Privacy Policy
Last updated: 1 June 2026
Selfless Friend was built around one promise: your reflections belong to you. This page is the long version of what that means in practice — what the app keeps on your device, what little it sends out, and what it never collects at all.
The short version
- Your notes, reflections, summaries, and memories live on your device. We do not retain them on our servers.
- To write your nightly reflection and remember context across days, we send your notes and a small amount of derived context to two AI providers (OpenAI and Mistral) for real-time processing. Both providers state that data sent through their APIs is not used to train their models, and we have configured our accounts to keep it that way.
- We collect no analytics, no behavioural tracking, no advertising identifiers, no crash reports.
- There are no accounts. There is no login. There is no email collection.
- Uninstalling the app deletes everything stored on your device.
If those five lines are enough for you, you can stop reading. The rest is detail.
Who we are
Selfless Friend (or "the app") is operated by Sonali Tandon, an individual operating as a sole proprietor from India. References below to "we", "our", or "us" mean the operator.
You can reach us at selflessfriend.connect@gmail.com.
What's stored on your device
Selfless Friend is local-first. The following live in your phone's local storage (AsyncStorage), protected by your phone's own encryption and lock screen. We do not have access to it. If you uninstall the app, all of it is deleted with the app.
- Your name — the name you entered during onboarding
- Your notes — the thoughts you share throughout the day
- Your most recent reflection — what Nova writes back to you each morning. When a new reflection is generated each day, it replaces the previous one — past reflection text is not retained
- Your summaries and memories — the daily and monthly summaries and "core memories" derived from your notes, so Nova can keep continuity over time. Daily summaries are kept for up to 365 entries; older ones are automatically pruned
- Your emotional baseline — patterns the app notices in your tone over weeks (only meaningful after 30+ days of use)
- Your notification preferences and morning delivery time
- Your settings — ambient sound preference, exercise rotation state, mood-shifter notes, and any feel-good content you save inside the app's wellness toolkit
Some of this data (your notes, recent summaries, and a small set of memories) is also sent to AI providers in real time for processing — see the next section.
What is sent off your device, and why
Generating your reflection requires a small amount of help from outside services. Here is the complete list of what leaves your device, where it goes, and why.
To our server
When you write a note or open the app on a new day, the app talks to our own backend, which runs on Cloudflare Workers. The server acts as a passthrough — it does not retain your notes. It receives, forwards to the AI providers, and returns the result.
What we send to the server:
- A hashed, anonymous identifier (see "Your anonymous identifier" below)
- Your notes for the current day (only during reflection generation)
- Recent context — summaries and a small set of relevant memories — to help the AI write a reflection that feels continuous
- Your timezone — used only to calculate when your local "new day" begins (we use 3 AM local time as the daily reset)
Cloudflare's privacy policy: cloudflare.com/privacypolicy
To OpenAI
OpenAI's language models write the text of your nightly reflection. To do this, we send OpenAI:
- Your notes for that day
- A small amount of recent context (summaries and a few relevant memories)
- Your hashed anonymous identifier, passed as OpenAI's safety identifier (used by OpenAI for abuse detection, not for training)
We have configured our OpenAI account to opt out of model training, and we mark every individual request with an explicit instruction not to be stored in OpenAI's request-history. OpenAI states that API requests are not used to train their models unless an organization explicitly opts in to share data — we have not done so and will not. OpenAI's API data policy: openai.com/policies/api-data-usage-policies
To Mistral
Mistral's models extract long-term memories from your notes, so Nova can carry context across days. To do this, we send Mistral:
- Your notes (when extracting daily memories)
- Your daily summaries (when generating monthly summaries every quarter)
We do not send Mistral your name, your anonymous identifier, or any user information. Mistral's view is text-only. The training opt-out toggle in our Mistral account is turned off, meaning Mistral does not use data sent through our integration to train its models. Mistral's privacy policy: legal.mistral.ai/terms/privacy-policy
To RevenueCat (only if you subscribe or restore a purchase)
Subscriptions to Nova Premium are handled by RevenueCat, a standard mobile payments processor. If you subscribe, your purchase event and entitlement status are managed by RevenueCat through the App Store or Google Play. We do not pass your name, notes, reflections, or memories to RevenueCat — they only see subscription state, plus the device-level information their SDK collects (device model, OS version). RevenueCat's privacy policy: revenuecat.com/privacy
Your anonymous identifier
When you first open the app, your device generates a random identifier (a UUID) and stores it locally. Before this identifier is ever sent off your device, it is transformed through one-way hashing — the value that leaves your device is non-reversible, so it cannot be linked back to the original identifier or to you. The hashed identifier is used only to:
- Enforce rate limits to prevent abuse of our service
- Attribute API usage to your device for safety monitoring (at OpenAI's end)
It is not linked to your name, your email, your location, or any contact information — there is none of that on file. If you uninstall and reinstall the app, a new identifier is generated and the previous one becomes meaningless.
Where your data is processed (international transfers)
The third-party providers we use are based outside India and, in some cases, outside the European Economic Area (EEA):
- OpenAI — United States
- Mistral — France (European Union)
- Cloudflare — global infrastructure; your requests are routed through the nearest Cloudflare data center, which may be inside or outside your region
- RevenueCat — United States
If you reside in the EEA or the United Kingdom, sending your notes or anonymous identifier to OpenAI or RevenueCat in the United States constitutes a transfer of your personal data outside the EEA. We rely on the providers' own published safeguards (including standard contractual clauses where applicable) to protect these transfers. By using the App, you consent to your data being processed in the locations listed above.
Third-party providers can change their policies
Any of the AI providers listed above (OpenAI, Mistral, Cloudflare, RevenueCat) may update their data handling practices at any time. We recommend reviewing their current published policies via the links above for the most up-to-date information.
What Selfless Friend does not collect
Selfless Friend does not collect or transmit any of the following.
- Email, phone number, or any contact information. There is no account system.
- Your location beyond the timezone string your phone reports (e.g., "Asia/Kolkata"). No GPS, no IP-based geolocation by us.
- Your IP address in any way we control (Cloudflare may briefly see incoming request IPs at the network level, as any web server would, but we do not log or store them).
- Your contacts, photos, calendar, microphone, or camera. We do not request these permissions.
- Crash reports or device diagnostics. No Sentry, no Crashlytics, no Bugsnag.
- Analytics or behavioural data. No Google Analytics, no Mixpanel, no Amplitude, no PostHog. We do not track how often you open the app, what screens you visit, or how long you stay.
- Advertising identifiers (IDFA, GAID, etc.). We do not show ads. We do not work with ad networks.
How long data is kept
| Where | What | How long |
|---|---|---|
| Your device | Notes, reflections, summaries, memories, settings | Until you uninstall the app |
| Our server | Nothing user-identifying. The server is a passthrough — your notes are not written to disk. | N/A |
| Our server's rate-limit store | The hashed identifier as a key, with no associated value, used only to gate "one reflection per day" | Until 3 AM your local time, then automatically expires |
| Our server's error logs | If a request fails, the hashed identifier and timestamp may be logged for debugging | 7 days, then automatically expires |
| OpenAI | Per OpenAI's API policy, not used for training | Per OpenAI's published policy |
| Mistral | Per Mistral's API policy, not used for training | Per Mistral's published policy |
Security
We take reasonable steps to protect your data, while being honest about the boundaries.
- On your device: your data is stored in your phone's standard app storage (
AsyncStorage), protected by your phone's own encryption and lock screen. The strength of this protection depends on your phone's security settings (PIN, biometric lock, OS-level encryption). - In transit: all communications between the App, our server, and the AI providers use encrypted HTTPS connections.
- API keys and credentials: sensitive credentials for our AI providers are stored in Cloudflare's environment variable system on our server side and are never exposed in the App or in client-side code.
- In our rate-limit store: the only data we hold on our server is the hashed anonymous identifier described above, kept in Cloudflare's encrypted KV namespace with no associated value — so there is nothing meaningful to extract even in a worst case.
- No perfect system: No system can be guaranteed to be completely secure. We commit to applying reasonable safeguards and to investigating and responding to any security incident we become aware of.
Your rights
Different countries grant you different rights over the data we hold about you. Because Selfless Friend stores almost nothing on its servers, most of these rights are satisfied automatically by the architecture. We honour the rights described below regardless of where you live.
Right to know what we have
In practical terms: we have your hashed anonymous identifier in our rate-limit store (which expires within 24 hours), and potentially a 7-day error log entry if one of your recent requests failed. Beyond that, we hold nothing. You can write to us at selflessfriend.connect@gmail.com with any questions.
Right to delete
The complete deletion path is to uninstall the app. Doing so removes everything stored on your device. Any record we may have of your hashed identifier in our rate-limit store will expire on its own within 24 hours. Any 7-day error log entries will also expire automatically.
Right to portability
Settings → Your Data inside the app lets you export your local Selfless Friend data as a backup file. You own this file and can move it to any other device running Selfless Friend, or keep it for your records.
Right to withdraw consent
You can withdraw your consent at any time by uninstalling the app. Because there are no accounts and no user records on our servers, uninstalling is the consent-withdrawal path for v1.
Specific frameworks
India (Digital Personal Data Protection Act, 2023): Operating from India, we are a Data Fiduciary under the DPDP Act. The rights it grants you — consent, access, correction, and erasure — are honoured through the contact email above, and most are satisfied automatically by our local-first design.
European Economic Area and United Kingdom (GDPR / UK GDPR): If you reside in the EEA or UK, you have rights under GDPR including access, rectification, erasure, restriction of processing, portability, and objection.
Our lawful basis for processing your personal data is your consent (GDPR Article 6(1)(a)), given when you accept this Privacy Policy at first launch. We do not rely on any other lawful basis. You may withdraw consent at any time by uninstalling the App; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
EEA and UK residents may also contact their local data protection authority.
California (CCPA / CPRA): We do not sell or share your personal information. We do not use it for cross-context behavioural advertising. We have no "Do Not Sell" link because there is nothing to opt out of.
Children
Selfless Friend is for adults. You must be 18 or older to use it. If you are under 18, please do not use this app. We do not knowingly collect data from anyone under 18. If you believe we may hold data from a minor, please write to selflessfriend.connect@gmail.com.
Changes to this policy
If we update this Privacy Policy in a way that materially changes how we handle your data, we will post the updated Policy in the App or on this website before the change takes effect. Smaller clarifications (typos, formatting, contact details) may be updated without notice. The "Last updated" date at the top of this page always reflects the most recent change.
Contact
Questions, requests, or concerns: selflessfriend.connect@gmail.com.