Legal

Privacy Policy

Last updated: May 2025  ·  Applies to the Brace iOS app and this website.

Short version: Brace collects only what it needs to work. Your conversation content stays on your device unless you sign in. We never sell your data. We never share it with advertisers.

1. Who we are

Brace is operated by Marco Ehinger, a solo developer based in Germany. Contact: marco@ehinger.dev.

2. What data we collect

2.1 On first launch — anonymous mode

When you open Brace for the first time, we create an anonymous Supabase user account automatically. This gives you a stable, private identity without requiring any personal information. We store:

No name, email, phone number, or Apple ID is collected in this mode.

2.2 When you sign in with Apple — optional

If you tap "Save plan," you are invited (not required) to sign in with Apple. If you do:

2.3 Analytics — TelemetryDeck

We use TelemetryDeck to collect anonymous usage analytics. Events include things like "plan generated," "rehearsal started," and "paywall shown." These events contain only:

We never include your free-text answers, plan content, or rehearsal text in any analytics event.

2.4 Subscriptions — RevenueCat

Subscription management is handled by RevenueCat and Apple's App Store. We receive anonymous purchase receipt data from RevenueCat to verify your subscription status. We never see your payment details — those stay between you and Apple.

2.5 AI processing — OpenAI via our proxy

When you generate a plan or rehearse a conversation, your answers and plan content are sent to OpenAI's API via our own backend proxy. OpenAI processes this data to generate a response. By using Brace, you acknowledge that your inputs are processed by OpenAI subject to OpenAI's privacy policy. We do not send any identifying information to OpenAI — requests are authenticated by our server, not by your identity.

3. How we use your data

We do not use your data for advertising. We do not sell your data. We do not share it with third parties except as described in this policy.

4. Data storage and security

Your plan data is stored in Supabase, a hosted PostgreSQL database with row-level security (RLS). RLS ensures that every database query is scoped to your user ID — other users cannot read your data, and neither can our own queries without your authentication token.

Data is stored in EU data centers (Supabase EU region). All data in transit is encrypted via TLS 1.2+.

5. Your rights

Under GDPR, you have the right to:

To exercise any of these rights, email marco@ehinger.dev. We will respond within 30 days.

6. Data retention

Anonymous accounts and their data are automatically deleted after 90 days of inactivity. Linked (signed-in) accounts retain data until you delete it or delete your account. Deletion requests are processed within 7 business days.

7. Children

Brace is rated 16+ on the App Store. We do not knowingly collect data from users under 16. If you believe a child has used Brace and submitted personal data, please contact us immediately.

8. Changes to this policy

We will post any material changes to this page and, where appropriate, notify you via the app. Your continued use of Brace after changes are posted constitutes acceptance.

9. Contact

Questions about privacy? Email marco@ehinger.dev.