Privacy Policy

1. Overview

Reflectify (“we,” “our,” or “us”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data. By using Reflectify, you agree to the practices described in this policy.

2. Information We Collect

We collect the following types of information to provide and improve the service:

• Account information: name, email address, password hash (bcrypt), and optional avatar/bio.
• Habits & routines: habit titles, difficulty settings, completion counts, and streak data.
• Tasks: daily recurring tasks and one-off todos, including titles, checklists, deadlines, and completion status.
• Diary entries: journal, reflection, gratitude, and venting entries you create. These are private by default.
• Focus sessions: Pomodoro timer templates, session durations, and completion data.
• AI Companion settings: agent name, personality preferences, communication style, focus areas, and system prompt.
• Gamification data: points earned, streaks, and activity logs showing completions and achievements.
• Club data: club memberships, messages, and leaderboard entries for social features.
• Friendships: connections you make with other users through the friend system.

3. How We Use Your Information

Your data is used solely to provide and improve the Reflectify experience:

• To authenticate you and maintain your account securely.
• To store and display your habits, tasks, diary entries, and focus sessions.
• To personalize your AI Companion responses using your preferences and activity context.
• To calculate leaderboards, streaks, and gamification progress.
• To enable social features like clubs and friendships between users.
• To diagnose technical issues and improve application performance.

4. AI Chat & Data Sharing

Messages sent to your AI Companion are processed through the OpenRouter API. Only your conversation messages and your configured system prompt are shared with OpenRouter to generate responses. We do not sell or share your chat history for marketing purposes. We recommend avoiding real names, exact locations, or other personally identifiable details in your diary entries and chat messages. Instead, use descriptions like “a close friend” or “my workplace.”

5. Data Storage & Security

All data is stored in MongoDB with proper indexing and access controls. Passwords are hashed with bcrypt before storage. Authentication uses httpOnly, secure cookies. While we implement reasonable security measures, no system is completely secure. You are responsible for keeping your password confidential.

6. Your Rights

You have the following rights regarding your data:

• Access: view all data associated with your account.
• Correction: update your profile, habits, tasks, and diary entries at any time.
• Deletion: delete individual entries or your entire account via the Account settings page.
• Portability: contact us if you need an export of your data.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated personal data is permanently removed from our databases within 30 days. Aggregated, anonymized statistics may be retained for analytical purposes.

8. Third-Party Services

We use the following third-party services:

• OpenRouter — processes AI chat messages to generate companion responses.
• Google OAuth — used only if you choose to sign in with Google.
• MongoDB Atlas — cloud database hosting.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance.

10. Contact

If you have questions or concerns about this Privacy Policy or your data, please contact us through the Support link or at our official channels.