Privacy Policy

1. Who We Are

MarrowMind is operated by Empire Eats Games LLC ("Company," "we," "us," or "our"), a company registered in the United States. MarrowMind is a daily mental wellness utility application available on iOS and Android.

For privacy inquiries, contact us at info@marrowmind.com.

2. Scope of This Policy

This Privacy Policy applies to:

• The MarrowMind mobile application (iOS and Android)
• The MarrowMind website located at marrowmind.com
• Any related services or communications from Empire Eats Games LLC

This policy does not apply to third-party services or websites linked from MarrowMind. We are not responsible for the privacy practices of those third parties.

3. Important Disclaimer — Not a Medical Service

4. Information We Collect

4.1 Information You Provide

• Account Information: Email address and display name (required to create an account via Firebase Authentication).
• Authentication Credentials: Managed securely by Google Firebase Authentication. We do not store passwords in plain text.
• Journal Entries: Text content you write in the journaling feature, stored in your private user account.
• Chat Messages: Messages you send to the AI chat assistant, stored temporarily to provide chat continuity based on your subscription tier.
• Mood Check-In Data: Your selected emotional states and timestamps.
• Support Communications: Any emails or messages you send to our support team.

4.2 Information Collected Automatically

• Usage Data: Feature interactions, session frequency, and daily usage counters (e.g., number of AI chat messages sent).
• Subscription & Purchase History: Your active subscription tier (Free, Premium, Plus, or Pro), billing history, and entitlement status. This is managed through RevenueCat (see Section 8) and Stripe.
• Device Information: Device type, operating system version, and app version, used for debugging and compatibility.
• Crash Reports & Diagnostics: Anonymized crash data collected via Firebase Crashlytics to improve app stability.

4.3 Information We Do NOT Collect

• We do not collect your location data.
• We do not access your device contacts, camera, or microphone (unless you explicitly grant permission for a specific feature).
• We do not collect or store full payment card details. Payment processing is handled entirely by Stripe.
• We do not collect or process Protected Health Information (PHI) as defined under HIPAA.
• We do not sell or rent your personal data to any third parties for advertising.

5. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the MarrowMind application and its features
• Authenticate your identity and manage your account securely
• Process subscription payments and manage your access to paid features
• Enforce daily usage limits (e.g., AI chat message caps) based on your subscription tier
• Respond to your support requests and customer service inquiries
• Send transactional emails (e.g., subscription confirmations, password resets)
• Detect, prevent, and address fraud, abuse, or security issues
• Analyze aggregate, anonymized usage patterns to improve features
• Comply with applicable laws and legal obligations

We do not use your data to train AI/ML models without explicit opt-in consent, and we do not use your personal wellness content (journal entries, mood data) for advertising purposes.

6. Legal Basis for Processing (GDPR / Applicable Law)

Where required by applicable law, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the service you have subscribed to
• Legitimate Interests: App security, fraud prevention, and product improvement
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Where we ask for your explicit consent (e.g., marketing communications)

7. Data Sharing

We do not sell your personal data. We share data with third parties only in the following limited circumstances:

• Service Providers: Trusted vendors who help us operate the service (listed in Section 8)
• Legal Requirements: When required to comply with applicable law, a court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change
• Safety: When we believe disclosure is necessary to protect the safety of any person

8. Third-Party Service Providers (Data Processors)

MarrowMind uses the following carefully selected third-party processors. Each is bound by their own privacy policy and our data processing agreements.

8.1 Google Firebase (Authentication & Database)

We use Google Firebase (a Google LLC service) for two core functions:

• Firebase Authentication: Manages secure user login, password handling, and "Sign in with Apple" / "Sign in with Google" flows. Firebase stores your email address and authentication tokens.
• Cloud Firestore: A NoSQL database that stores your user profile, subscription entitlement status, usage counters (e.g., daily chat messages sent), journal entries, and mood data. All data is scoped to your unique User ID and is not accessible by other users.
• Firebase Crashlytics: Collects anonymized crash reports and diagnostics to help us fix bugs.

Privacy Policy: firebase.google.com/support/privacy

8.2 RevenueCat (Subscription Management)

We use RevenueCat, Inc. to manage in-app subscription entitlements and purchase validation across iOS (App Store) and Android (Google Play). RevenueCat receives your anonymized App User ID (your Firebase UID) and your subscription status to determine which app features you are entitled to access.

RevenueCat does not receive your journal entries, mood data, or chat messages.

Privacy Policy: revenuecat.com/privacy

8.3 Stripe (Payment Processing)

Stripe, Inc. processes all subscription payments made through our website. Stripe collects your payment card details, billing address, and email address directly. We do not store full payment card numbers. Stripe is PCI-DSS compliant.

Privacy Policy: stripe.com/privacy

8.4 OpenAI (AI Chat Feature)

The AI chat feature is powered by OpenAI, L.L.C. Chat messages you send are transmitted to OpenAI's API to generate responses. OpenAI processes this data in accordance with their API usage policies. We do not share your name or email with OpenAI; messages are identified by an anonymous session context only.

Privacy Policy: openai.com/privacy

8.5 Google Cloud (Backend Infrastructure)

Our backend API runs on Google Cloud Run, a serverless container platform. All data transmitted between the app and our API is encrypted in transit using TLS 1.2+.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. Specific retention periods:

• Account data (email, profile): Retained for the life of your account. Deleted within 30 days of a verified account deletion request.
• Journal entries and mood data: Retained for the life of your account. Deleted within 30 days of account deletion.
• Chat message history: Active chat history retained based on subscription tier (Plus: 30 days rolling; Pro: 90 days rolling). Deleted within 30 days of account deletion.
• Usage counters (e.g., daily message counts): Retained for 12 months for billing verification, then deleted.
• Payment and billing records: Retained for 7 years as required by financial regulations. Stripe manages payment data retention independently per their policy.
• Crash and diagnostic logs: Retained for 90 days, then automatically purged.
• Support communications: Retained for 2 years from the date of the last interaction.

10. Account Deletion & Data Erasure

How to Delete Your Account

You may request account deletion through either of the following methods:

• In-App: Navigate to Settings → Account → Delete Account. This initiates immediate deletion.
• By Email: Send a request to here-to-support@marrowmind.com with the subject line "Account Deletion Request" and the email address associated with your account.

What Happens When You Delete Your Account

• Your user profile, email address, and authentication credentials are permanently deleted from Firebase within 30 days.
• All journal entries, mood data, and chat history are permanently deleted from Cloud Firestore within 30 days.
• Your subscription entitlement is cancelled in RevenueCat and Stripe (if applicable). If you have an active subscription, cancellation takes effect at the end of the current billing period.
• Anonymized, aggregated analytics data (which cannot be linked back to you) may be retained.
• Financial transaction records required by law are retained for 7 years per applicable regulations.

We will confirm deletion via email within 5 business days of receiving a valid deletion request. Deletion is irreversible — we cannot recover your data after deletion is complete.

11. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (see Section 10)
• Right to Restriction: Request that we limit how we process your data
• Right to Data Portability: Request your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Opt-Out of Sale: We do not sell your data — this right is automatically satisfied
• California Residents (CCPA): All of the above rights apply. We do not sell personal information as defined under the CCPA.

To exercise any of these rights, contact us at info@marrowmind.com. We will respond within 30 days (or the period required by applicable law).

12. Children's Privacy

MarrowMind is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us at info@marrowmind.com and we will delete it promptly.

13. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted between the app and our servers is encrypted using TLS 1.2 or higher
• Data at rest in Cloud Firestore is encrypted using AES-256
• Firebase Authentication uses secure, industry-standard protocols (OAuth 2.0)
• Access to our backend systems is restricted to authorized personnel only
• Firestore Security Rules enforce strict per-user data isolation — no user can access another user's data

No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

14. International Data Transfers

Your data is primarily stored on Google Cloud servers located in the United States. If you are located outside the United States, your data may be transferred to and processed in the United States, which may have different data protection laws than your country. By using MarrowMind, you consent to this transfer. Where required by law, we implement appropriate safeguards such as Standard Contractual Clauses.

15. Cookies and Tracking

The MarrowMind mobile app does not use cookies. The marrowmind.com website may use essential cookies for basic functionality (e.g., form submissions). We do not use advertising cookies or cross-site tracking technologies on our website.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Send a notification via email to registered users
• Display an in-app notice for significant changes

Your continued use of MarrowMind after changes become effective constitutes acceptance of the updated policy.

17. Contact Us

For any privacy-related questions, data requests, or concerns, please contact us:

• Privacy & General Inquiries: info@marrowmind.com
• Support & Account Deletion: here-to-support@marrowmind.com
• Company: Empire Eats Games LLC