Privacy Policy
Last updated: March 3, 2026
1. Introduction: Privacy First
Welcome to Bounded Self. We believe that your emotional energy is a personal resource, not a commodity to be sold.
We have built this application with a “Privacy by Design” philosophy. This means we treat your emotional logs and journal entries as sensitive personal information and we process it only for the specific purposes described in this policy. We do not sell your data, we do not use it for third-party advertising, and we provide you with granular control over exactly what you share.
2. Information We Collect
We collect information in four categories: data you need to use the app, data you choose to log, technical data required for security, and data collected through tracking technologies.
A. Account Information (Required)
To create an account and manage your subscription, we collect:
- Identity Data: Display name and email address.
- Authentication Data: If you sign up via Google, we receive your email and a unique authentication token. We never see or store your Google password.
- Payment Data: If you upgrade to Premium, our payment processor (Stripe) collects your billing details. Bounded Self never stores your full credit card number.
B. Emotional & Activity Data (Sensitive & Consented)
This data is the core of the application. We classify this as sensitive personal information and process it only with your explicit consent, which you grant during onboarding.
- Energy Logs: Numeric (1–10) or emoji-based ratings of your energy levels.
- Moods: The specific emotions associated with your entries (e.g., “Anxious,” “Calm”).
- Categories: The types of activities you log (e.g., “Work,” “Family”).
- Location Labels: Text labels you manually enter (e.g., “Home Office,” “Gym”). We do not track your GPS or physical coordinates.
- Social Contact: Text labels you manually enter (e.g., “Mark”, “Alika”). We do not connect your energy records with external entities. You may use pseudonyms to further protect the privacy of individuals in your network.
C. Journaling (Optional — Separate Consent)
Free-Text Notes: You may choose to add written notes to your entries. Because this text could contain anything (including health details), we require separate, optional consent for this feature. You may withdraw consent for Journaling at any time while continuing to use the rest of the app. Upon withdrawal of journaling consent, all previously collected journal entries will be permanently deleted within 30 days. During this period, your journal data will be immediately hidden and excluded from all processing.
D. System & Usage Data
- Technical Logs: We log your IP address, browser type, and operating system to prevent abuse and assist with support tickets. These logs are retained for a maximum of 90 days and then automatically purged.
- Usage Metrics: We track how you use the app (e.g., “created a budget,” “viewed dashboard”) to improve functionality. See Section 5 (Cookies & Tracking Technologies) for details on how this data is collected.
3. Legal Basis for Processing
We process your personal data only when we have a valid legal basis to do so. The following table identifies the legal basis for each processing activity. Where we voluntarily adopt GDPR standards, we map our processing to the categories recognized under Article 6 (and Article 9 for sensitive data).
| Processing Purpose | Legal Basis | Details |
|---|---|---|
| Account creation & management | Contractual Necessity | Required to provide the service you signed up for. Without this data, we cannot maintain your account. |
| Energy logs and categories | Contractual Necessity | You grant consent during onboarding as a required field for application functionality. If you wish to withdraw consent, you will need to submit for deletion of your account and data will be removed in accordance with deletion processing. |
| Moods | Explicit Consent | Requires independent opt-in. Withdrawal triggers deletion of historical self-reported mood data within 30 days. |
| Location Labels | Explicit Consent | Requires independent opt-in. Withdrawal triggers deletion of historical self-report location data within 30 days. |
| Social Contact labels | Explicit Consent | Manually entered text labels identifying social connections associated with energy entries. These labels are not linked to external accounts or identities. Requires independent opt-in. Withdrawal triggers deletion of historical self-report social data within 30 days. |
| Journaling (free-text notes) | Explicit Consent (separate) | Requires independent opt-in. Withdrawal triggers deletion of historical journal data within 30 days. |
| Payment processing | Contractual Necessity | Required to fulfill your Premium subscription. Processed by Stripe under their own privacy policy. |
| Security & fraud prevention | Legitimate Interest | We have a legitimate interest in protecting your account and our platform from unauthorized access and abuse. |
| Transactional emails | Contractual Necessity | Password resets, subscription receipts, and account notifications required to operate the service. |
| Product updates & weekly insights | Consent (opt-in) | Only sent if you affirmatively opt in. You may unsubscribe at any time. |
| Aggregated research & improvement | Legitimate Interest | Used to improve algorithms and features. Data is anonymized per the standards described in Section 4. |
| Cookies & analytics | Consent / Legitimate Interest | Strictly necessary cookies: Legitimate Interest. Analytics and optional cookies: Consent via cookie banner. See Section 5. |
Account creation & management
Legal Basis: Contractual Necessity
Required to provide the service you signed up for. Without this data, we cannot maintain your account.
Energy logs and categories
Legal Basis: Contractual Necessity
You grant consent during onboarding as a required field for application functionality. If you wish to withdraw consent, you will need to submit for deletion of your account and data will be removed in accordance with deletion processing.
Moods
Legal Basis: Explicit Consent
Requires independent opt-in. Withdrawal triggers deletion of historical self-reported mood data within 30 days.
Location Labels
Legal Basis: Explicit Consent
Requires independent opt-in. Withdrawal triggers deletion of historical self-report location data within 30 days.
Social Contact labels
Legal Basis: Explicit Consent
Manually entered text labels identifying social connections associated with energy entries. These labels are not linked to external accounts or identities. Requires independent opt-in. Withdrawal triggers deletion of historical self-report social data within 30 days.
Journaling (free-text notes)
Legal Basis: Explicit Consent (separate)
Requires independent opt-in. Withdrawal triggers deletion of historical journal data within 30 days.
Payment processing
Legal Basis: Contractual Necessity
Required to fulfill your Premium subscription. Processed by Stripe under their own privacy policy.
Security & fraud prevention
Legal Basis: Legitimate Interest
We have a legitimate interest in protecting your account and our platform from unauthorized access and abuse.
Transactional emails
Legal Basis: Contractual Necessity
Password resets, subscription receipts, and account notifications required to operate the service.
Product updates & weekly insights
Legal Basis: Consent (opt-in)
Only sent if you affirmatively opt in. You may unsubscribe at any time.
Aggregated research & improvement
Legal Basis: Legitimate Interest
Used to improve algorithms and features. Data is anonymized per the standards described in Section 4.
Cookies & analytics
Legal Basis: Consent / Legitimate Interest
Strictly necessary cookies: Legitimate Interest. Analytics and optional cookies: Consent via cookie banner. See Section 5.
4. How We Use Your Information
We use your data for specific, limited purposes:
- To Provide the Service: To visualize your energy trends, calculate your energy budget, and display your history.
- To Protect You: To identify account anomalies (like a login from a new device) and prevent unauthorized access.
- To Communicate: To send transactional emails (password resets, subscription receipts) and, if you opt in, weekly insights or product updates.
- For Internal Research & Improvement: We may aggregate and anonymize user data to research energy patterns and improve our algorithms (e.g., “Users who log 3 times a day report 10% better energy awareness”).
Anonymization Standards
When we refer to “anonymized” or “aggregated” data in this policy, we mean data that has been processed to meet the following standards:
- All direct identifiers (names, emails, user IDs, IP addresses) are permanently removed.
- Indirect identifiers (timestamps, activity categories, location labels) are generalized to prevent re-identification (e.g., timestamps rounded to the week; location labels grouped into broad categories).
Privacy Guarantee: Anonymized data meeting these standards is no longer considered personal data. We do not share aggregated research data with third-party advertisers.
Automated Processing Disclosure
Bounded Self uses automated processing to provide recommended baselines for energy budget, generate trend visualizations, and produce weekly insight summaries using statistical descriptive measures such as rolling averages, detecting large deviations from the mean, and other standard statistical methods. These features are informational tools based on your self-reported data. They provide information towards the decisions in your actions, but do not take or make those decisions or purport to contain all of the information needed to decide on a course of action.
You may contest or request human review of any automated output by contacting privacy@boundedself.com. You also have the right to opt out of automated insight generation at any time via Settings > System Behavior > Insight Display Limit without affecting your ability to use the core logging features.
5. Cookies & Tracking Technologies
We use cookies and similar technologies to operate, secure, and improve Bounded Self. This section describes what technologies we use and how you can control them.
A. Strictly Necessary Cookies
These cookies are essential for the app to function and cannot be disabled. They include session authentication tokens, CSRF protection tokens, and cookie consent preference storage. Legal basis: Legitimate Interest.
B. Analytics Cookies
PostHog is used to collect anonymized usage data such as page views, feature usage frequency, and session duration. These cookies are only placed with your consent via our cookie banner. You may withdraw consent at any time via Settings > Privacy > Cookie Preferences. Legal basis: Consent.
C. Third-Party Cookies
We do not use any third-party advertising cookies. Stripe may place cookies strictly necessary for payment processing. Google may place cookies if you use Google OAuth for login. These third-party cookies are governed by the respective provider’s privacy policy.
D. How to Control Cookies
You can manage your cookie preferences at any time through Settings > Privacy > Cookie Preferences, or by adjusting your browser settings. Note that disabling strictly necessary cookies may prevent the app from functioning correctly.
6. How We Share Your Information
We do not sell your personal data. We share data only with the trusted service providers (“sub-processors”) that help run our infrastructure. These providers are bound by data processing agreements that require them to protect your data to standards at least as protective as this policy:
- Supabase (USA): Secure database hosting and authentication management.
- Vercel (USA): Cloud hosting and serverless infrastructure.
- Stripe (USA): Payment processing and subscription management.
- Google (USA): OAuth login services (only if you choose to use them).
- Resend (USA): Transactional and marketing email delivery.
- PostHog (USA): Anonymized usage analytics as described in Section 5.
We may also disclose data if required by law (e.g., a valid subpoena or court order). We will notify you in advance of any such disclosure unless prohibited by law from doing so.
International Data Transfers
All of our sub-processors are currently based in the United States. If you access Bounded Self from outside the United States, your data will be transferred to and processed in the United States.
7. Your Rights & Control
Regardless of where you live, Bounded Self grants you the following rights:
The Right to Granular Consent
You choose exactly what features to enable. You can toggle “Journaling”, “Moods”, “Location Labels”, and “Social Contacts” on or off instantly in Settings > Data Consent. Turning off a feature stops future collection immediately.
Effect of Consent Withdrawal on Historical Data
When you withdraw consent for a specific feature, the following occurs:
- Journaling: All previously collected journal entries are permanently deleted within 30 days. They are immediately hidden and excluded from processing.
- Moods: All previously collected mood entries are permanently deleted within 30 days. They are immediately hidden and excluded from processing.
- Location Labels: All previously collected location entries are permanently deleted within 30 days. They are immediately hidden and excluded from processing.
- Social Contacts: All previously collected social entries are permanently deleted within 30 days. They are immediately hidden and excluded from processing.
- Energy Logs: Withdrawing consent for the core logging feature is equivalent to requesting account deletion and will trigger the process described in “The Right to be Forgotten” below.
The Right to Access & Portability
You can download a machine-readable copy (JSON) of your entire history at any time via Settings > Privacy & Data > Data Export. For security, we require you to re-authenticate (enter your password) before generating this file.
The Right to be Forgotten (Erasure)
You can request the permanent deletion of your account via Settings > Privacy & Data > Delete Account.
- The Safety Window: When you request deletion, your account enters a 7-day grace period. Your data is hidden immediately, but not erased.
- The Rescue Flow: If you change your mind within 7 days, you can log in to “rescue” your account.
- Permanent Erasure: After a minimum of 7 days, an automated process permanently wipes your data from our database. The automated process runs on a weekly basis meaning that the account data may exist for up to 13 days depending on when the deletion is submitted. This cannot be undone.
The Right to Restrict Processing
If you wish to take a break without losing your data, you can use the “Pause Account” feature. We will securely store your data but stop all active processing and summary generation until you return. This feature will stop the data aging process described in Section 8, turn off all email notifications, and direct you to the payment processor portal for cancelling your subscription if you are a subscriber. We reserve the right to delete paused accounts after one year, but at the time of this writing, do not intend to do so and will make at least three attempts to reach the account holder prior to that deletion.
8. Data Retention
We retain your personal data only as long as your account is active or as needed for the purposes described in this policy.
- Active Accounts: Data is kept until you delete it or request account deletion.
- Inactive Accounts: If you do not log in for 180 days, we will mark your account as “Archived.” We will send you an email notification at 30 days before this happens. If an account remains archived and unclaimed for an additional 30 days, it will be permanently deleted per the erasure process described above. The exception to this is for accounts that have activated the “Pause Account” feature described in Section 7. We reserve the right to delete aged accounts that have been paused if they are greater than one year of age following the outlined process in Section 7.
- Technical Logs: IP addresses, browser data, and similar technical logs are automatically purged after 90 days.
- Anonymized Data: Aggregated, anonymized data (which is no longer personal data) may be retained indefinitely for research and product improvement purposes.
9. Data Protection
Data Protection Point of Contact
While the scale of our processing does not currently require the formal appointment of a Data Protection Officer under GDPR Article 37, we have designated a Data Protection Point of Contact who is responsible for overseeing our privacy practices and responding to data protection inquiries. You may reach this contact at privacy@boundedself.com. We will respond within a maximum of 30 days, but will make every effort to respond as soon as reasonably possible.
If our processing activities expand to the point where a formal DPO appointment is required (for example, if we begin large-scale processing of special category data or systematic monitoring of individuals), we will appoint a DPO and update this policy accordingly.
10. Security
We protect your data using industry-standard security measures:
- Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest (AES-256).
- Row-Level Security (RLS): Our database ensures that your data is physically isolated—no other user can query your specific rows.
- Breach Notification: In the unlikely event of a data breach, we will notify affected users within 72 hours of confirmation and will notify relevant regulatory authorities as required by applicable law.
In the event of a merger, acquisition, or cessation of operations, we will notify you at least 30 days in advance and provide the opportunity to export or delete your data before any transfer.
11. Medical Disclaimer
Bounded Self is a wellness tool, not a medical device. The insights, budgets, and energy ratings in this application are based on your self-reported data. They are not a medical diagnosis or treatment plan. If you are experiencing severe burnout, depression, or other mental health crises, please consult a qualified healthcare professional. You are welcome to share your Bounded Self export with your therapist to aid in your consultation.
12. Children’s Privacy
Bounded Self is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. During account registration, users are required to confirm that they are at least 18 years of age. If we discover that an account belongs to a minor under 18, we will delete it and all associated data immediately.
13. Updates to This Policy
We may update this policy as the product evolves. If we make material changes (e.g., changing how we handle your journals, adding new sub-processors, or modifying our data retention practices), we will notify you via email at least 30 days before the changes take effect.
14. Contact Us
If you have questions about your privacy or want to exercise your rights, please contact our Privacy Team:
Email: privacy@boundedself.com