Your data, briefly.

— what we collect, what we don't, and how to ask us to forget you.

Last updated: 17 May 2026

Who we are

Aspassia is operated by Carmen Dincu, a sole trader based in Aarhus, Denmark. For any privacy questions or requests, contact us at aspasia@aspasiaapp.com.

This policy describes how the Aspassia iOS app and the aspasiaapp.com website collect, use, and protect your personal data, in accordance with the EU General Data Protection Regulation (GDPR) and Apple's App Store requirements.

What we collect

Account information

When you sign up, we collect your email address and, if you choose to share it, your name. If you sign in with Apple and choose to hide your email, we store the relay address Apple provides instead.

App usage data

To deliver your personalised practice, we store:

The archetype you receive from the assessment
Your daily progress (which days and practices you've completed)
Your streak count
Anonymised app interaction events (which screens you visit, which buttons you tap) — used to improve the app, never tied to your name or content

Subscription information

Your subscription is processed and managed entirely by Apple. We receive only whether you have an active subscription — not your payment details, card number, or Apple ID. Apple's own privacy policy governs payment data: apple.com/legal/privacy.

What we don't collect

We do not collect your contacts, photos, location, microphone audio, health data, or anything you write into the app's reflection prompts. Reflection text never leaves your device.

Who has access

Your data is stored on infrastructure provided by:

Google Firebase (Authentication, Firestore database, Analytics) — Google acts as a data processor under our instructions. Their privacy terms apply: firebase.google.com/support/privacy.
Apple — for app distribution, subscription processing, and Sign in with Apple.
Netlify — hosts the aspasiaapp.com website, but receives no app user data.

We do not sell, rent, or share your data with advertisers, brokers, or any third party not listed above. Aspassia has no investors, no ad network, and no business model that depends on your data.

Where your data is stored

Firebase servers are located across the European Union and the United States. Where data is transferred outside the EU, Google's services are covered by Standard Contractual Clauses approved by the European Commission, providing GDPR-equivalent protection.

How long we keep it

We keep your data as long as your account is active. If you delete your account from inside the app (Settings → Delete account), we delete your personal data from our database within 30 days. Some anonymised analytics events may persist beyond that point but cannot be traced back to you.

Your rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Correct data that is inaccurate
Delete your data (the "right to be forgotten")
Export your data in a portable format
Object to how we process your data
Withdraw consent at any time, where processing is based on consent
Lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk

To exercise any of these rights, email aspasia@aspasiaapp.com. We respond within 30 days.

Cookies and tracking

The Aspassia app does not use cookies. The aspasiaapp.com website uses only essential cookies required for the site to function, and does not run third-party advertising or behavioural tracking.

Children

Aspassia is not intended for users under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

If we materially change how we handle your data, we will update this page and update the "Last updated" date above. For significant changes, we will notify active users via the app or email.