Privacy Policy

Last updated: June 3, 2026

Acuity is a nightly voice journal that uses AI to extract insights from your spoken brain dumps. This Privacy Policy explains what data we collect, why we collect it, who we share it with, how long we keep it, the lawful basis for each processing activity, and how to exercise your privacy rights, including rights under the EU and UK General Data Protection Regulations (GDPR / UK GDPR), the Australian Privacy Act 1988, and the New Zealand Privacy Act 2020.

The short version: your recordings and transcripts are yours. We use them only to give you the service you signed up for — transcription, AI extraction, weekly reports, life-area insights. We don’t sell your data. We don’t train models on it. You can export or delete it at any time.

Data controller. Heeler Digital, LLC (“Acuity”, “we”, “us”) is the data controller for personal data processed via the Acuity service. We are established in the United States. Contact details for our privacy contact appear in Section 12.

1. Data we collect

To run Acuity, we collect the following categories of personal data:

Account data. Email address (required for sign-in), display name and profile image (if provided via Google or Apple sign-in), timezone, reminder preferences, language.
Voice recordings. The audio you record in the app, up to 120 seconds per session. Stored encrypted at rest until transcription completes, then deleted from our servers within minutes.
Transcripts. The text version of each recording, generated automatically from your audio via OpenAI Whisper.
AI-extracted structured data. Mood, energy level, themes, wins, blockers, tasks, goals, and life-area mentions, all derived from your transcript by Anthropic Claude.
Subscription state. Your trial status and (if you subscribe) the Stripe-issued customer and subscription identifiers. Payment card details are handled directly by Stripe — we never see them.
Device + technical data. Push notification token (if you opt in), app version, operating system, and scrubbed crash + diagnostic data from Sentry with personal identifiers removed before upload.
Usage analytics. Sanitised, aggregate product events sent to PostHog (e.g. “recorded an entry”, “viewed paywall”). Your account is identified only by a pseudonymised one-way (SHA-256) hash of your email — this is pseudonymisation, not anonymisation, and the hash remains personal data. Transcripts, audio, and free-text content are never included. On the web these load only after you grant cookie consent. In the app we measure how features are used to improve them; you can opt out at any time via Settings → Privacy → Product analytics. Pre-signup funnel measurement (anonymous, used for ad attribution) is conducted under our legitimate interest and is not controlled by that toggle — see Section 2.
Consent records. We retain a record of your cookie + email-marketing consent (date, choice, version of this policy) so we can demonstrate compliance with Art. 7(1) GDPR.

We do not collect: precise location, contacts, browsing history, advertising identifiers (IDFA / Google Advertising ID), financial information beyond Stripe identifiers, or sensitive categories of data (Art. 9 GDPR) directly. Voice transcripts may, of course, contain sensitive content you choose to volunteer — see Section 2 on the lawful basis for that category.

2. Lawful basis for processing

For users in the EU, UK, Switzerland, and similar jurisdictions, we rely on the following lawful bases under Article 6 GDPR (and, where applicable, Article 9 for special categories):

Processing purpose	Lawful basis	Notes
Account creation + sign-in	Art. 6(1)(b) — performance of a contract	We can’t deliver the service without an account.
Voice transcription + AI extraction	Art. 6(1)(b)	Core feature; processed by OpenAI + Anthropic as our subprocessors under Art. 28 DPAs.
Special-category data inside transcripts (e.g. health, beliefs)	Art. 9(2)(a) — explicit consent	When you first set up Acuity we ask you to give separate, explicit consent (an affirmative, unticked confirmation) to transcribe and analyse voice entries that may contain special-category information. You choose what to say, you can journal without disclosing such information, and you can withdraw consent at any time by deleting entries or your account. We keep a record of this consent.
Subscription billing	Art. 6(1)(b)	Payments are processed by Stripe; we hold only the Stripe customer / subscription identifiers.
Transactional email (weekly report, Life Audit, account events)	Art. 6(1)(b)	Delivers the product you signed up for.
Product analytics on the web (PostHog, sanitised events)	Art. 6(1)(a) — consent	Loaded only after you accept analytics cookies on the web.
In-app product analytics (how you use features, after sign-in)	Art. 6(1)(f) — legitimate interest	We measure how the app is used to improve it. You can opt out at any time in Settings → Privacy → Product analytics. We never sell this data or share it for advertising.
Pre-signup funnel measurement + ad attribution (anonymous)	Art. 6(1)(f) — legitimate interest	Before you create an account, anonymous funnel events let us attribute installs to ads and improve the sign-up flow. This is not controlled by the in-app toggle; to avoid it, don’t install the app, or use a tracking-blocking browser on our website.
Marketing emails (drip + waitlist nudges)	Art. 6(1)(a)	Unsubscribe link in every email. Withdrawal of consent does not affect lawfulness of prior processing.
Crash + error telemetry (Sentry, scrubbed)	Art. 6(1)(f) — legitimate interest	Keeping the service running. Personal identifiers are scrubbed before upload.
Fraud and abuse prevention; rate limiting	Art. 6(1)(f)	Necessary for the security of the service. A balancing test is documented internally.

Where the basis is consent (Art. 6(1)(a) or Art. 9(2)(a)), you can withdraw at any time by adjusting your cookie choices, unsubscribing from marketing email, or deleting your account. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

3. How we use your data

Transcribe your recordings into text, then extract themes, tasks, mood, and goals.
Render your dashboard, Life Matrix, weekly report, and Day-14 Life Audit.
Send transactional and (with consent) marketing email and push notifications.
Bill you for your subscription via Stripe.
Improve product reliability through scrubbed crash and performance telemetry.

We do not use your voice, transcripts, or extracted content to train AI models. We do not sell personal data. We do not use automated decision-making with legal or similarly significant effects (Art. 22 GDPR).

4. Subprocessors and international transfers

Acuity is operated from the United States. The following third parties process personal data on our behalf as subprocessors under Article 28 GDPR Data Processing Agreements (DPAs). Personal data may be transferred to the United States or other countries listed below. We rely on the European Commission’s Standard Contractual Clauses (SCCs) (2021/914), the UK International Data Transfer Addendum (IDTA), and the EU–US Data Privacy Framework (DPF) where applicable, as our transfer mechanisms under Article 46.

Subprocessor	Purpose	Country	Transfer mechanism
OpenAI	Voice transcription (Whisper API)	US	SCCs + UK IDTA
Anthropic	AI extraction + weekly report (Claude API)	US	SCCs + UK IDTA
Stripe	Subscription billing	US / Ireland (EU customers)	SCCs + UK IDTA
Supabase	Database hosting + voice file storage	US (us-west-2)	SCCs + UK IDTA
Vercel	Web and API hosting	US	SCCs + UK IDTA
Expo	Push token relay + notification delivery	US	SCCs + UK IDTA
Google (FCM, OAuth, Analytics)	Android push delivery; sign-in; analytics on consenting visitors only	US	SCCs + UK IDTA + DPF
Resend	Transactional + marketing email	US	SCCs + UK IDTA
Inngest	Background job orchestration	US	SCCs + UK IDTA
PostHog	Product analytics (consent-gated)	US	SCCs + UK IDTA
Sentry	Crash + error monitoring (scrubbed)	US	SCCs + UK IDTA
Meta (Pixel)	Marketing attribution on consenting visitors only	US / Ireland	SCCs + UK IDTA + DPF
Apple (Sign in with Apple, Push Notification Service)	Sign-in; push delivery on iOS	US / Ireland	SCCs + UK IDTA + DPF

Where we rely on SCCs or the UK IDTA for transfers to the United States, we have carried out transfer risk assessments taking account of US surveillance law, and we apply supplementary measures including encryption in transit and at rest, data minimisation, and short audio-retention windows. You can obtain a copy of the relevant Standard Contractual Clauses or UK IDTA by emailing privacy@heelerdigital.com.

The full per-subprocessor disclosure, including links to each provider’s public DPA and SCC documents, is published at /compliance/subprocessors and mirrored in the open-source repository at docs/compliance/subprocessors.md. We will give existing customers at least 30 days’ notice of any new subprocessor via this page and (for accounts with marketing consent) by email.

We do not use AI subprocessor outputs to train any model. OpenAI and Anthropic process content under their API terms which prohibit training on inbound API content.

5. Your rights

If you are in the EU, UK, Switzerland, Australia, New Zealand, California, or another jurisdiction with equivalent rights, you have the following rights with respect to your personal data, exercisable free of charge:

Right of access (Art. 15). Request a copy of your data. The fastest route is the in-app export at Profile → Export my data, which returns a JSON file covering all data we hold about you. You can also email us (see Section 12).
Right to rectification (Art. 16). Correct inaccurate or incomplete data. Most fields are editable in-app; for others, email us.
Right to erasure / right to be forgotten (Art. 17). Delete your account and all associated personal data via Profile → Delete account. We erase your data from our live systems immediately and from rolling backups within 7 days, except a minimal email-hash tombstone retained up to 6 months for anti-abuse, consent records we must keep to evidence lawful processing, and billing records held by Stripe for legally required periods (see Section 6).
Right to restrict processing (Art. 18). Ask us to pause processing while we investigate a request. Email us.
Right to data portability (Art. 20). Receive your data in a structured, machine-readable format (JSON). Same export endpoint as above.
Right to object (Art. 21). Object to processing based on legitimate interest (Art. 6(1)(f)) or to direct marketing.
Right to withdraw consent (Art. 7(3)). Withdraw cookie consent or marketing-email consent at any time. Future processing stops; past processing stays lawful.
Right to complain to us directly. You can raise a data-protection complaint with us at privacy@heelerdigital.com. We will acknowledge it within 30 days and respond without undue delay. You can still escalate to a supervisory authority at any time.
Right to lodge a complaint. You can complain to your local data protection authority. In the UK, the Information Commissioner’s Office (ico.org.uk). In Ireland, the Data Protection Commission (dataprotection.ie). In Australia, the Office of the Australian Information Commissioner (oaic.gov.au). In New Zealand, the Office of the Privacy Commissioner (privacy.org.nz). We’d rather hear from you first — see Section 12.

We will respond to verifiable rights requests within 30 days. Where requests are complex or numerous, we may extend by up to a further 60 days and will tell you why (Art. 12(3) GDPR).

We verify rights requests against your signed-in account; for requests made by email we may ask you to confirm from your registered email address before we disclose any data, to protect your account.

6. Retention

How long we keep things:

Voice recordings. Deleted from our servers within minutes of transcription completing. We do not retain the audio file beyond the transcription window.
Transcripts + extracted data. Retained while your account is active. Deleted within 30 days of account deletion (some short-lived backups expire on the same window).
Account + subscription records. Retained while your account is active. After deletion, we retain a minimal anti-abuse tombstone (email hash only) for up to 6 months to prevent free-trial cycling. No content, no name, no profile data.
Consent records. The record of any explicit consent you give (for example, to processing special-category content, or your 14-day-withdrawal acknowledgement at checkout) is retained while your account is active and for the relevant limitation period after deletion, so we can evidence that our processing was lawful if challenged. It stores only the wording you saw and the surrounding metadata — never transcripts, audio, or free-text content.
Billing records. Stripe retains payment records for the period required by tax and accounting law (typically 7 years). We do not hold card numbers.
Crash + diagnostic logs. Sentry retains scrubbed crash data for 30 days. Vercel runtime logs are retained for up to 1 day. Neither contains transcripts.
Analytics events. PostHog retains aggregated event data for the contractual term of our agreement; events are sanitised before upload (no transcripts, audio, or names) and the user identifier is a SHA-256 hash of your email.
Backups. Database backups are retained for up to 7 days on a rolling window and then irrevocably overwritten. Deleted accounts may persist in backups during this window; they are not restorable to the live database.

7. Security

We use appropriate safeguards to protect your data, including TLS 1.2+ for all data in transit, encryption at rest for the database and voice file storage, Row Level Security policies on user-data tables, least-privilege access controls for the small number of team members with access, rate limiting and abuse detection on authentication, encrypted rolling backups so we can restore the service after an incident, and periodic internal review of our security practices.

No system is perfectly secure. If you suspect a security issue with Acuity, please email security@heelerdigital.com.

8. Breach notification

If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office and each relevant supervisory authority in the EU/EEA where affected users are located, within 72 hours of becoming aware of it (Art. 33 UK/EU GDPR), and, where the risk is high, notify affected users without undue delay (Art. 34). Notifications will describe the nature of the breach, the categories and approximate number of data subjects concerned, the likely consequences, and the measures we have taken or propose to take to address it.

9. Cookies and tracking

Acuity uses a small number of strictly-necessary cookies (session, theme preference, consent record) that load regardless of consent because the site can’t function without them.

All non-essential tracking — Google Analytics, the Meta Pixel, session-recording tools, and PostHog product analytics — loads only after you accept cookies on the banner shown to first-time visitors. You can change your choice at any time via the “Cookie settings” link in the footer.

10. Children

Acuity is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal data from anyone under 18, and we design the service with the ICO’s Children’s Code in mind. If you believe a minor has provided us with personal data, email privacy@heelerdigital.com and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we’ll change the “Last updated” date at the top of this page and, for material changes, notify active users by email at least 14 days before the changes take effect.

12. Contact

For any privacy question, request, or complaint, contact:

Heeler Digital, LLC
Privacy contact: privacy@heelerdigital.com
Security disclosures: security@heelerdigital.com