PositiveAI® Privacy Policy

# Privacy PolicyLast Updated: January 13, 2026Effective Date: January 13, 2026Legal Entity: KUROMNIS LTD (Company No. 14569958), trading as PositiveAIPositiveAI® ("we," "us," or "our") operates the Orb mobile application (the "App" or "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.---## 1. Privacy of Your ContentAll user-generated content you create in Orb is private by default and is not visible to, discoverable by, or shared with other users, except where you explicitly choose to use a feature that enables sharing.This includes:
- Check-in records (morning and evening completions)
- Progress data (current day, milestone achievements, frozen days, regression events)
- Mood tracking responses and emotional state entries
- AI coaching conversations (Premium subscribers only)
- Preferences and settings
- All other personal inputs and dataException: Fusion Peer Matching FeatureWhen you choose to use the Fusion feature and are matched with another user:
- Chat messages you send during the Fusion session are visible to your matched peer
- All messages are automatically screened through AI-powered content moderation to detect and prevent harmful content (harassment, hate speech, sexual content, violence, etc.)
- Messages are temporary and automatically deleted when either user leaves the session
- No persistent message history is retained
- Your identity remains anonymous (only a random username is visible)
- You can block users to prevent future matches
- You can report inappropriate behavior at any timeContent Moderation:
- We use automated AI moderation (OpenAI's Moderation API) to screen all Fusion chat messages in real-time
- Moderation checks for: harassment, hate speech, sexual content, violence, self-harm, illegal activity
- Severe violations result in message rejection and potential account suspension
- Moderation occurs automatically—no human moderators read your messages unless you file a report
- Only message content is sent for moderation screening (no personal identifiers)Your Control:
- You decide whether to use Fusion (it is entirely optional)
- You can leave a Fusion session at any time
- You can block users you don't wish to interact with
- You can report users who violate community standards
- You can delete your account at any time, removing all your dataNo Public Discovery:
- Other users cannot search for you, view your profile, or see your content
- Your progress data, mood entries, and AI coaching conversations are never shared with other users
- We do not create public leaderboards, social feeds, or user directories---## 2. Information We Collect### 2.1 Account & Authentication DataAnonymous Accounts (Default):When you first use the App, we automatically create an anonymous account with a Firebase-generated unique identifier (UID). We collect:
- Unique anonymous user ID (Firebase UID)
- Device installation IDWe do not collect:
- Email address
- Name
- Phone number
- Any other personal informationAnonymous account data is stored locally on your device only and is not synced to the cloud.Full Accounts (Optional):If you choose to upgrade to a full account by signing in with Apple or Google, we collect:
- Email address (from sign-in provider)
- Name (if provided by sign-in provider)
- Profile information (if provided by sign-in provider)
- Authentication tokensFull account data is synced to cloud storage (Firebase Cloud Firestore) for cross-device access.### 2.2 Progress & Usage DataWe collect information about your use of the App's core features:Check-In & Progress Data:
- Current day number and progress state
- Morning and evening check-in completion timestamps
- Daily completion history
- Milestone achievements (Days 1, 7, 14, 30, 60, 90)
- Grace period status at milestones (number of misses remaining)
- Frozen day status
- Regression events (when you move backward) and their classificationsMood Tracking:
- Mood check-in responses at milestone days
- Cumulative mood scores over time
- Emotional state patterns (anonymized for research)Visual Tracker Interactions:
- Tap, drag, and gesture interactions with the progress tracker
- Fusion activation attempts (long-press charges)
- Screen view durationsNotification & Preference Data:
- Notification permission status
- Custom check-in reminder times (morning/evening)
- Timezone information (used for accurate 4:00 AM daily reset timing)
- In-app settings and preferences### 2.3 Peer Matching (Fusion) DataWhen you use the Fusion feature, we collect:Match Data:
- Anonymous match records (you were paired with another user)
- Match timestamp and duration
- Match outcome (completed/abandoned)
- Block list (anonymous user IDs you've blocked)Chat Messages (Temporary):
- Messages exchanged during Fusion sessions
- All messages are automatically screened through AI-powered content moderation (OpenAI's Moderation API) to detect harmful content
- Messages are processed in real-time for safety screening before delivery
- Messages are automatically deleted when either user leaves the session
- No persistent message history is retained
- See Section 1 for full details on content moderationSafety & Moderation:
- Reports of inappropriate behavior (with context for review)
- Content moderation flags and outcomes### 2.4 AI Coaching Data (Premium Only)If you subscribe to Premium, we collect:Conversation History:
- Chat messages you send to the AI coaching assistant
- AI responses and guidance provided
- Conversation context and memory (for personalized coaching)
- Timestamps and session dataImportant: AI coaching messages are sent to Anthropic's Claude API for processing. Anthropic's data practices are governed by their privacy policy (see Section 5.1).### 2.5 Subscription DataWe collect information about your subscription through Apple's App Store:
- Subscription tier (Standard or Premium)
- Subscription status (active, expired, cancelled)
- Purchase date and renewal date
- Payment method (managed by Apple, not visible to us)
- Transaction IDsNote: We do not process payments directly or store payment card information. All billing is handled by Apple.### 2.6 Device & Technical DataWe collect technical information about your device and app usage:Device Information:
- iOS device type (iPhone, iPad, iPod touch)
- iOS version
- Device model identifier
- Screen size and orientation
- App version and build numberAnalytics & Performance:
- Anonymous usage analytics:
- Daily state outcomes (day kept, day slipped, day frozen, day reborn)
- Regression event types
- Grace period usage patterns
- Feature usage frequency (Fusion, mood tracking, statistics)
- Subscription tier changes
- App performance metrics (load times, memory usage)
- Crash reports and error logs
- Network connectivity statusImportant: Analytics data is anonymized and aggregated—it cannot be traced back to individual users.### 2.7 Information We Do NOT CollectWe do not collect:
- Location data
- Contact list
- Photos or media
- Browsing history
- Data from other apps
- Biometric data
- Health data (beyond the mood self-reports you voluntarily provide)---## 3. How We Use Your Information### 3.1 Core Service FunctionalityAccount Management:
- Authenticate users and maintain account state (anonymous or full)
- Sync data across devices (full accounts only)
- Recover accounts when switching devicesProgress Tracking:
- Store and display your check-in history, current day, and milestone achievements
- Calculate progression, regression, and grace periods
- Track frozen day statesDaily Reset System:
- Use timezone data to trigger accurate 4:00 AM daily resets
- Determine check-in window availability (morning: 4am-12pm, evening: 5pm-4am)Notifications:
- Send reminders for morning and evening check-ins based on your custom times
- Deliver milestone celebration messages
- Alert you about important account events### 3.2 Feature DeliveryPeer Matching (Fusion):
- Match you with another active user seeking connection
- Facilitate anonymous temporary chat
- Moderate content for safetyMood Tracking:
- Store mood responses at milestones
- Generate mood trend visualizations
- Provide insights into emotional patterns over timeStatistics & History:
- Display progress charts and calendars
- Show regression patterns and completion rates
- Generate exportable data reports (upon request)AI Coaching (Premium):
- Process your messages through Anthropic's Claude API
- Provide personalized guidance and insights
- Maintain conversation context across sessions### 3.3 Safety & Content ModerationFusion Chat Safety:
- Screen all chat messages through AI moderation (OpenAI Moderation API)
- Detect and prevent harassment, sexual content, hate speech, and illegal activity
- Investigate user reports of inappropriate behavior
- Enforce blocks and bansAccount Security:
- Detect and prevent fraudulent account creation
- Identify and terminate accounts that violate Terms of Service
- Protect against automated abuse (bots, scrapers)### 3.4 Service ImprovementBug Fixing & Optimization:
- Use crash reports and error logs to identify and resolve technical issues
- Analyze app performance metrics to improve speed and reliability
- Test new features with subsets of users (A/B testing)Feature Development:
- Understand which features are valuable through anonymized usage patterns
- Prioritize development based on user needs
- Design better user experiencesResearch:
- Aggregate anonymized mood and consistency data to study habit formation patterns
- Publish research findings (always anonymized, never personally identifiable)
- Improve understanding of behavioral psychology### 3.5 Subscription ManagementBilling & Access:
- Verify subscription status with Apple's App Store
- Enable Premium features for Premium subscribers
- Coordinate subscription renewals and cancellationsCustomer Support:
- Respond to support inquiries
- Troubleshoot technical issues
- Process refund requests (through Apple)
- Handle account recovery requests### 3.6 Legal & ComplianceLegal Obligations:
- Comply with applicable laws and regulations
- Respond to legal requests (court orders, subpoenas)
- Enforce our Terms of Service
- Protect our rights and propertyTax & Financial Reporting:
- Maintain records required for tax compliance
- Report revenue to relevant authorities---## 4. How We Store & Protect Your Information### 4.1 Data Storage LocationsLocal Storage (Anonymous Accounts):
- Stored on your iOS device in secure storage:
- iOS Keychain (authentication tokens)
- UserDefaults (preferences)
- Local JSON files (progress data)
- Encrypted by iOS device-level encryption
- Data is lost if app is deletedCloud Storage (Full Accounts):
- Stored in Firebase Cloud Firestore (Google Cloud Platform)
- Server locations: Europe
- Encrypted in transit (TLS 1.3) and at rest (AES-256)
- Backed up with geographic redundancy for data protection### 4.2 Data Security MeasuresWe implement industry-standard security measures:Encryption:
- All data transmission uses HTTPS/TLS 1.3 encryption
- Data at rest is encrypted using AES-256
- Authentication tokens are securely stored and automatically refreshedAccess Controls:
- Firebase Security Rules enforce user-scoped data access (you can only read/write your own data)
- API keys and secrets are stored server-side, not in app code
- Multi-factor authentication required for administrative accessData Minimization:
- We collect only the data necessary for Service functionality
- Fusion chat messages are ephemeral (not persistently stored)
- Anonymous analytics remove all user identifiersRegular Security Audits:
- Periodic reviews of access logs
- Vulnerability scanning
- Third-party security assessmentsHowever, please note: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.---## 5. How We Share Your Information### 5.1 Third-Party Service ProvidersWe share data with the following third-party services to operate the Service:Firebase (Google Cloud Platform)Purpose: Authentication, cloud database, and storage
Data Shared:
- User authentication tokens
- All cloud-synced data (for full account holders)
- Anonymous usage metricsData Processing: Google processes data as a service provider on our behalf
Privacy Policy: https://firebase.google.com/support/privacy---Anthropic (Claude API)Purpose: AI coaching (Premium subscribers only)
Data Shared:
- Chat messages you send to AI coaching assistant (Premium only)Important Notes:
- We do not share your name, email, or account identifiers with Anthropic
- Only message content is sent for processing
- According to Anthropic's policies, API data may be used to improve their models unless you opt outData Processing: Anthropic processes data as an independent service provider
Privacy Policy: https://www.anthropic.com/privacy---OpenAI (Moderation API)Purpose: Content moderation for Fusion peer-to-peer chat
Data Shared:
- Fusion chat messages (for real-time safety screening only)Important Notes:
- We do not share your name, email, or account identifiers with OpenAI
- Only message content is sent for moderation screening
- Messages are screened in real-time to detect harmful content before delivery
- According to OpenAI's policies, data sent to the Moderation API is not used to train their modelsData Processing: OpenAI processes data as an independent service provider
Privacy Policy: https://openai.com/privacy---Apple Inc.Purpose: Subscription management and authentication
Data Shared:
- Subscription status and purchase history
- Apple ID email (if using Sign in with Apple)
- Transaction dataData Processing: Apple processes data according to their privacy policy
Privacy Policy: https://www.apple.com/legal/privacy/---Google LLC (Optional)Purpose: Authentication (if you choose Google Sign-In)
Data Shared:
- Google account email and profile informationData Processing: Google processes data according to their privacy policy
Privacy Policy: https://policies.google.com/privacy### 5.2 We Do NOT Sell Your DataWe do not sell, rent, or trade your personal information to third parties for marketing purposes.### 5.3 Legal DisclosuresWe may disclose your information if required by law:
- To comply with legal obligations (court orders, subpoenas, warrants)
- To protect our rights, property, or safety
- To protect the rights, property, or safety of our users or the public
- In connection with legal proceedings
- To prevent fraud or illegal activity### 5.4 Business TransfersIn the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email (full accounts) or in-app notification before your information is transferred and becomes subject to a different privacy policy.### 5.5 Aggregated & Anonymized DataWe may share aggregated, anonymized data that cannot identify you personally:
- Academic researchers studying habit formation
- Public reports about app usage trends
- Industry analytics and benchmarking---

## 6. Data Retention### 6.1 Active AccountsWhile your account is active, we retain:
- Check-in history and progress data: Indefinitely
- Mood tracking data: Indefinitely
- AI coaching conversation history (Premium): Indefinitely (for continuity)
- Fusion match records: 30 days, then automatically deleted
- Fusion chat messages: Immediately deleted when either user leaves (no retention)
- Device and analytics data: Up to 2 years### 6.2 Deleted AccountsWhen you delete your account:
1. Your account enters a 7-day grace period during which you can still access the app
2. After 7 days, we permanently delete:
- Cloud-stored user profile and authentication data
- Check-in history and progress data
- Mood tracking responses
- Fusion match history
- AI coaching conversations (Premium)
- Preferences and settingsWhat we retain after deletion:
- Anonymized analytics data (with all personal identifiers removed): Up to 2 years
- Financial transaction records: 7 years (required by tax law)
- Aggregated research data: Indefinitely (cannot be traced to you)Anonymous accounts: Deleting the app instantly removes all data (no cloud storage exists).### 6.3 Inactive AccountsIf a full account remains inactive (no logins) for 3 years, we may delete it following the same process as user-initiated deletion, with advance notice sent to the email on file.---## 7. Your Data RightsDepending on your location, you may have the following rights regarding your personal data:### 7.1 Right to AccessYou can request a copy of all personal data we have about you. Contact us at [email protected] with "Data Access Request" in the subject line.We will provide your data in a structured, commonly used format (JSON) within 30 days.### 7.2 Right to CorrectionYou can update your account information:
- In the app: Settings → Account → Update Profile
- By contacting support if you cannot make the changes yourself### 7.3 Right to DeletionYou can delete your account at any time:
- In the app: Settings → Account → Delete Account
- By contacting [email protected]See Section 6.2 for details on what happens when you delete your account.### 7.4 Right to Data PortabilityYou can request an export of your data in a machine-readable format (JSON). Contact [email protected] with "Data Export Request."We will provide:
- Complete check-in history
- Mood tracking data
- Milestone achievements
- Regression event log
- Account metadata### 7.5 Right to ObjectionYou can object to certain data processing activities:
- Analytics: Contact us to opt out of anonymized usage analytics
- AI Coaching: Stop using the feature or cancel Premium subscription
- Fusion: Don't use the feature or cancel subscription### 7.6 Right to Withdraw ConsentWhere we rely on your consent to process data, you can withdraw consent at any time by:
- Deleting your account
- Cancelling your subscription
- Revoking notification permissions in iOS Settings### 7.7 Right to Lodge a ComplaintIf you believe we have mishandled your data, you have the right to lodge a complaint with a data protection authority in your jurisdiction:
- UK: Information Commissioner's Office (ICO) - https://ico.org.uk
- EU: Your local Data Protection Authority---## 8. Children's PrivacyThe Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.Fusion age restriction: The Fusion peer matching feature requires users to be 18 years or older due to the anonymous peer-to-peer chat functionality.If we discover that a child under 13 has provided us with personal information, we will delete it immediately. If you believe a child under 13 has created an account, contact us at [email protected].---## 9. International Data TransfersIf you access the Service from outside the United Kingdom, your data may be transferred to and processed in:
- United Kingdom
- European Union
- United States (for Firebase and Anthropic Claude API services)We ensure that such transfers comply with applicable data protection laws through:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Adequacy decisions by regulatory bodies
- Consent where required---## 10. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via in-app notification
- Notify full account holders via email (if applicable)
- Request your consent where required by lawYour continued use of the Service after changes take effect constitutes acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and delete your account.Platform expansions: When we launch Android and web versions, this policy will be updated to reflect any platform-specific data collection practices. We will notify users before such changes take effect.---## 11. California Privacy Rights (CCPA)If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):Right to Know: You can request details about the categories and specific pieces of personal information we've collected in the past 12 months.Right to Delete: You can request deletion of your personal information (subject to certain exceptions).Right to Opt-Out of Sale: We do not sell your personal information, so there is nothing to opt out of.Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.Authorized Agent: You may designate an authorized agent to make requests on your behalf.To exercise these rights, contact us at [email protected] with "CCPA Request" in the subject line. We will verify your identity before processing your request.---## 12. European Union / UK GDPR RightsIf you are located in the EU or UK, you have rights under the General Data Protection Regulation (GDPR):Legal Basis for Processing:
- Contract Performance: We process data necessary to provide the Service you've subscribed to
- Legitimate Interests: We process data for analytics, security, and service improvement
- Consent: We process data you voluntarily provide (mood tracking, AI coaching conversations)
- Legal Obligations: We process data required for tax and financial reportingYour GDPR Rights:
- Right to access your data
- Right to rectify inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making (we do not use automated decision-making that significantly affects you)Data Protection Officer: [INSERT IF APPLICABLE, OR REMOVE THIS SECTION]To exercise your rights, contact [email protected]. We will respond within 30 days.---## 13. Contact UsIf you have questions, concerns, or requests regarding this Privacy Policy or our data practices:Email: [email protected]Mailing Address:
KUROMNIS LTD (trading as PositiveAI)
Stevenstone Barton
Upton Pyne
Exeter, EX5 5HT
United KingdomCompany Number: 14569958Response Time: We typically respond within 48 hours (Premium subscribers receive priority support).---## 14. Transparency & TrustWe believe in transparency about our data practices. This Privacy Policy is written in plain language to help you understand exactly what happens to your information.Key Principles:
- We collect only what we need to provide and improve the Service
- We do not sell your data to third parties
- Fusion chats are truly ephemeral—no message history is retained
- You have full control over your data through deletion and export options
- We use industry-standard security measures to protect your informationOpen Communication: If you have concerns about how we handle data, we encourage you to contact us. We're committed to addressing privacy issues transparently and promptly.---By using Orb by PositiveAI®, you acknowledge that you have read and understood this Privacy Policy.

• Support

• Terms

© 2026 PositiveAI. All rights reserved.