Neurture

Privacy policy

Last Updated: October 1, 2025

1. Introduction

Welcome to Neurture. This Privacy Policy outlines our practices regarding the collection, use, and sharing of information when you use our app.

Privacy-first design: Nearly all of your data—including journal entries, check-ins, conversations, plans, and progress tracking—is stored locally on your device. We do not store this personal content on our servers. The only data shared with third-party services is what's necessary to provide specific features like AI chat and image-to-text conversion, as detailed below.

2. Data Collection

We do not collect personally identifiable information from our users. However, we do collect the following:

  • Images of handwritten journal entries
  • Chat messages submitted for interaction with our AI feature

We also collect analytics and technical information to improve the app:

  • PostHog (usage analytics): Generic actions taken within the app (e.g., starting a new conversation, saving a journal entry), interaction with app features, and aggregated performance metrics. PostHog does not collect personally identifiable information.
  • Sentry (error logging): Error messages, stack traces, and technical diagnostic information when the app encounters issues. Personally identifiable information is automatically scrubbed before being sent to Sentry.

If you install Neurture from a partner link we store a non-personal partner identifier so we can share revenue with that partner. No health data is shared.

3. Data Use

The collected data is used for:

  • Converting handwritten journal entry images to text (using Google Cloud)
  • Processing chat messages (using OpenAI API)
  • Analyzing app usage and interaction patterns (using PostHog)
  • Monitoring and fixing technical errors (using Sentry)

4. Data Sharing

Data is shared with:

  • OpenAI for processing chat messages
  • Google Cloud for converting handwritten images to text
  • Supabase for temporary storage of journal images during text conversion and for authentication
  • PostHog for user metrics
  • Sentry for error logging and monitoring

These third-party services handle your data according to their privacy policies.

5. Data Management and User Rights

Users can view, modify, and delete their data within the app. For image-to-text (OCR), any journal images temporarily uploaded for transcription are deleted immediately after processing. If processing is interrupted, an automated cleanup removes any remaining images within approximately 60 minutes.

Data deletion requests can be made via email to privacy@neurtureapp.com.

Our app retains on-device data until you delete it. For transient OCR uploads, see the deletion timeline above. Third-party providers may retain limited operational logs according to their privacy policies.

6. Data Security

We take data security seriously and work with industry-leading service providers who implement strong security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS 1.2 or higher, and at rest using industry-standard AES-256 encryption.
  • OpenAI (chat processing): Does not use your data to train AI models. Data is retained for 30 days for abuse monitoring, then deleted. SOC 2 Type 2 and ISO 27001 certified.
  • Google Cloud (journal image processing): Images are processed in memory and not saved to disk. Google does not use your images to train models or claim ownership of your content. HIPAA-compliant and ISO 27001 certified.
  • Supabase (image storage and authentication): Journal images are temporarily uploaded solely for text conversion, then passed to Google Cloud. Images are deleted immediately after successful processing; if processing is interrupted, an automated cleanup removes any remaining images within approximately 60 minutes. Provides enterprise-grade security with encryption at rest and in transit. SOC 2 Type 2 certified and GDPR compliant.
  • PostHog (analytics): SOC 2 Type II certified with encryption and access controls. Does not require personally identifiable information.
  • Sentry (error monitoring): Automatically scrubs personally identifiable information from error reports. SOC 2 Type 2 and ISO 27001 certified. Error data retained for 30 days, then deleted. Does not track users across apps.

In the event of a data breach, we will notify affected users via email and in-app notifications.

7. Children's Privacy

Our app is not targeted at children under the age of 13, and we do not knowingly collect data from them.

8. Privacy Policy Changes

We may update this policy and will notify users of any changes through the app.

9. Contact Us

For questions about this Privacy Policy, contact us at privacy@neurtureapp.com.