The Short Version

We collect your email address and your in-app activity. We do not sell your data. We do not share your data with advertisers. We use anonymous analytics to understand how the app is being used. You can delete everything at any time.

That is the honest summary. The rest of this document is the full version.

01 What We Collect

When you create an account, we collect your email address. That is the only personally identifying information we ask for.

When you use the app, we store the following on your behalf:

This data is stored in your account and is not accessible to other users. Row-level security is enforced at the database level — your data is yours.

We do not collect your name, your location, your device identifiers, or any health information beyond what you voluntarily enter into the app.

02 Analytics

We use PostHog for product analytics. This helps us understand which features are used, where people drop off, and what to build next.

PostHog receives anonymous usage events — things like "remedy viewed" or "body oracle searched." It does not receive your email address, your journal entries, or any identifiable health information. PostHog does not sell data to third parties.

If you would like to understand PostHog's privacy practices, their documentation is public at posthog.com/privacy.

03 What We Don't Do

04 Data Storage & Security

Your data is stored in Supabase, a cloud database provider. Supabase uses industry-standard encryption at rest and in transit. Access to your data is controlled by row-level security policies — the app can only read or write data that belongs to your account.

We are a small operation. We don't have a security team. We do have a correct architecture, RLS enforced at the database level, and no third-party data sharing. That is the honest picture.

05 Your Rights

You have the right to:

To delete your account, go to your profile screen and select Delete Account. This removes your account and all associated data permanently. It is not reversible. Note that deleting your account does not automatically cancel an active subscription — you must cancel that separately through your Apple ID subscription settings.

For any other data requests, contact us directly at viridia.app@proton.me.

06 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act. These include the right to know what data we collect, the right to delete it, and the right to opt out of the sale of your personal information.

We do not sell personal information. The opt-out right is already exercised by default.

To exercise your right to know or delete, use the account deletion feature in the app or contact us.

07 EU / UK Users (GDPR)

If you are in the European Union or United Kingdom, the GDPR gives you rights over your personal data. Our lawful basis for processing your data is the performance of our contract with you — providing the app you signed up for.

You have the right to access, correct, port, and erase your data. Contact us to exercise these rights, or use the in-app deletion flow for erasure.

We do not transfer your data outside of jurisdictions covered by adequate data protection frameworks without appropriate safeguards.

08 Children

Viridia is not designed for or directed at children under 13. We do not knowingly collect data from children. If we become aware that a child under 13 has created an account, we will delete it.

09 Breach Notification

In the event of a data breach affecting your personally identifiable information, we will notify you by email without unreasonable delay and within 60 calendar days of discovery. If a breach affects 500 or more users, we will also notify the FTC as required by the Health Breach Notification Rule.

We will tell you what happened, what data was affected, and what we are doing about it. No corporate boilerplate. Just the facts.

10 Contact

Questions about your data or this policy:

viridia.app@proton.me

We're a small team. We read our messages.