Privacy Policy
Last updated: January 10, 2026 — Effective: January 10, 2026
1. Introduction
BeSeen (“we,” “our,” or “the App”) is a mood journaling app built by MBOA, Inc. We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
BeSeen is designed as an offline-first, privacy-first application. Your journal entries are stored locally on your device and are never uploaded to our servers unless you explicitly choose to share them with a partner.
2. Information We Collect
2.1 Information You Provide Directly
- Display Name — The name you enter during onboarding, stored locally on your device.
- Onboarding Survey Responses — Your reasons for using the app and how you heard about it, stored locally.
- Check-In Data — Mood level, mood label, tags, activities, people, locations, and optional text notes. All stored locally on your device in a SQLite database.
- Media Attachments — Photos and voice recordings you attach to check-ins, stored locally on your device filesystem.
- Profile Photo — An optional avatar image, stored locally on your device.
2.2 Information Collected When You Use Partner Features (Optional)
Partner features require you to create an account. If you choose to sign in:
- Authentication Information — If you sign in with Apple, we receive your Apple-provided identity token (and optionally your name and email, as controlled by Apple's privacy settings). If you sign in with email, we collect your email address to send a one-time verification code.
- Shared Check-In Data — When you choose to share a check-in with your partner, the data you select to share (mood, summary, or full entry including media) is uploaded to our servers hosted on Supabase.
- Partner Messages — Replies, buzz notifications, and Invisible Ink messages sent between partners. Invisible Ink messages are end-to-end encrypted using TweetNaCl; we cannot read their content.
- Push Notification Token — If you enable notifications, your device's push token is stored on our server to deliver partner notifications and reminders.
2.3 Information Collected Automatically
- Analytics Events — We use PostHog to collect anonymized usage events (e.g., “check-in created,” “reminder set up,” “partner tab viewed”). These events include metadata such as mood level and tag count but never include your journal text, audio content, image content, or personal details. Analytics are disabled in development builds.
- Device Information — Standard device metadata collected by PostHog (device type, OS version, app version).
2.4 Information We Do NOT Collect
- We do not collect your GPS location or precise location data.
- We do not read or access your contacts, calendar, or other personal data on your device.
- We do not sell, rent, or trade your personal information to third parties.
- We do not use your data for advertising or ad targeting.
- We do not perform user fingerprinting.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core journaling features | Check-in data, media, preferences | Performance of service |
| Enable partner sharing (optional) | Shared check-ins, messages, auth info | Your explicit consent |
| Send notifications | Push token, reminder preferences | Your explicit consent |
| Improve the app | Anonymized analytics events | Legitimate interest |
| Account management | Authentication credentials | Performance of service |
4. Data Storage and Security
4.1 Local Storage (Default)
Your check-in data, preferences, and media are stored locally on your device using SQLite and the device filesystem. This data never leaves your device unless you explicitly share it.
Authentication tokens are stored in your device's secure enclave (iOS Keychain / Android Keystore) via expo-secure-store.
4.2 Cloud Storage (Optional Partner Features)
If you use partner features, shared data is stored on Supabase (hosted infrastructure). Data is protected by:
- Row-level security policies ensuring you can only access your own data.
- Encrypted connections (HTTPS/TLS) for all data in transit.
- Supabase's infrastructure security practices.
Invisible Ink messages are end-to-end encrypted on your device before being sent to the server. We cannot decrypt or read these messages.
4.3 Analytics
PostHog analytics data is sent to PostHog's US servers. No personally identifiable journal content is included in analytics events.
5. Data Sharing
We do not sell your data. We share data only in the following limited circumstances:
- With Your Partner — When you explicitly choose to share a check-in, the data you select is visible to your connected partner.
- Service Providers — We use Supabase (database, auth, storage), PostHog (anonymized analytics), Expo Push Notification Service (notification delivery), and Apple Sign-In (authentication).
- Legal Requirements — We may disclose information if required by law, regulation, or legal process.
6. Your Rights and Choices
- Local Data — You can delete individual check-ins at any time. Uninstalling the app removes all local data.
- Shared Data — You can stop sharing check-ins with your partner at any time.
- Account Deletion — Delete your account from within the app. This permanently removes your authentication record, profile, all partnerships, shared check-ins, partner messages, and uploaded media from our servers.
- Permissions — All device permissions (camera, microphone, photo library) are requested only when needed and can be revoked at any time.
- Notifications — Disable push notifications at any time through your device's Settings or within the app.
- Analytics Opt-Out — Contact us to opt out of analytics data collection.
- GDPR / CCPA Rights — If applicable, you have the right to access, correct, delete, object to processing, or request portability of your personal data. Contact us at the email below to exercise these rights.
7. Children's Privacy
BeSeen is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
8. Data Retention
- Local Data — Retained on your device until you delete it or uninstall the app.
- Shared Data — Retained on our servers until you delete your account or dissolve your partnership.
- Invisible Ink Messages — Automatically deleted from our servers after they are revealed/read by the recipient.
- Analytics Data — Retained according to PostHog's data retention policies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last Updated” date and, where appropriate, through in-app notification. Continued use of the App after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: help@beseen.love
MBOA, Inc.