Privacy Policy

Last updated: 7 May 2026

Stillpoint is built with privacy at its core. This policy explains what data we collect, how we use it, and the choices you have.

Summary

Your journal entries stay on your device. We don't have user accounts. We don't run ads. We don't sell or share your personal data.

Data stored on your device

The following data is created and stored locally on your iPhone, protected by iOS Data Protection encryption:

• Gratitude and achievement entries
• AI-generated reflections
• Emotion check-in responses
• Self-discovery prompt responses
• Onboarding preferences (name, tone, reflection time, chosen companion)
• Session history and streak data
• Meditation session records

This data is not uploaded to any server and is not accessible to us. You can export or delete all your data at any time from the app's Settings.

Self-discovery prompt responses (such as "What do you think shifted?") are stored only on your device. They are never sent to our servers and are never used to train any AI model. If you delete the app or your device, these responses are gone with it.

Data sent to our servers

If you have premium access, your gratitude entries and onboarding context are sent to a Firebase Cloud Function proxy, which forwards the request to Anthropic's Claude API to generate personalised AI reflections. This data is:

• Transmitted over HTTPS encryption
• Processed in real time by Anthropic's Claude API to generate your reflection
• Not stored on our servers or by Anthropic after the reflection is generated
• Not used to train AI models
• Not shared with any third party beyond Anthropic for the purpose of generating your reflection

Our Firebase Cloud Function proxy does not log or store any user data. It forwards the request to Anthropic's API and returns the response directly to the app.

Free users receive pre-written reflections and no data is sent to our servers.

Reflection feedback (optional)

If you long-press a past reflection and tell us how it landed, we send a small piece of feedback to our Firebase server so we can improve the AI reflection prompt. The feedback record contains:

• Your rating ("didn't land", "landed", or "really landed")
• Your optional written comment
• The prompt version that generated the reflection
• An anonymous device identifier (not linked to your name or email)
• The reflection text itself. For "didn't land" feedback, this is sent only if you leave the "Include this reflection" box checked. For "landed" and "really landed" feedback, the reflection text is always sent so we can learn what's working.

You can submit feedback without including the reflection text by unchecking the box before sending. We use this data only to improve the AI reflection prompt. It is not used to train AI models and is not shared with any third party.

Screen Time API

Stillpoint uses Apple's Screen Time API (FamilyControls framework) with individual authorisation. This means:

• You choose to opt in during onboarding or in Settings
• The app can temporarily shield other apps at your chosen daily time
• No information about your app usage, screen time, or browsing is collected or transmitted
• You can disable the screen lock at any time in Settings or via the emergency override
• You can revoke authorisation entirely via iOS Settings > Screen Time

Analytics

Stillpoint uses Firebase Analytics and Firebase Crashlytics to understand how the app is used and to identify crashes. This data is anonymous and not linked to your identity. It includes:

• App launches, session completions, and feature usage (anonymous, aggregate)
• Crash reports and performance data (anonymous)
• Device type and OS version (not linked to you)

Firebase Analytics uses a device identifier for aggregate reporting. This identifier is not linked to your personal data or journal entries. No advertising identifiers (IDFA) are collected. See Firebase's privacy documentation.

Bursary (Community Access)

Stillpoint offers a bursary for users who cannot afford a subscription. When you apply for a bursary, we collect:

• Your email address (for bursary confirmation)
• A short reflection on why a daily practice matters to you
• Your intended usage frequency
• Optional marketing consent

This data is sent to our Firebase server and forwarded to our team. Your email will only be used for bursary-related communication (and marketing updates if you opt in). The bursary grants 60 days of full premium access. The access expiry date is also stored locally on your device.

Subscriptions

Stillpoint offers three monthly subscription tiers, all handled entirely by Apple through StoreKit and the App Store:

• Support — $12.99/month
• Standard — $7.99/month
• Community — $3.99/month

All three tiers provide identical premium features. The different price points exist so you can choose what feels right for you. We do not collect or store your payment information. Subscription management and billing are governed by Apple's terms.

Children's privacy

Stillpoint is suitable for users aged 13 and over. The app stores data locally on the user's device and does not require an account. Users under 16 in the European Economic Area or the United Kingdom should obtain parental or guardian consent before using the app, in accordance with GDPR. Parents and guardians can review or delete a user's data at any time using the Export and Delete features in Settings.

Data export and deletion

You can export all your data as a JSON file or permanently delete all data from within the app's Settings screen. Since data is stored locally, deleting the app also removes all data.

Your rights under GDPR

If you are located in the European Economic Area or the United Kingdom, you have the right to access, correct, delete, or export your personal data. Since your data is stored locally on your device, you can exercise these rights directly using the Export and Delete features in the app's Settings.

If you have any questions or wish to exercise your rights, contact us at hello@stillpoint.tools. We will respond within 30 days.

Data controller

The data controller for Stillpoint is Will Perkins, operating as a sole trader based in England. For data protection enquiries, contact hello@stillpoint.tools.

Third-party data processors

When you use premium AI reflections, your session data is processed by:

• Google Cloud (Firebase Cloud Functions) — routes requests between the app and the AI provider. Does not log or store user data.
• Anthropic — provides the Claude AI model used to generate reflections. Anthropic does not store API inputs or outputs by default and does not use them for model training. See Anthropic's privacy policy.
• Google (Firebase Analytics & Crashlytics) — collects anonymous usage and crash data. Does not receive your journal entries or personal data. See Firebase privacy documentation.

No other third parties receive your personal data.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, contact us at hello@stillpoint.tools.