Privacy Policy

Introduction

CTRL ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

We understand that your recovery journey is deeply personal. That's why we've built CTRL with privacy and security at its core.

Information We Collect

Personal Information

When you create an account, we collect:

• Email address (for account creation and recovery)
• Display name (optional)
• Authentication credentials (securely stored)

Recovery Journey Data

To provide personalized support, we collect:

• Daily check-ins and mood logs
• Habit tracking information
• Journal entries and reflections
• Trigger and challenge logs
• Progress metrics and milestones

AI Interaction Data

When you use our AI coach:

• Chat conversations with AI coach
• Questions and responses
• Personalized insights generated

Usage Data

We automatically collect:

• Device information (type, OS version)
• App usage patterns and session duration
• Crash reports and error logs
• Feature usage statistics

How We Use Your Information

We use your information to:

• Provide personalized support: AI-powered insights tailored to your recovery journey
• Track your progress: Visualize patterns and celebrate milestones
• Improve our service: Enhance app features and user experience
• Ensure security: Detect and prevent fraudulent activity
• Communicate with you: Send important updates and support messages
• Comply with legal obligations: Meet regulatory requirements

Data Security

Your data security is paramount. We implement industry-standard security measures:

• End-to-End Encryption: All sensitive data is encrypted using AES-256 encryption
• Secure Storage: Data stored in Firebase with enterprise-grade security
• Encrypted Communication: All data transmission uses HTTPS/TLS
• Local Encryption: Sensitive data encrypted on your device using iOS Keychain
• Regular Security Audits: Continuous monitoring and testing
• No Third-Party Selling: We NEVER sell your personal data to third parties

Data Sharing and Disclosure

We do NOT sell your personal information. We may share your data only in these limited circumstances:

• Service Providers: Trusted partners who help us operate the app (e.g., Firebase, OpenAI for AI features) - all under strict confidentiality agreements
• Legal Requirements: When required by law or to protect rights and safety
• With Your Consent: When you explicitly authorize us to share specific information

All third-party services we use are HIPAA-compliant or equivalent security standards.

Your Privacy Rights

You have the right to:

• Access Your Data: Request a copy of all personal data we hold
• Correct Your Data: Update or correct inaccurate information
• Delete Your Data: Request deletion of your account and all associated data
• Export Your Data: Download your data in a portable format (CSV)
• Opt-Out: Disable certain data collection or marketing communications
• Withdraw Consent: Revoke previously given permissions

To exercise these rights, go to Settings in the app or email us at privacy@thectrlai.com

Data Retention

We retain your data for as long as your account is active or as needed to provide services.

• Active Accounts: Data retained while account is active
• Account Deletion: Personal data deleted within 30 days of account deletion request
• Backup Data: May persist in backups for up to 90 days
• Legal Compliance: Some data may be retained longer to comply with legal obligations

Children's Privacy

CTRL is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it immediately. Parents who believe their child has provided information should contact us at privacy@thectrlai.com

International Users

CTRL is operated in the United States. If you are accessing the app from outside the U.S., your data may be transferred to, stored, and processed in the U.S. where our servers are located.

By using CTRL, you consent to the transfer of your data to the U.S. We ensure all data transfers comply with applicable data protection laws.

Third-Party Services

CTRL uses the following third-party services:

• Firebase (Google): Authentication, database, and cloud storage
• OpenAI: AI-powered coaching and insights
• Apple Sign In: Secure authentication
• Google Sign In: Secure authentication

These services have their own privacy policies. We encourage you to review them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the app
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

Continued use of CTRL after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: