Privacy Policy
Last updated: May 3, 2026
The short version: Journal entries, questionnaire answers, and private reflections are stored locally by default. Basic progress data can sync securely for account recovery. When you use the AI Centurion, your message and limited recent context may be sent through our secure proxy to a third-party AI provider for processing. We do not sell your data or run advertising profiles.
I. Our Philosophy
PHALANX was built with a single, uncompromising principle: your recovery is your business and nobody else's. We believe sensitive self-improvement data deserves clear boundaries and plain disclosure.
II. Data We Collect
Authentication
When you sign in with Apple or Google, we receive:
- A unique user ID (for account recovery)
- An email address - Apple hides your real email through their Private Relay system; Google Sign-In may provide your actual email address
We never see your Apple or Google password. This data is stored in Firebase Authentication and is used solely for account recovery and optional service communications.
What We Do NOT Collect
- We do not build advertising profiles around your behavior
- We do not use advertising networks or ad tracking
- We do not collect precise location data
- Authentication, payments, AI processing, and hosting providers may process limited technical data needed to provide those services
- We never sell or monetize your data
III. Data Storage
Data Stored Locally on Your Device
The following sensitive data is stored locally on your device using encrypted local storage (MMKV) by default:
- Journal entries and private reflections
- Self-tracking questionnaire scores (PPCS-6, PHQ-9, GAD-7)
- AI Centurion chat history saved on your device
- Daily task completions and trigger logs
Data Synced for Account Recovery
The following non-sensitive gamification data is synced to Firebase Firestore when you sign in, solely to enable account recovery if you switch devices:
- Warrior profile (name, appearance preferences)
- Streak data (start date, current streak, highest streak)
- Cosmetic preferences and equipped items
- App settings and notification preferences
This data does not contain personal health information or private reflections. If you uninstall the app, all local data is permanently deleted.
IV. Formation Features
PHALANX does not include a public social feed in v1. If future formation or ally features are added, they will be covered by this policy before release.
If you choose to use future formation features, please note:
- Posts display your warrior name (the in-app name you choose) and your warrior rank - no real names, profile pictures, or other identifiable information is required
- You control your warrior name and can set it to anything - we recommend not using your real name
- We do not track which device submitted which post
V. Self-Tracking Questionnaires
PHALANX includes optional self-report questionnaires (PHQ-9, GAD-7, PPCS-6). Your questionnaire results are:
- Stored only on your device
- Not shared with healthcare providers, researchers, or third parties for diagnosis or research
- Not used for diagnostic purposes; consult a qualified healthcare professional for clinical evaluation
VI. Third-Party Services
- Sign in with Apple / Google: Used only for authentication. We receive a relay email and user ID - never your password.
- Firebase Authentication: Stores your sign-in credentials securely. Subject to Google's Privacy Policy.
- Cloudflare: Routes AI coach requests through a secure proxy and protects service endpoints. The proxy prevents AI provider keys from being exposed in the mobile app.
- AI Centurion Coach: When you use the AI coach, your message, warrior status, and limited recent context may be sent to OpenAI for processing via our Cloudflare proxy. Messages are not stored in PHALANX databases. AI coach transcripts are retained by OpenAI for up to 30 days for trust and safety, then destroyed. PHALANX has opted out of OpenAI model training.
- PostHog: Product analytics after analytics consent is enabled. PHALANX does not use PostHog for advertising profiles.
- Sentry: Crash reporting and error monitoring to improve reliability.
- Beta Feedback: If you submit feedback through the in-app "Report to Command" feature, your message, feedback category, warrior name, rank, streak days, device platform, and OS version are stored in our Firebase database to help us improve the app.
Subscription Payments: If you choose to subscribe to PHALANX Premium, your purchase is processed entirely by your device's app store (Apple App Store or Google Play). We never see or store your payment information. Subscriptions are managed through RevenueCat, which processes transaction receipts to verify your subscription status.
VI-B. Communications
We may send recovery motivation emails to your sign-in email address (e.g., streak reminders, milestone celebrations). You can opt out at any time by using the unsubscribe link in any email or by contacting us.
VII. Children's Privacy
PHALANX is intended for users aged 17 and older. We do not knowingly collect any data from children under 17.
VIII. Your Rights & Account Deletion
You have the right to:
- Delete your data: Use "Reset All Data" in Settings to permanently erase all local data from your device.
- Delete your account: Use "Delete Account" in Settings to permanently remove your Firebase authentication record and all associated server-side data.
- Request data export: Contact us at support@phalanxapp.com to request a copy of any data we hold about you.
Since most sensitive records are stored locally on your device, uninstalling the app will permanently delete the majority of your information. Server-side account and recovery metadata can be deleted through the in-app account deletion flow.
IX. Changes to This Policy
If we ever change this privacy policy, we will update this page and the "Last updated" date above. Our commitment to minimal data collection will never change.
X. Contact
If you have questions about this privacy policy, contact us at: support@phalanxapp.com