Consistency AI ("we," "our," or "us") operates the Consistency AI mobile application and the website located at https://consistencyai.app (collectively, the "Service"). This Privacy Policy explains in clear terms what personal information we collect, why we collect it, how we store and protect it, and the rights you hold over your data.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Service immediately.
1. Information We Collect
1.1 Information You Provide Directly
When you create an account or interact with the Service, you may provide the following information:
Account Credentials: Your display name, email address, and profile photograph (if voluntarily uploaded).
Habit and Goal Data: Habits you create, goal descriptions, categories, frequency settings, streak records, and any notes or reflections you add.
Timer and Session Logs: Focus timer durations, session start and end timestamps, and productivity session records.
Communication Data: Any messages, feedback, or correspondence you send to us through support channels.
1.2 Information Collected Automatically
We collect a minimal set of technical information necessary to operate the Service reliably:
Authentication Tokens: Session identifiers required to maintain your logged-in state securely.
Device and Platform Metadata: Operating system type (iOS or Android) and app version number, used solely for compatibility and troubleshooting purposes.
1.3 Information We Do Not Collect
We want to be unambiguous about what we do not collect:
We do not use third-party analytics platforms, tracking pixels, or behavioral profiling tools.
We do not collect precise geolocation data, IP-based location tracking, or device fingerprints.
We do not access your contacts, calendar, camera, microphone, or file system.
We do not serve advertisements or integrate with any advertising network.
2. How We Use Your Information
The information we collect is used exclusively for the following purposes:
Service Delivery: To create and maintain your account, synchronize your habit data across devices, and display your progress and streaks.
Authentication: To verify your identity through Google OAuth, Apple Sign-In, or email and password credentials.
Service Improvement: To identify and resolve technical issues, improve app stability, and develop features based on aggregate, anonymized usage patterns.
Communication: To respond to your support requests, send critical service-related notifications (such as security alerts or policy changes), and fulfill legal obligations.
We will never use your personal information for purposes beyond those described here without obtaining your explicit consent.
3. Authentication Providers
Consistency AI offers three methods of account creation and sign-in:
Google OAuth: When you sign in with Google, we receive your name, email address, and profile image from Google. We do not gain access to your Google Drive, Gmail, calendar, or any other Google service data. Google's own privacy policy governs how Google handles your data on their end.
Apple Sign-In: When you sign in with Apple, we receive the name and email address you choose to share (Apple allows you to use a private relay email). We do not receive any other data from Apple.
Email and Password: When you register with an email and password, your password is cryptographically hashed before storage. We never store, log, or have access to your plaintext password.
4. Data Storage and Security
All user data is stored in a Supabase-managed PostgreSQL database. Supabase is a trusted, enterprise-grade backend platform that provides:
Row Level Security (RLS): Database-level access policies ensure that each user can only read and modify their own records. No user can access another user's data, even in the event of an application-level vulnerability.
Encryption at Rest: All stored data is encrypted using AES-256 encryption standards.
Encryption in Transit: All communications between the app and our servers are secured using TLS 1.2 or higher.
Access Controls: Administrative access to production databases is restricted, logged, and subject to multi-factor authentication.
While no method of electronic transmission or storage is entirely infallible, we employ commercially reasonable and industry-standard measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.
5. Cookies and Local Storage
Our use of cookies is minimal and strictly functional:
Essential Authentication Cookies: We use session cookies to maintain your authenticated state. These cookies are necessary for the Service to function and cannot be disabled without losing access to your account.
We do not use marketing cookies, analytics cookies, social media cookies, or any third-party tracking cookies. For complete details, please refer to our Cookie Policy.
6. Third-Party Services
We integrate with a limited number of third-party services, each essential to delivering the Service:
Supabase: Cloud database hosting, authentication, and backend infrastructure.
Google (OAuth): Authentication provider for Google Sign-In functionality.
Apple (Sign-In with Apple): Authentication provider for Apple Sign-In functionality.
Apple App Store and Google Play Store: Application distribution platforms.
We do not share, sell, rent, or trade your personal information with any third party for advertising, marketing, or data-brokering purposes. Each third-party provider listed above processes data solely to the extent necessary to provide their specific service.
7. Data Retention
We retain your personal information for as long as your account remains active and as necessary to provide you with the Service. Specifically:
Active Account Data: Your account information, habit data, and session logs are retained for the duration of your account's existence.
Deleted Account Data: Upon account deletion, we initiate the removal of your personal data within thirty (30) calendar days. Certain anonymized or aggregated data that cannot be used to identify you may be retained for analytical purposes.
Legal Retention: Where required by applicable law, regulation, or legal proceeding, we may retain specific records beyond the standard deletion timeline. Such retention is limited to the minimum scope and duration mandated by law.
Support Correspondence: Records of support communications may be retained for up to twelve (12) months following resolution for quality assurance and dispute resolution purposes.
8. Your Rights
Regardless of your geographic location, we extend the following rights to all users of the Service:
Right of Access: You may request a copy of the personal data we hold about you at any time.
Right to Rectification: You may request correction of any inaccurate or incomplete personal information.
Right to Deletion: You may request permanent deletion of your account and associated data. This can be done directly within the app or by contacting us. Please refer to our Data Deletion Policy for detailed instructions.
Right to Data Portability: You may request an export of your data in a structured, commonly used, and machine-readable format.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to Restriction: You may request that we restrict processing of your personal data under certain circumstances as permitted by applicable law.
To exercise any of these rights, please contact us at support@consistencyai.app. We will respond to all legitimate requests within thirty (30) calendar days.
9. Children's Privacy
Consistency AI is not intended for use by individuals under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at support@consistencyai.app. Upon verification, we will promptly delete such information from our systems.
Users between the ages of 13 and 18 should use the Service only with the involvement and consent of a parent or legal guardian.
10. International Data Transfers
Consistency AI is operated by a company based in India, and our primary data infrastructure is hosted through Supabase's cloud services. If you access the Service from outside India, your information may be transferred to, stored, and processed in jurisdictions where our service providers operate.
We take appropriate measures to ensure that your personal data receives an adequate level of protection regardless of the country in which it is processed. These measures include relying on service providers that maintain robust security certifications and contractual data protection obligations.
By using the Service, you consent to the transfer and processing of your information as described in this section.
11. Legal Basis for Processing (Where Applicable)
For users in jurisdictions where a legal basis for processing is required (such as the European Economic Area), we process personal data on the following grounds:
Performance of Contract: Processing necessary to deliver the Service you have requested by creating an account.
Legitimate Interests: Processing necessary for our legitimate interests, such as maintaining the security and integrity of the Service, provided such interests are not overridden by your rights.
Consent: Processing based on your freely given, specific, and informed consent, which you may withdraw at any time.
Legal Obligation: Processing necessary to comply with applicable laws and regulations.
12. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or operational needs. When we make material changes, we will:
Update the "Last updated" date at the top of this policy.
Provide notice through the app or via email for significant changes that affect how your data is processed.
Your continued use of the Service following any modifications constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us: