Privacy Policy

Effective Date: May 17, 2026

Noesis ("we," "us," or "our") is committed to protecting your privacy. We do not sell your personal information, we do not use your data for advertising, and we do not track you across other apps or websites. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Noesis mobile application ("App").

Data Controller: Room to Grow LLC, a California limited liability company. Privacy inquiries: admin@roomtogrowllc.com.

Our Privacy Commitment

Your visions, journal entries, affirmations, and reflections are deeply personal. We treat them that way.

All data is encrypted in transit using industry-standard TLS and stored on secure, access-controlled infrastructure with encryption at rest. Access to your account requires authentication, and only your account can read your data. We never sell your personal information, never use it for advertising, and never train AI models on your content.

Speech-to-text transcription runs entirely on your device and never reaches our servers. When you use AI features (such as generating a meditation), the relevant context is processed in real time by our AI providers (Anthropic, Google, and ElevenLabs) under contractual no-training and no-retention terms.

1. Information We Collect

1.1 Account Information

Data	Purpose
Email address	Authentication, communication
Display name	Personalization
Profile photo (optional)	Account personalization
Authentication tokens	Secure session management

1.2 Personal Growth Content

You create and control the following content within the App:

Visions and intentions: Goal statements, purpose, sensory and emotional descriptions, target dates, milestones
Journal entries: Gratitude entries, post-meditation reflections, weekly reflections, free-write entries, belief discovery responses
Affirmations: Affirmation text and associated visions
Action plans: Situation context, weekly actions, completion tracking, streaks
Check-ins: Stress and energy ratings, mood assessments

Stored securely: Visions, journal entries, affirmations, action profiles, reflections, and meditation scripts are synced to our servers so they stay available across your devices. They are protected by encryption in transit, server-side encryption at rest, and per-user access controls.

1.3 AI-Generated Content

The App generates personalized content on your behalf:

Meditation and visualization scripts
Weekly coach messages
Action suggestions and reflection prompts
Journal insight summaries (approximate pattern observations, not clinical assessments)
Belief discovery questions and replacement affirmations
Vision title summaries

1.4 Voice and Audio Data

Data	Purpose	Stays On Device?
Speech-to-text audio	Voice input for goals, journals, feedback	Yes. Transcribed entirely on your device.
Voice clone recording (optional)	Create a custom AI narration voice	No. Uploaded for processing, then deleted from our servers.

1.5 Health and System Integrations

Integration	Data	Direction
Apple Health	Mindful minutes (breathwork and meditation sessions)	Write only (with permission)
Apple Reminders	Action items	Write only (with permission)

Note: We only write to Apple Health and Apple Reminders. We do not read your existing health or reminder data.

1.6 Preferences and Settings

Notification cadence, preferred meditation time, selected guide voice, and feature preferences (e.g., binaural beats). These are used to customize your experience.

1.7 Podcast Listening

Episode progress and playback position, used to resume playback and track your listening history.

1.8 Diagnostic and Analytics Data

Data	Purpose	Retention
Crash reports and performance data	App stability and bug fixes	90 days
Device type and OS version	Technical diagnostics	90 days
Product usage events	Understand feature adoption and improve the App	Per provider retention policy

Crash reports are automatically scrubbed of user content before they leave your device. Our crash reporting provider is configured to not collect IP addresses or device-derived identifiers; we send only an opaque user reference. Product analytics are off by default and only run if you opt in via Settings → Privacy. When enabled, events are linked to your authenticated account and capture only metadata (event type, duration, counts). They never include the content of your goals, journal entries, or affirmations.

1.9 Feedback

When you voluntarily submit feedback, we collect your feedback text along with device model, app version, and OS version to help us investigate and improve the App.

2. How We Use AI

Several features in Noesis use AI to generate personalized content. When you use these features, relevant context from your visions, journal entries, or action plans is sent to our AI provider via our secure backend. This data is:

Processed in real time and not stored in plaintext on our servers
Not used to train or improve AI models (we use a paid API tier with contractual no-training guarantees)
Subject to content moderation that screens for safety before processing

AI-generated content (meditations, coach messages, action suggestions, journal insights) may not always be accurate or aligned with your intentions. These are personal development tools, not clinical assessments or professional advice.

2.1 Voice Narration

Meditation scripts and coach messages are converted to spoken audio by our text-to-speech provider. After narration is generated, the processing history is immediately deleted from the provider. Only the final audio file is retained.

2.2 Voice Cloning

If you opt in, you record a standard script (~2-3 minutes, containing no personal information). This recording is processed to create a custom narration voice. The original recording is deleted from our servers after processing. You can delete your voice clone at any time.

2.3 On-Device Speech Recognition

All speech-to-text transcription is performed entirely on your device using an embedded model. Your voice audio is never transmitted to our servers or any third party for transcription.

3. Service Providers

We use the following third-party service providers to operate the App:

Provider	Service	Data Shared
Auth0	Authentication	Email, authentication tokens
Convex	Backend infrastructure	User data, audio files, metadata (encrypted in transit and at rest)
Anthropic (Claude)	AI content generation	Vision details and reflection context for meditation scripts and coach messages. Transient processing, not retained or used for training.
Google Gemini	AI content generation	Vision titles, weekly action suggestions, and follow-up questions. Transient processing, not retained or used for training.
ElevenLabs	Text-to-speech, voice cloning	Script text for narration and voice clone recordings. Processing history deleted after generation; not used to train models.
Sentry	Crash reporting	Crash logs and OS version. No IP addresses; no personal content. Events are scrubbed automatically before transmission.
PostHog	Product analytics	Off by default. Activated only with your opt-in via Settings → Privacy. When on, events are linked to your account; they capture event metadata only, never goal, journal, or affirmation content.
RevenueCat	Subscription management	Purchase receipts, subscription status

All providers are located in the United States. They are contractually obligated to protect your data and use it only for the services they provide to us.

3.1 What We Do Not Do

We do not sell your personal information
We do not use your data for targeted advertising
We do not share data with data brokers
We do not track you across other apps or websites
We do not share your content with other users
We do not use your personal content to train AI models
We do not collect product analytics unless you explicitly opt in via Settings → Privacy
We do not log IP addresses in crash or analytics reporting

4. How We Use Your Information

Data Type	Purpose	Legal Basis (GDPR)
Account information	Authentication, account management	Contract performance
Visions, affirmations, journal entries	Core features, AI personalization	Contract performance
Action profiles and plans	Action generation and tracking	Contract performance
Voice clone recording	Create custom narration voice	Consent
Health and Reminders data	Apple integrations	Consent
Subscription data	Manage your subscription and feature access	Contract performance
Diagnostics, analytics, feedback	App stability and improvement	Legitimate interest

5. Data Security

Encryption in transit: All communications between the App and our servers use HTTPS with industry-standard TLS.
Encryption at rest: Your data is stored on managed infrastructure with server-side encryption at rest.
Access controls: Your data is partitioned per user. Every backend request requires per-user authentication, and only your authenticated account can read your data. Our staff do not access your personal content except where strictly necessary to diagnose a reported issue, comply with law, or investigate abuse.
Secure authentication: Managed by Auth0 with support for Apple Sign-In and email/password.
Key management: API keys and secrets are stored as server-side environment variables and are never shipped in the app binary.
On-device speech recognition: Voice audio for speech-to-text is transcribed entirely on your device and is never transmitted to our servers for transcription.
AI feature safeguards: Content is screened on-device before AI processing. AI features are rate-limited to prevent abuse, and our AI providers are contractually bound not to train on or retain your content.

No online service can guarantee perfect security, but we work continuously to protect your data and will notify you if a breach affecting your information occurs, as required by applicable law.

6. Data Retention

Data Type	Retention Period
Account data, profile, preferences	Until account deletion
Visions, affirmations, journal entries, meditations	Until deleted by you or account deletion
Voice clone data	Until you delete your clone or your account
Action plans, check-ins, streaks	Until account deletion
Crash reports and diagnostics	90 days
Feedback submissions	Until resolved or account deletion

When you delete your account, your data is removed from our systems within 30 days, except where legally required to retain.

7. Account Deletion

Go to Settings → Delete Account to permanently remove all your data, including your account, visions, journal entries, meditations, voice clone, action plans, and feedback. Account deletion is processed immediately. Data removal from all systems completes within 30 days.

Note: Data previously written to Apple Health or Apple Reminders is managed by Apple and is not removed when you delete your Noesis account.

8. Your Rights

Access: Request a copy of your personal data
Correct: Update inaccurate information via App settings
Delete: Delete your account in-app or request deletion via email
Portability: Request your data in a readable format
Withdraw Consent: Revoke permissions at any time (HealthKit, Reminders, voice clone)
Object: Object to processing based on legitimate interests

Contact: admin@roomtogrowllc.com

9. California Residents (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA:

Categories collected: Identifiers, user-generated content, audio data, health data (with permission), internet/electronic activity (crash logs), commercial information (subscription status)
Your rights: Right to know, delete, correct, opt out of sale (we do not sell), non-discrimination, and limit use of sensitive information

10. International Users (GDPR)

Legal Basis for Processing

Contract: Processing necessary to provide the service (account, visions, meditations, journaling)
Consent: Optional features (voice cloning, HealthKit, Reminders)
Legitimate Interest: Diagnostics, analytics, security

International Data Transfers

Data is processed in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) where applicable and are encrypted in transit using TLS.

Your GDPR Rights

Access, rectification, erasure, and data portability
Restrict or object to processing
Withdraw consent at any time
Lodge a complaint with your local data protection authority

11. Children's Privacy

Noesis is designed for adults (18+). We do not knowingly collect information from children under 13. If we learn we have, we will delete it promptly. Contact admin@roomtogrowllc.com if you believe this has occurred.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the App and updating the effective date above.

13. Contact Us

Room to Grow LLC
General Support: support@trynoesis.app
Privacy Inquiries: admin@roomtogrowllc.com