Privacy Policy
Everyday Futurist
Effective date: April 2, 2026
This policy describes how Everyday Futurist (“we”, “us”) handles information when you use the mobile app (iOS/Android via the App Store / Google Play, as applicable) and when you browse this marketing website.
Summary
- Core app use does not require an account. Reflections, prompts, and most app data are stored on your device by default.
- Pro (subscription) is sold through Apple; we use RevenueCat to know your subscription status. We do not receive your full payment card number from Apple.
- If you sign in with Apple (in connection with Pro, backup, and sync), we use Supabase for your account and optional cloud copies of data you sync.
- AI features send the text you submit to our API on Cloudflare Workers, which calls Google Gemini. We do not use that content to train our own models.
- We may log basic app events to Supabase when the app can reach the service.
- This website is informational; we do not collect app journal content here. See This website below for typical web processing.
1. Who we are
- Data controller: [Your legal name or company]
- Contact (privacy questions): hello@matthewkerr.org
- Region: [e.g. United States — adjust as needed]
2. This website
Pages like this one explain the product. We do not operate app accounts, store your reflections, or run Future Lab AI on this site. Typical processing can include:
- Hosting and security metadata (for example IP address, user agent, timestamps) as processed by our hosting provider to deliver pages and protect the service.
- If you use a mailto link or email us, we receive whatever you choose to send (address, subject, body).
If you add analytics, cookies, or embedded media later, update this section and your cookie/consent approach to match.
3. Information stored on your device (app)
The app is offline-first. Without an account, data such as daily reflections, prompts, journal content, weak signals, learning progress, and similar content are stored locally (e.g. SQLite and local key–value storage). That data does not leave your device except when you:
- use AI features (see section 7),
- export or back up data yourself,
- sign in and sync to the cloud (see section 6), or
- share content through your device’s share sheet.
You can delete local data within the app (where supported) or by removing the app; removing the app may delete local data unless you have synced or exported it.
4. Anonymous identifier for AI rate limits (free tier)
To limit abuse of shared AI infrastructure, the app may generate and store a random device-level identifier (not tied to your name or Apple ID) and send it with AI requests so our backend can enforce per-day limits. This identifier is not used for advertising.
5. Account, Pro subscription, Sign in with Apple, and Supabase
5.1 When this applies
If you subscribe to Everyday Futurist Pro and complete Sign in with Apple (or otherwise establish a Supabase session as implemented in the app), we process additional data through Supabase.
5.2 Authentication (Sign in with Apple)
- Apple provides sign-in and may share with us (via Supabase) items such as a stable user identifier and, if you choose to share it, email and name according to Apple’s sign-in flow.
- Supabase Auth stores authentication data needed to keep you signed in across devices (e.g. session tokens on the device).
5.3 Profile and subscription mirroring
We may store a profile in Supabase that can include, for example:
- Supabase user id
- RevenueCat customer id (to tie subscription events to your account)
- Display name (if provided by Apple on first sign-in)
- App version, platform, and last seen timestamps
RevenueCat tells the app whether your subscription is active. Our servers may also receive subscription lifecycle events from RevenueCat (e.g. purchase, renewal, cancellation). We do not receive your full card number from Apple; Apple processes payment.
5.4 Optional cloud sync
When you are signed in, the app may upload and download copies of data you generate so you can use Pro across devices. Examples include: reflections, journal entries, weak signals, learning progress, lab-related content, custom prompts, certificates metadata, and related fields. Row-level security in Supabase is configured so that, in normal operation, only your account can access your rows.
5.5 Analytics events (Supabase)
We may insert rows into an analytics table when certain actions occur (for example: subscription started, sign-in, sign-out, or feature usage as implemented). Typical fields include optional user id (if signed in), event name and simple properties, subscription tier, and app version / platform. We use this to improve the app. It is not sold to third parties for their marketing.
6. AI features (Cloudflare Worker and Google Gemini)
Future Lab and related tools send the text you enter (and conversation context needed for the feature) to an HTTPS endpoint on Cloudflare Workers. The worker forwards requests to Google’s Generative Language API (Gemini).
- Purpose: To return AI output for the feature you invoked.
- Retention: Governed by Google’s and Cloudflare’s terms for those services. Google’s policies govern how Google processes API requests (see table below).
- Do not send secrets: Do not paste passwords, government IDs, or highly sensitive personal data into AI fields.
7. Third-party services
| Service | Role | Policy |
|---|---|---|
| Apple | App Store, Sign in with Apple, IAP | apple.com/legal/privacy |
| RevenueCat | Subscription status | revenuecat.com/privacy |
| Supabase | Auth, database, sync, analytics | supabase.com/privacy |
| Cloudflare | AI API worker | cloudflare.com/privacypolicy |
| Google (Gemini) | AI inference | Google AI terms / privacy docs |
We may update this list if infrastructure changes materially.
8. Legal bases (EEA/UK, if applicable)
If laws such as the GDPR apply, we rely on: contract (providing the app and Pro), legitimate interests (security, fraud prevention, proportionate analytics and product improvement), and consent where required. You may have rights to access, rectify, delete, restrict, port, or object. Contact us at the email in section 1.
9. Children
The app is not directed at children under 13 (or the age required in your country). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
10. Security
We use practices appropriate to the product: encrypted transport (HTTPS), access controls on backend services, and row-level rules for user data. No method is 100% secure. You are responsible for device passcodes and Apple ID security.
11. Data retention and deletion
- Local data: Controlled by you on the device (section 3).
- Supabase / account: Retained while your account exists and as needed to provide the service. You may request deletion of cloud data by contacting us; we will delete or anonymize what we can, subject to legal retention needs.
- RevenueCat / Apple: Retention follows their policies for purchase records.
12. International transfers
Your information may be processed in the United States or other regions where Supabase, Cloudflare, Google, RevenueCat, or Apple operate. We use providers that offer appropriate safeguards where required.
13. Changes to this policy
We may update this policy, post the new version here, and update the effective date. For material changes, we may also notify you in-app or by email if we have your address.
14. Contact
Questions: hello@matthewkerr.org
This policy is for your convenience and is not legal advice. Have it reviewed by a qualified attorney before publication, especially for the EU/UK or other regulated regions. Related: Terms of Use.