Selfbased is a self-improvement game built by a small team. This policy explains what we collect, why we collect it, and the control you have over it. We keep it in plain language on purpose, and every claim in it describes what the app actually does.

At a glance

Who this covers

This policy applies to the Selfbased mobile app, the web app at selfbased.app, and this website. When we say "Selfbased," "we," or "us," we mean the people who build and run the app. When we say "you," we mean the person using it. Questions at any point: support@selfbased.app.

Information we collect

Things you give us directly:

  • Account information. Your email address and a password (stored only as a secure hash — we can't read it). We generate a username, display name, and friend code for you, which you can change. We also record when you accepted our Terms and this policy, and which version you accepted.
  • Profile. Your avatar image and equipped title. Your avatar is stored so that friends' apps can display it — treat it as visible to others.
  • Content you create. The quests, tasks, missions, routines, and notes you log; the stats, XP, streaks, and coins you build; your goals and the plans around them; and money entries if you use the finance tools (amounts, categories, budgets — never bank credentials, which we don't ask for and can't access).
  • Health-adjacent content. Workouts, hydration, breathwork sessions, focus sessions, meals and their estimated nutrition, and — if you use the habit-breaking tool — the urges you log and the triggers you describe in your own words. This is sensitive by nature and we treat it that way: it's used only to power those features for you, and it's never shared with other users unless you share it yourself.
  • Photos you add. Images you capture or upload for specific features: proofs and Instants you share with friends, meal photos for intake tracking, garment photos and an optional face photo for the Virtual Wardrobe, and your profile avatar. Photos are only ever processed for the feature you submitted them to (see the AI section below).
  • Social graph. Friend connections, friend requests, blocks, party memberships, story views, and reactions, so the social features work. If you report another user, we keep the report.

Things collected automatically:

  • Usage analytics. The app records product events — screens viewed, features opened, session identifiers, platform, and app version — and sends them to our own analytics endpoint. This is first-party: it goes to our servers, not to a third-party analytics company. On the web, Vercel Analytics additionally collects anonymous, aggregated page-view data.
  • Technical and security data. Device platform and browser info on requests, and a one-way hash of your IP address (not the raw IP) stored with security-relevant events to prevent fraud and abuse.
  • Diagnostics. If you submit a bug report, we keep it — with your email, the page you were on, and your message. We automatically redact sensitive strings (tokens, card-like numbers) from report text before it's stored or emailed to us.
  • AI usage counters. How many AI tokens your requests used per day, so we can enforce fair-use limits.

Things from third parties:

  • Google Sign-In. Where available, if you sign in with Google we receive your basic Google profile — name, email, and profile picture — to create or link your account. Nothing else from your Google account.

Payments:

  • On the web, payments and subscriptions run through Stripe; on Android, through Google Play. We never receive or store your card number — the payment processor handles it. We store what we need to honor your subscription: your tier, its status and renewal dates, and processor reference IDs.

How we collect it

  • From what you type and capture — forms, the in-app camera, and photo uploads.
  • Automatically — the product events, technical data, and security logs described above.
  • From integrations you choose — Google Sign-In, and your app store when you subscribe.

Cookies and local storage. The web app stores, in your browser's local storage: your Supabase login session (so you stay signed in), an anonymous analytics ID, a small queue of pending analytics events, and the referral source you arrived from. Vercel Analytics uses session storage for anonymous session grouping. That's the full list — there are no marketing or advertising cookies, and no cross-site trackers. You can clear all of it through your browser's site-data settings; you'll just be signed out.

How we use it

Concretely, per feature — not "to improve our services":

  • To run the core game loop: your quests, XP, ranks, coins, streaks, tools, and rewards, synced across your devices.
  • To power the social features: friend profiles, proofs and Instants, parties, stories, and reactions — shown only to the people you share them with.
  • To analyze the meal photo or description you submit and estimate its calories and macros for intake tracking.
  • To generate your Virtual Wardrobe avatar and outfit previews from the face and garment photos you submit.
  • To estimate stat percentiles from achievements you describe, and to research and plan the goals you create.
  • To process payments and honor your subscription.
  • To keep the service secure: rate limiting, fraud and abuse prevention, and enforcing our Terms.
  • To respond when you contact support, report a bug, or exercise a privacy right.
  • To comply with legal obligations when we genuinely have to.

If we ever want to use your data for a purpose not listed here, we'll update this policy first.

AI features — full disclosure

Selfbased uses artificial intelligence. Specifically:

  • Photo analysis: meal photos you submit are analyzed by Google Gemini to estimate nutrition; wardrobe item photos are analyzed by Google Gemini for naming and categorization, and by remove.bg for background removal.
  • Image generation: the Virtual Wardrobe uses OpenAI image models to generate your avatar and outfit previews from photos you submit.
  • Text analysis: stat assessments, meal descriptions you type, and goal planning are processed by Anthropic's Claude models; goal planning may also query Brave Search for real-world sources.

How this works, honestly:

  • AI only ever runs on content you actively submit to that feature. Nothing is scanned or processed in the background.
  • Your content is sent over an encrypted connection to the provider's developer API (not their consumer apps), used to return a result to you, and we never grant any provider the right to use your content for advertising or to sell it.
  • AI estimates can be wrong. Nutrition numbers, stat percentiles, and generated plans are estimates for a game — treat them accordingly, and see the no-medical-advice section of our Terms.
  • The current AI providers, and exactly what each receives, are listed on our Subprocessors page.

Legal basis for processing

If you're in the EU/EEA or UK, the law asks us to name a legal basis for each use. Here's the mapping:

  • Contract — running your account, the game loop, sync, social features, and payments: we process this data because you asked us to provide the service.
  • Consent — photos you submit to AI features and health-adjacent content you choose to log. You can stop providing it at any time, and deleting your account withdraws it entirely.
  • Legitimate interest — first-party analytics, security logging (hashed IPs), and fraud prevention: keeping the service working and safe, in ways you'd reasonably expect.
  • Legal obligation — retaining payment records for tax and accounting, and responding to valid legal requests.

Sharing and subprocessors

We share data with exactly two kinds of recipients:

  • Service providers that run Selfbased — hosting, database and storage, authentication, payments, email, and AI processing. Each receives only what it needs to do its job, under its own data-protection terms. The complete, current list of every company that processes Selfbased data — what it does, what it receives, and where — is our Subprocessors page.
  • Legal authorities, if we receive a valid legal demand we're required to honor. We don't volunteer your data.

International data transfers

Our database and storage run on Supabase in the United States (AWS us-west-2, Oregon), and our website and API are hosted on Vercel, also US-based. One image-processing provider (remove.bg) operates from the EU. If you use Selfbased from outside the US, your data is transferred to and processed in the US. Where EU/UK law requires a transfer mechanism, we rely on our providers' standard data-protection terms, including Standard Contractual Clauses where applicable.

How long we keep it

  • Account data is kept while your account is active.
  • Proofs and Instants — you choose at posting time. By default a proof expires: 24 hours after posting it becomes inaccessible to you and everyone else (enforced at our database layer on every read), and a daily cleanup job then permanently deletes the expired photo and its record from our systems. If you instead choose "Keep", the proof stays on your profile until you delete it. Either way, you can delete any proof you posted at any time, in the app — deletion removes both the record and the stored photo immediately.
  • Bug reports and security logs (with hashed IPs, not raw ones) are kept for fraud-prevention and diagnostics.
  • When you delete your account, your account and its data — profile, content, photos, health entries, social graph, uploaded media — are deleted immediately. Three narrow categories survive: payment records (required for tax, billing disputes, and fraud prevention — scrubbed of personal identifiers), security and moderation records (fraud and abuse prevention), and the record of your deletion request itself (proof we honored it).

Your rights and choices

Wherever you live, we give you the same set of controls:

  • Access and export — ask us for a copy of your data.
  • Correction — fix your profile in-app, or ask us for anything you can't edit yourself.
  • Deletion — delete your account in-app (Settings → Account) or via selfbased.app/account-deletion. Deletion is immediate, as described above.
  • Objection and restriction — ask us to stop or limit a specific use of your data.
  • Complaint — if you're in the EU/EEA or UK, you can lodge a complaint with your local supervisory authority. We'd appreciate the chance to fix it first.

To exercise any of these, email support@selfbased.app. We respond within 30 days. You can also revoke camera and notification permissions at any time in your device settings, and control what friends see through the app's privacy settings.

Security

What we actually do, not a security brochure:

  • All data is encrypted in transit (TLS) and encrypted at rest by our database provider.
  • Row-level security is enabled on our database tables, so the database itself enforces that you can only read your own data (and the things friends explicitly share with you).
  • All AI and payment provider keys live server-side only — they are never shipped in the app.
  • We rate-limit requests, cap AI usage per user, hash IP addresses rather than storing them raw, and redact sensitive strings from bug reports automatically.

No system is 100% secure, and we won't pretend otherwise. If something goes wrong that affects your data, we'll act quickly and tell you.

Children

Selfbased is not directed to children under 13, and you must be at least 13 to create an account, per our Terms. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has given us personal data, email support@selfbased.app and we will delete the account and its data.

Changes to this policy

If we make a meaningful change — a new data type, a new subprocessor, a new purpose — we'll update the date at the top and, for material changes, give you prominent notice in the app or on this site before it takes effect. Continuing to use Selfbased after a change means you accept the updated policy.

Contact

Questions about your privacy? Email support@selfbased.app — a human reads it, and you'll hear back within a few days.

Selfbased is operated by [PLACEHOLDER — legal entity name and registered address].

Effective date and governing law

This policy is effective as of July 3, 2026. It is governed by the laws of [PLACEHOLDER — governing jurisdiction], without prejudice to protections your local law gives you that can't be waived.