← Back to Home

Privacy Policy

Last updated: 2025-11-04

This Privacy Policy explains how we collect, use, and protect your personal data when you use the SoberSelf mobile application and related services.

SoberSelf is operated by BRIGHT CODE HOLDINGS S.R.L., a company registered in Romania (“we”, “us”, “our”). If you have any questions, you can always email us at privacy@brightcode.digital.

We wrote this policy to be clear and easy to read. We handle personal data with care, aim to follow applicable data protection laws such as the GDPR, and use reputable third-party providers and standard technical and organizational safeguards.

1. What this policy covers

This policy applies to:

  • The SoberSelf mobile app (iOS and Android)
  • Any support or contact you have with us (for example by email)
  • Our informational website (if you visit it), currently at soberself.app (or a similar domain)

It does not cover:

  • Apple App Store or Google Play Store (they have their own privacy policies)
  • Third-party login providers like Apple or Google
  • Any other apps or websites you visit through links from SoberSelf

2. Data we collect

We only collect the information we need to run the app, improve it, and communicate with you. Everything is stored on servers we control (hosted with providers in the EU) unless we explicitly say otherwise.

2.1 Account data

When you create an account, we collect:

  • Email address (if you sign up with email + one-time code)
  • Basic information from Apple or Google if you use those to sign in (such as an email address or an anonymised ID)
  • Name or display name, if you choose to provide one

We use this to create and manage your account, let you log in, and communicate with you when needed.

We do not collect or store your password. Email sign-in is handled via one-time codes, and Apple/Google sign-ins are handled through their systems.

2.2 Sobriety journey and onboarding data

To personalise your experience, we collect the information you choose to share about your relationship with alcohol and your goals, for example:

  • Your answers during onboarding (e.g. motivation, current habits, goals, drinking patterns)
  • Your check-ins (e.g. how your day went, whether you drank or not)
  • Your journal entries and reflections
  • Your goals, plan, and milestones
  • Your “mantra” or goal messages
  • Your streaks / progress stats that we calculate from your usage

This information is stored on our backend so it can sync across devices and power the features of the app.

By choosing to enter this information into the app, you give us your explicit consent to process it so we can provide the service to you.

2.3 AI coach messages and “memories”

SoberSelf includes an AI-powered coach/chatbot. When you use it, we collect:

  • The messages you send to the AI coach
  • The responses generated for you
  • Short “memories” or summaries that the AI creates about your journey (for example, what your goals are, what you struggle with), which we store to make future conversations more relevant

These messages and memories are stored on our servers and are also sent to our AI infrastructure provider (see Section 6 and 7) so they can generate a helpful reply.

If you don’t use the AI chat, no chat messages are sent. By using the chat, you consent to this processing.

2.4 Usage and analytics data

We use PostHog to understand how people use the app and to improve it over time. This may include:

  • Which screens you visit
  • Buttons or features you interact with
  • Approximate session times and basic app flows
  • Basic technical information (device type, OS version, app version)

We configure analytics to focus on product improvement, not advertising or cross-app tracking.

We do not use analytics to build advertising profiles or sell your data to advertisers.

2.5 Subscription and payment information

All purchases are handled by:

  • Apple App Store (for iOS)
  • Google Play Store (for Android)

We also use third-party providers to to manage paywalls and subscription offers inside the app and to manage and verify subscriptions and receipts

We do not see or store your full payment card details. Those are handled by Apple and Google.

We and our subscription partners may receive limited information such as:

  • That you purchased a subscription or started a free trial
  • Which plan you are on (for example, weekly or yearly)
  • Whether your subscription is active, cancelled or expired
  • Anonymous identifiers or receipt data used to verify your purchase

This is used only to determine whether your account should have access to paid features and to help with support questions about billing.

2.6 Support and communication

If you contact us (for example at privacy@brightcode.digital or another support email), we collect:

  • Your email address and any name you include
  • The contents of your message
  • Our responses and any follow-up notes

We keep this to answer your questions, fix bugs, and improve the app.

In the future, if you choose to join our email list (for example, for tips or updates), we may use third-party providers to send those emails. You can unsubscribe at any time via the link in the email.

2.7 What we do not collect

We do not intentionally collect:

  • Exact GPS location
  • Your contacts or address book
  • Photos, videos or other media files (unless we add such a feature in the future, in which case this policy will be updated)
  • Data from Apple Health, Google Fit, or similar health platforms
  • Government ID or identity documents
  • Payment card numbers (handled by Apple / Google)

If this ever changes, we will update this policy and clearly explain the new data collection.

3. How we use your data (and legal bases)

We use your data for the following purposes:

  1. To run SoberSelf and provide the app to you
  • Create and manage your account
  • Sync your data between sessions and devices
  • Show your goals, streaks, check-ins, and plan
  • Allow you to use the AI coach

Legal basis: performance of a contract (providing the app you signed up for) and, for sensitive data, your explicit consent.

  1. To personalise your experience
  • Tailor content, reflections and suggestions based on your journey
  • Use AI “memories” to make the coach feel more consistent

Legal basis: our legitimate interest in improving the app and your explicit consent for any sensitive information you choose to share.

  1. To provide the AI coach
  • Send your chat messages and relevant context to our AI provider so they can generate responses

Legal basis: performance of the contract and your explicit consent for processing sensitive content.

  1. To understand usage and improve the product
  • Use aggregated analytics (via PostHog) to see what works, find bugs and improve flows

Legal basis: our legitimate interest in running and improving our service.

  1. To manage subscriptions and payments
  • Verify purchases and subscription status with Apple, Google or other third-party providers
  • Give or remove access to paid features based on your subscription

Legal basis: performance of a contract and compliance with app store rules.

  1. To communicate with you
  • Answer support requests
  • Send important service or policy updates
  • Send optional product updates or tips if you subscribe to our mailing list

Legal basis: performance of a contract, our legitimate interest in keeping you informed, and consent for marketing emails.

  1. To keep the service secure and comply with the law
  • Protect against abuse or misuse
  • Keep basic logs and security records
  • Comply with legal or tax obligations where needed

Legal basis: our legitimate interest in security, and legal obligations.

We do not use your data for automated decision-making that has legal or similarly significant effects on you.

4. AI features and how your data is used

Our AI coach is powered by models accessed through a third-party AI infrastructure provider.

When you chat with the AI coach:

  • Your messages, relevant context, and some “memory” data about your journey are sent to our backend
  • Our backend forwards the necessary text to the AI models hosted by the third-party AI infrastructure provider
  • The third-party AI infrastructure provider returns a generated reply, which we show to you in the app

We configure our AI usage so that providers should not use your data to train their general models, based on the options available in their services. However, we rely on what these providers publish and promise in their own documentation.

We do not use your chat data to build advertising profiles. We use it only to:

  • Generate responses for you
  • Improve your experience inside SoberSelf (for example by storing memories about your preferences and journey)

If you are uncomfortable with this, you can:

  • Avoid using the AI coach, and/or
  • Request deletion of your data (see Section 8 and 9)

5. Third-party services we rely on

We use third-party providers to help us run SoberSelf. Depending on the feature, these providers may act as our processors (working on our instructions) or as independent controllers (for example, app stores).

In particular, we may use:

  • Hosting and infrastructure providers
    To store and run our servers and databases in the European Union.
  • Analytics and crash reporting tools
    To understand how people use the app, fix bugs, and improve performance. These tools receive technical and usage data, not your payment details.
  • Email and communication services
    To send you login codes, important service emails, and (if you choose to subscribe) optional updates or newsletters.
  • Subscription and billing providers
    Including the Apple App Store and Google Play Store, as well as services that help us verify and manage in-app subscriptions and entitlements.
  • AI infrastructure providers
    To process your chat messages and generate AI-powered responses, as described in the AI section of this policy.
  • Security and delivery services
    Such as content delivery networks or similar services that help us deliver the app reliably and protect it from abuse.

Some of these providers may be located outside the EU/EEA or process data there. When this happens, we rely on the safeguards they provide (such as standard contractual clauses) and choose reputable providers that state they follow GDPR-compatible practices.

6. International data transfers

Our main servers are hosted in the European Union (Germany). However, some of our providers may be based outside the EU/EEA or may process data on servers outside the EU/EEA.

When this happens, we rely on the safeguards offered by those providers, such as:

  • Standard contractual clauses (SCCs) approved by the European Commission, or
  • Other legal mechanisms they provide for international data transfers

We do not manually negotiate contracts with every vendor, but we aim to choose established services that provide reasonable privacy protections and public GDPR-related commitments.

7. How long we keep your data

We keep your data only for as long as we reasonably need it for the purposes listed in this policy, or as required by law.

In general:

  • Account and journey data (onboarding, check-ins, journals, goals, AI memories)
    – kept while your account is active.
    – if you delete your account or ask us to delete your data, we will generally do so within a reasonable period (usually within 30 days), except where we need to keep some information for legal or security reasons.
  • Analytics data (PostHog)
    – kept for a limited time to understand usage and improve the product.
    – after that, it may be deleted or kept only in aggregated, anonymised form.
  • Support emails and communication
    – kept as long as needed to resolve your issue and to maintain a basic history of interactions, unless you ask us to delete them sooner and we have no legal reason to keep them.
  • Backups
    – we may keep automated encrypted backups of our database for a limited period (for example, up to around 6 months) so we can restore the service in case of technical problems.
    – when backups expire, they are automatically overwritten.

We do not promise exact retention periods for every single data type at this stage of the product’s life, but we aim to keep data no longer than necessary and to delete or anonymise it when it is no longer needed.

You can always ask us to delete your account and data (see Section 8–9).

8. Your rights

If you are in the EU/EEA, UK or another region with similar data protection laws, you generally have the following rights over your personal data:

  • Access – ask us what personal data we hold about you and get a copy.
  • Correction – ask us to correct inaccurate or incomplete data.
  • Deletion – ask us to delete your data (for example, by deleting your account). We will do this unless we need to keep some information for legal, security or technical reasons.
  • Restriction – ask us to temporarily stop using your data in some cases.
  • Portability – ask us for a machine-readable copy of the data you provided, where technically feasible.
  • Objection – object to certain processing based on our legitimate interests (e.g. analytics), in which case we will consider your request and stop where the law requires.
  • Withdraw consent – where we rely on your consent (especially for sensitive data or marketing emails), you can withdraw it at any time. This will not affect past processing but will stop future processing for that purpose.

To exercise any of these rights, email us at privacy@brightcode.digital. We will generally respond within 30 days. If your request is complex, it may take a bit longer, but we will let you know.

If you are not satisfied with our response, you have the right to contact your local data protection authority. In Romania, this is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: https://www.dataprotection.ro/
Email: anspdcp@dataprotection.ro

9. Deleting your account and data

You can:

  • Delete your account in the app (where this feature is available), or
  • Email us at privacy@brightcode.digital and ask us to delete your account and data.

When you do this, we will:

  • Remove or anonymise your personal data from our main systems within a reasonable period (usually within 30 days), and
  • Allow some limited data to remain in backups or logs for a period of time where necessary for security, legal or technical reasons, after which it will be deleted or overwritten.

If you only want us to stop sending you emails (for example newsletters), you can simply unsubscribe via the link in those emails, without deleting your whole account.

10. Security

We take security seriously and try to use reasonable measures to protect your data. As a small team, we do not have perfect security, but we aim to follow sensible practices, including:

  • Using HTTPS/TLS for all communication between the app and our API
  • Hosting our servers with a reputable provider in the EU
  • Limiting production database access
  • Applying regular system and software updates on our servers
  • Using two-factor authentication where possible on key accounts (hosting, app stores, email, etc.)
  • Performing manual log reviews from time to time to look for suspicious activity

Despite our efforts, no online service can ever be 100% secure. We cannot guarantee absolute security, but we will act in good faith to protect your data and respond if something goes wrong.

If you believe your account or data may have been compromised, please contact us immediately at privacy@brightcode.digital.

11. Children’s privacy

SoberSelf is intended for adults aged 18 and over.

  • We do not knowingly allow people under 18 to use the app.
  • We do not knowingly collect personal data from minors.

We currently do not run strict age verification, but we rely on app store age ratings and your confirmation when using the app.

If you are a parent or guardian and believe that a minor has created an account or shared data with us, please contact us at privacy@brightcode.digital. We will review the situation and delete the account and related data where appropriate.

12. Cookies and tracking

12.1 In the mobile app

SoberSelf is a mobile app and does not use traditional browser cookies. Instead, we use in-app analytics tools (currently PostHog) that collect technical and usage information as described in Section 2.4.

We do not use advertising SDKs or cross-app tracking SDKs (such as Facebook Ads, Google Ads/AdMob, or attribution networks) at this time.

12.2 On the website

If you visit our website, we may use a privacy-focused analytics tool (such as PostHog or similar) to collect basic usage statistics. If we introduce cookies or similar technologies that go beyond basic analytics, we will update this policy and, where required, provide appropriate notices or consent options.

13. Changes to this policy

We may update this Privacy Policy from time to time as the app evolves, our practices change, or laws are updated.

If we make significant changes, we will:

  • Update the “Last updated” date at the top of this page, and
  • Where appropriate, notify you in the app or by email

If you continue using SoberSelf after changes take effect, you agree to the updated policy. If you do not agree with the changes, you should stop using the app and can ask us to delete your data.

14. Contact us

If you have any questions, concerns, or requests about this Privacy Policy or your personal data, you can contact us at:

Email: privacy@brightcode.digital
Operator: BRIGHT CODE HOLDINGS S.R.L. (Romania)

We’ll do our best to respond in a clear and timely way.