbox. The record auto-expires after 10 minutes via a Firestore TTL policy and is also deleted immediately after a successful signup. We never share verification codes with anyone outside of Yovel.
• Crash and error logs — basic crash reports automatically generated by iOS, used to fix bugs. No personal content is included.

Accessibility preferences (on-device only)

Eight toggles in Settings → Accessibility (VoiceOver hints, Voice Controllabels, Larger Text, Reduce Transparency, Caption text size, High Contrast,Differentiate Without Color, and Larger Tap Targets) are stored on yourdevice using the operating system's secure local storage. They are notuploaded to our servers, not synced across your devices, not used foranalytics, and not sold to third parties. Uninstalling the app deletesthese preferences along with the app itself.

• Service delivery: generate your routines, store your moods, track your completions, enforce subscription state.
• Personalization: use your recent moods and completions to make tomorrow's routine more relevant to you.
• Security: detect and prevent abuse (rate-limit counters, fraud monitoring on subscriptions).
• Customer support: respond to your messages.
• Legal compliance: respond to lawful requests from authorities; comply with auto-renewal disclosure laws and consumer-protection laws.

We do not use your data for advertising. We do not sell your data. We do not use your data to train third-party AI models without your explicit consent (see "Help improve Yovel" below).

Yovel does not track you across other companies' apps and websites. We do not load any third-party analytics SDKs (no Mixpanel, Amplitude, Facebook Pixel, Google Analytics, or similar). The only third parties we share data with are listed below.

• Anthropic (AI text generation): our backend sends prompts to Anthropic for routine generation, AI Coach reflections, weekly insights, mood reflections, and “Now Moment” suggestions. The wire payload is a structured summary — your mood scale (great / good / okay / low / awful), categorical themes extracted from your mood notes (e.g. “sleep”, “work”, “relationship” — never your actual note text), completion counts, current period, place category, and (when Apple Health is enabled) two numeric values from the health snapshot: your last-night sleep duration in hours and your step count so far today. Your identity (uid, email, name beyond first name) is never sent. Your free-text mood notes are paraphrased server-side into category tags before transmission; the original text never leaves our servers. Anthropic’s privacy commitments: https://www.anthropic.com/legal/privacy.
• Voice synthesis provider (Pro feature): when a Pro subscriber or active 7-day-trial user taps "Listen" on a routine or AI Coach reflection, our backend sends a short voice script and contextual data (first name, time of day, mood scale, sleep hours, weather category) to our voice synthesis provider to generate the audio. We do not send your mood notes, message text, full name, email, or any identifier beyond your first name. The generated audio is cached in Firebase Storage for up to 1 hour to enable instant replay, then cleared. Audio is also deleted immediately when you delete your account. The voice picker plays pre-generated MP3 samples served from Firebase Storage and does not call the synthesis provider. Free-tier users do not trigger any synthesis-provider calls.
• Google (place-type lookup): when you grant location, we send your rounded coordinates to Google Places to identify your location's category (work, home, park, café, etc.). No identifier is sent. Google's privacy: https://policies.google.com/privacy.
• Apple / RevenueCat (subscriptions): Apple processes your subscription as the merchant of record. RevenueCat receives your Firebase user ID + subscription product to manage entitlements. RevenueCat's privacy: https://www.revenuecat.com/privacy.
• Google Firebase (data storage): Firebase Authentication, Firestore, and Cloud Functions are operated by Google and store your data. Firebase's privacy + Standard Contractual Clauses: https://firebase.google.com/support/privacy.
• Google Sign-In (optional sign-in method): if you choose "Continue with Google" on the sign-in or sign-up screen, Google authenticates you and returns a token to Yovel. We receive your Google account's email address and (if you've set one) your display name and profile photo URL — only what's needed to create your Yovel account. We do not request access to your Gmail, Calendar, Contacts, Drive, or any other Google service. You can revoke Yovel's access anytime from your Google account at https://myaccount.google.com/permissions. Google's privacy: https://policies.google.com/privacy.
• Resend (email verification): when you sign up with email + password, we send a 6-digit verification code to your inbox to confirm you own the address. Resend processes the email-send request on our behalf — they receive your email address and the message contents. We do not use Resend for marketing or analytics. Resend's privacy: https://resend.com/legal/privacy-policy.

Voice synthesis

First name and contextual data (sleep hours, mood scale, weather, time of day) are sent to our voice synthesis provider for audio generation. No mood notes or message text are sent. Audio is cached in Firebase Storage for up to 1 hour to enable instant replay, then cleared. Audio is also deleted immediately when you delete your account. Pre-recorded voice samples for the picker are static MP3 files served from Firebase Storage.

If you opt in via Settings → Account → "Help improve Yovel," we may use anonymized aggregate patterns from your usage (which routine activities most users complete vs. skip, which weather states correlate with which mood ranges, which times of day generate the most routines) to improve the AI prompts and product. Your individual data is never sold, shared with advertisers, or used to train third-party AI models.

Off by default. You can opt in or out anytime in Settings. If you turn it off, we delete any aggregate data tied to your previous opt-in within 30 days.

• Contract: we process the data needed to deliver Yovel to you (account, routines, completions, subscription).
• Consent: we process location, HealthKit data, marketing-email contact, and "help improve" data only with your explicit consent.
• Legitimate interest: we process basic security, fraud prevention, and crash-error logs to keep the service safe.
• Legal obligation: we retain certain data when required by law (e.g., subscription transaction records for tax purposes).

Depending on where you live, you have one or more of these rights:

• Access: see what data we hold about you. Email [email protected] and we will respond within 30 days.
• Rectification: correct inaccurate data.
• Erasure (right to be forgotten): delete your data via Settings → Account → "Delete account." This is immediate and irreversible.
• Portability: receive a machine-readable copy of your data. Email us.
• Restriction: limit how we use your data while we resolve a question.
• Objection: object to certain processing (e.g., legitimate-interest fraud prevention) — we will weigh your objection.
• Withdraw consent: for processing based on consent (location, health, marketing, "help improve"), you can withdraw anytime in Settings.
• Lodge a complaint: with your local data protection authority. EU residents: your local DPA. UK residents: the ICO. Brazilian residents: the ANPD. Maine residents: the Maine Office of the Attorney General, Consumer Protection Division, 6 State House Station, Augusta, ME 04333.

You can delete your account and all of your data anytime in Settings → Account → "Delete account." Deletion is immediate and irreversible. We delete:

• Your Firebase Authentication record (email, sign-in history).
• All routines, mood entries, completion records, and weekly insights tied to your account.
• All caches (place lookups, now moments, mood reflections).
• Your subscription state, usage counters, and webhook event log.
• Your device push notification tokens (one entry per device you signed in on).
• Any in-app feedback you submitted via Settings → Send feedback.
• Every post you authored in the social feed.
• Every report you filed against another user's post, and every user in your block list (both directions of the block).
• Your hashed device identifier (the raw value was never stored).
• Every security event record linked to your account (signup history, rate-limit refusals, App Check failures).
• Crisis-resource rate-limit markers (a single timestamp record at users/{uid}/safety/lastCrisisAlert used to debounce the in-app crisis-resource modal to once every 6 hours; contains no mood text or message content).
• Your preferences and the ToS acceptance record.

Backups are purged within 30 days. After that, we retain no record of your account.

Note: deleting your account does not cancel an active Apple subscription. Cancel your subscription separately in Settings → [Your Apple ID] → Subscriptions on your device.

If you opt in at signup or in Settings → Account → "Email me product updates," we may send you occasional product-update emails (typically once a month or less). Every email has a one-click unsubscribe link in the footer. You can also turn it off in Settings anytime.

We send transactional emails (account verification, password reset, receipt) regardless of your marketing preference — those are required for the service to work.

Yovel is not directed to children. The minimum age to use Yovel is 13 (United States) or 16 (European Union, unless you have explicit parental consent). If we discover that a child below the minimum age has created an account, we will delete it.

• Account data: for as long as your account exists.
• Crash/error logs: 90 days, then automatically deleted.
• Backups: 30 days after account deletion, then automatically purged.
• Anonymized "help improve" data (if opted in): retained while opted in; deleted within 30 days of opt-out.
• Legal-record retention: subscription transaction records may be retained up to 7 years to comply with US tax law and EU Member State equivalents.

Yovel uses Firebase, hosted in the United States. When you use the service from outside the US (e.g., the EU, UK, Brazil, Australia), your data is transferred to the US. These transfers rely on Google's Standard Contractual Clauses, available at https://firebase.google.com/support/privacy.

Yovel is built to match Apple's first-party-app privacy bar:

• No App Tracking Transparency prompt — we don't track you across apps and websites.
• No third-party analytics SDKs (no Mixpanel, Amplitude, Facebook Pixel, etc.).
• Data minimization: only what the feature needs, only when it needs it.
• Privacy-protective defaults: marketing off, location only when in use, HealthKit minimal scope.
• Privacy Manifest (PrivacyInfo.xcprivacy) accurately declares every Required Reason API use.
• Strong encryption in transit and at rest, via Firebase.

Yovel is available worldwide. No matter where you are, you can download the app, create an account, and reach us with privacy questions at [email protected].

We respond to data-protection requests under the law that applies in your region, including GDPR (EU/EEA), UK GDPR, LGPD (Brazil), PIPEDA (Canada), CCPA / CPRA (California), and equivalents in Australia, Japan, and elsewhere. Account deletion is available to anyone, anywhere, at no charge.

We will give you at least 30 days' notice — via email and an in-app banner — before any material changes take effect. The "Last updated" date at the top of this page will reflect the latest revision.

Recent versions

• v1.14 (2026-05-07) — Tightened the Apple Health disclosure: clarified that the feature requires two consents (iOS HealthKit permission AND a default-off in-app toggle in Settings), is Pro-only, and that the AI-written one-to-two-sentence acknowledgment shown above your routine is stored on the routine record (the raw sleep/steps numbers are still not stored). Made the Anthropic disclosure specific about which two numbers from the health snapshot are sent (sleep hours and step count). No new data is collected, no new third parties added.
• v1.13 (2026-05-01) — Brand display name updated from MicroLife AI to Yovel. No data handling, retention, or third-party-sharing changes.
• v1.12 (2026-05-01) — Corrected voice-audio retention disclosure to match the implementation (1 hour, not 7 days). Added explicit "deleted on account close" language now that the cascade covers voice cache and Storage blobs.
• v1.11 (2026-05-01) — Added a third-party processor for voice synthesis (Pro + 7-day-trial only). Updated Anthropic disclosure to clarify mood notes are paraphrased into category tags server-side before transmission.

Questions, requests, or complaints: [email protected]. We respond within 30 days.