Privacy Policy

What We Collect

Account Information

When you create an Apsis account, we collect:

• Email address – for login and important account communications
• Name – so we can personalize your experience
• Timezone – to send notifications at the right time
• Preferences – notification settings, tier reminders, quiet hours

Contact Data (The Important Part)

Here's what we do store about your contacts:

• First names only – just enough to identify who's who
• Notes you write – conversation summaries, life events, topics discussed
• Interaction dates – when you logged contact with someone
• Emoji reactions – your quick-log feelings about interactions
• Tier assignments – which circle you've placed each person in

Usage Data

We collect minimal technical data to keep Apsis running smoothly:

• Device type – iOS version, device model (for bug fixes)
• App interactions – which features you use, so we can improve them
• Crash logs – if the app breaks, we need to know why

What we DON'T collect: No third-party analytics SDKs in Phase 1. No location tracking. No browsing history. No advertising identifiers.

What We Don't Collect

Let's be crystal clear about what Apsis never touches:

• Contact phone numbers – we never upload them
• Contact email addresses – not stored anywhere
• Full names – first names only, and only if you add them
• Third-party PII – we don't want your friends' data
• Message content – we don't see your texts, calls, or emails
• Social media connections – not in Phase 1 (and opt-in if we add it)

How We Use Your Data

We use the information we collect for exactly three purposes:

1. To Run the App

• Show your Circle Map visualization
• Generate your Daily Briefing
• Send nudges and reminders based on tier settings
• Sync data across your devices (if you use multiple)

2. To Improve Apsis

• Fix bugs and crashes
• Understand which features people use (aggregate data only)
• Optimize performance and battery usage

3. To Communicate With You

• Account security notifications
• Feature updates you might care about
• Responses to support requests

We never: Sell your data. Share it with advertisers. Use it for marketing outside the app. Train AI models on your notes. Export it to third parties.

Data Storage & Security

Where Your Data Lives

• On your device: Contact import processing happens locally. Full contact details never leave your phone.
• In the cloud: First names, notes, interaction dates, and preferences sync to our secure servers (AWS, US region).

How We Protect It

• All data transmitted over HTTPS (encrypted)
• Passwords hashed using bcrypt
• No third-party access to your relationship data
• Regular security audits as we scale

Your Rights (GDPR & CCPA)

Whether you're in Europe, California, or anywhere else, you have control over your data:

Right to Access

You can export all your Apsis data as JSON directly from the app. No waiting, no email requests.

Right to Delete

Delete your account in Settings → Account → Delete Account. Everything is permanently removed within 30 days (we keep a backup for that period in case you change your mind).

Right to Correct

Edit any contact name, note, or preference directly in the app. Changes sync immediately.

Right to Object

Don't want notifications? Turn them off. Don't want data syncing? Use Apsis in local-only mode (coming in a future update).

Right to Complain

If you think we've violated your privacy rights, contact us at [email protected]. You can also file a complaint with your data protection authority (EU) or attorney general (California).

Data Deletion

Here's exactly what happens when you delete your account:

1. Immediate: Your account is deactivated. You can no longer log in.
2. Within 7 days: All your data is removed from active servers.
3. Within 30 days: Backups are purged. Your data is gone forever.

Children's Privacy

Apsis is not intended for children under 13. We don't knowingly collect data from kids. If you're a parent and believe your child has created an Apsis account, contact us at [email protected] and we'll delete it immediately.

On-Device Processing

When we add contact import in a future update, here's how it will work:

• Step 1: You grant Apsis permission to access your Contacts app
• Step 2: Processing happens on your device – we extract first names and suggest tier placements
• Step 3: You review and approve which contacts to add
• Step 4: Only the first names you approve are uploaded

At no point do phone numbers or email addresses leave your device.

Deep-Linking & Native Apps

When you tap "reach out" in Apsis, the app opens your phone's native Messages or Phone app. This is a deep-link – it's like tapping a contact in your Contacts app. No data passes through Apsis servers. Your messages, calls, and emails are completely private.

Third-Party Services

Apsis uses a few essential third-party services to function:

• AWS (Amazon Web Services) – cloud hosting and database (US region)
• Stripe – payment processing for Pro subscriptions (we never see your full card number)
• TestFlight / App Store – Apple's distribution platform

All of these services are bound by contracts that prevent them from using your data for their own purposes.

We do NOT use: Google Analytics, Facebook SDK, TikTok Pixel, or any third-party analytics/advertising platforms in Phase 1.

Cookies & Tracking

Apsis is a native iOS app, so we don't use cookies. If we launch a web version in the future, we'll update this policy and give you control over cookie preferences.

Changes to This Policy

If we make significant changes to this privacy policy, we'll:

• Update the "Last updated" date at the top
• Notify you via email (if the changes are major)
• Show an in-app message highlighting what changed

We'll never weaken your privacy protections without giving you a chance to delete your account first.