Privacy Policy
Effective Date: May 14, 2026
1. Introduction
This Privacy Policy explains how WITHIN U LLC, doing business as WITHIN U (“WITHIN U,” “we,” “us,” or “our”), collects, uses, stores, discloses, protects, and otherwise processes information when you access or use the WITHIN U mobile application, website, AI-enabled features, behavioral insight systems, community features, subscriptions, communications, and related services collectively referred to as the “Service.”
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Service.
WITHIN U is designed as a gamified accountability, self-reflection, habit-awareness, and behavioral-support platform. It is not a medical, psychiatric, therapeutic, diagnostic, crisis-response, or healthcare service. Information collected through the Service may relate to sensitive personal habits, emotional states, self-reported experiences, behavioral patterns, triggers, cravings, routines, progress, setbacks, and wellness-oriented reflections. Such information is used to operate the Service, support self-monitoring, generate non-clinical insights, improve platform functionality, personalize user experience where available, maintain safety, and comply with applicable legal obligations.
2. Information We Collect
WITHIN U may collect information that you provide directly, information generated through your use of the Service, information collected automatically from your device, and information received from third-party services such as app stores, payment providers, analytics providers, authentication providers, or cloud infrastructure services.
Information you provide may include your name, email address, username, login credentials, account settings, survey responses, journal entries, reflections, self-reported symptoms, habit logs, trigger logs, streak data, emotional check-ins, goals, progress entries, community posts, messages, support requests, feedback, and other information you choose to submit through the Service.
Information generated through use of the Service may include your interactions with features, completion of tasks, usage history, engagement patterns, progress metrics, behavioral trends, streak activity, AI interactions, generated insights, subscription status, app activity, and similar information relating to how you use the Service. Where community features are available, we may also process content you post, reactions, reports, moderation history, and interactions with other users.
Information collected automatically may include device type, operating system, app version, IP address, approximate location derived from technical data, crash logs, diagnostics, performance data, usage analytics, referral source, session activity, and similar technical information. This information helps us maintain, secure, debug, improve, and optimize the Service.
3. Sensitive Information and Behavioral Data
Because WITHIN U is focused on self-reflection, habit awareness, and behavioral accountability, some information users provide may be sensitive in nature. This may include self-reported information about compulsive behavior, emotional distress, cravings, triggers, relapse patterns, shame, avoidance, addiction-related concerns, mental well-being, personal struggles, and other private experiences.
WITHIN U treats this type of information carefully and uses it only for purposes consistent with the Service, this Privacy Policy, applicable law, and user settings where available. This information may currently be used primarily to allow users to monitor their own experiences, symptoms, habits, triggers, progress, and setbacks. Over time, it may also be used to support personalization, adaptive recommendations, AI-assisted reflections, safety systems, behavioral insights, content recommendations, and platform improvement.
WITHIN U does not sell personal information to third-party advertisers. If we ever engage in a practice that legally qualifies as a “sale” or “sharing” of personal information under applicable privacy law, we will provide the required disclosures, notices, and opt-out mechanisms. California privacy law gives consumers rights to know, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising those rights.
4. How We Use Information
WITHIN U may use collected information to operate the Service, create and maintain accounts, authenticate users, provide app functionality, process subscriptions, support accountless or device-based access, generate Behavioral Insights, display progress, maintain streaks, provide AI-enabled features, personalize user experience, respond to support requests, improve product design, analyze performance, prevent abuse, enforce Terms, moderate community features, detect fraud, maintain security, comply with law, and develop future features.
User data may be used to generate non-clinical scores, ranges, classifications, trends, pattern indicators, or other Behavioral Insights. These insights are intended for self-reflection, habit awareness, educational interpretation, motivational support, and gamified accountability. They are not medical diagnoses, psychiatric evaluations, therapeutic conclusions, or healthcare determinations.
WITHIN U may also use information to personalize the Service. Personalization may affect prompts, reminders, reflections, AI-generated responses, story progression, content recommendations, behavioral nudges, challenges, educational pathways, or safety-related interventions. Personalization systems may be incomplete, experimental, automated, or contextually limited, and WITHIN U does not guarantee that personalized content will always be accurate, useful, appropriate, or beneficial.
5. AI Features and Automated Processing
WITHIN U may use artificial intelligence systems, automated recommendation systems, behavioral modeling systems, moderation tools, summarization tools, conversational systems, or other automated technologies to provide parts of the Service. These systems may process user inputs, journal entries, survey answers, behavioral logs, progress data, community content, or other information submitted through or generated by the Service.
AI systems may generate recommendations, reflections, summaries, insights, classifications, motivational content, educational prompts, or adaptive experiences. These outputs may be inaccurate, incomplete, generalized, emotionally inappropriate, outdated, biased, misleading, or unsuitable for a user’s particular circumstances. AI features are not medical professionals, therapists, crisis responders, or emergency services.
We may monitor, log, review, filter, restrict, modify, disable, or redesign AI features to improve safety, quality, legal compliance, moderation, abuse prevention, performance, and platform integrity. Where required by law, we will provide additional transparency or choices regarding automated processing.
6. Subscriptions, Payments, and App Store Information
If you purchase a subscription or paid feature, payment may be processed by Apple, Google, Stripe, RevenueCat, or another authorized payment provider. WITHIN U may receive limited information about subscription status, product purchased, renewal status, cancellation status, trial eligibility, purchase history, transaction identifiers, and related billing metadata. We generally do not receive full payment card numbers where payments are processed by third-party payment providers.
Your purchase may also be subject to the privacy practices and terms of the applicable app store or payment provider. WITHIN U is not responsible for the privacy practices, billing systems, security practices, refund policies, or data handling of third-party payment providers.
7. Community Features and User Content
If WITHIN U offers community features, messaging, comments, posts, reactions, accountability groups, shared reflections, or similar social functions, information you submit to those areas may be visible to other users depending on the feature design and your settings. You should not post information in community areas that you do not want other users to see.
WITHIN U may process community content to operate the community, enforce community standards, respond to reports, prevent abuse, protect users, investigate violations, moderate content, and comply with legal obligations. We may use automated moderation tools, human review, user reports, account restrictions, content removal, or other safety measures where appropriate.
Community content may also create privacy risks because other users may view, screenshot, copy, share, misuse, or disclose information you choose to post. WITHIN U cannot control what other users do with information you voluntarily share in community areas.
8. How We Share Information
WITHIN U may share information with service providers, vendors, contractors, infrastructure providers, analytics providers, payment processors, AI providers, moderation providers, security providers, customer support tools, legal advisors, business partners, and other third parties who help us operate, secure, improve, and provide the Service.
We may also disclose information where necessary to comply with law, respond to legal process, enforce our Terms, investigate fraud or abuse, protect the safety of users or others, prevent harm, defend legal claims, protect our rights, or respond to security incidents. If WITHIN U is involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or business transfer, information may be transferred as part of that transaction, subject to applicable law.
WITHIN U does not sell personal information to third-party advertisers. We also do not use user health, behavioral, or self-reflection data for third-party advertising targeting unless clearly disclosed and permitted by applicable law and platform rules. Apple treats health, fitness, and medical-related data as especially sensitive in its app review framework, and its guidelines place restrictions on use of such data for advertising, marketing, and certain forms of data mining.
9. Data Retention
WITHIN U retains information for as long as reasonably necessary to provide the Service, maintain accounts, support subscriptions, preserve user progress, operate safety and moderation systems, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, improve the Service, and fulfill the purposes described in this Privacy Policy.
Retention periods may vary depending on the type of information, the feature involved, legal requirements, user settings, account status, subscription status, safety concerns, technical constraints, and legitimate business needs. If you request deletion of your account or personal information, we will process the request in accordance with applicable law, but certain information may be retained where necessary for legal compliance, security, fraud prevention, dispute resolution, accounting, backup integrity, or enforcement of our Terms.
10. Security
WITHIN U uses reasonable administrative, technical, and organizational measures designed to protect information from unauthorized access, misuse, loss, disclosure, alteration, and destruction. These measures may include access controls, encryption where appropriate, secure infrastructure practices, authentication systems, monitoring, logging, vendor review, and other security safeguards.
No app, website, server, cloud platform, database, transmission method, AI system, or digital service can be guaranteed completely secure. Users acknowledge that information transmitted or stored through the Service may be exposed to risks such as unauthorized access, cyberattacks, human error, third-party incidents, technical failures, or other security events.
If WITHIN U becomes aware of a security incident requiring notice under applicable law, we will provide notices as required. The FTC’s Health Breach Notification Rule may apply to certain health apps and connected technologies that are not covered by HIPAA when there is an unauthorized disclosure of unsecured health-related information.
11. User Choices and Privacy Rights
Depending on your jurisdiction, you may have rights to access, delete, correct, export, restrict, object to, or limit the use of certain personal information. You may also have the right to opt out of certain data sharing, targeted advertising, sale of personal information, or use of sensitive personal information where applicable law provides such rights.
California residents may have rights under the CCPA, as amended by the CPRA, including the right to know what personal information a business collects and how it is used or shared, the right to delete personal information, the right to opt out of sale or sharing, the right to correct inaccurate information, the right to limit certain uses of sensitive personal information, and the right not to be discriminated against for exercising privacy rights.
To exercise available privacy rights, users may contact WITHIN U at the contact information listed below. We may need to verify your identity before fulfilling certain requests. If you make a request through an authorized agent, we may require proof that the agent is authorized to act on your behalf, consistent with applicable law.
12. Children and Minors
The Service is intended for users who are at least sixteen (16) years old. WITHIN U does not knowingly collect personal information from individuals under sixteen (16). If we learn that we have collected personal information from a user under sixteen (16) without appropriate consent where required, we may delete the information, restrict access, or take other appropriate steps.
If a user is at least sixteen (16) but under eighteen (18), or under the age of legal majority in their jurisdiction, use of the Service may require the knowledge, supervision, and consent of a parent or legal guardian to the extent required by applicable law.
13. International Users
WITHIN U may process and store information in the United States and other countries where we or our service providers operate. Privacy laws in those countries may differ from the laws of your place of residence. By using the Service, you acknowledge that your information may be transferred, stored, and processed outside your country of residence in accordance with this Privacy Policy and applicable law.
14. Third-Party Links and Services
The Service may contain links to third-party websites, app stores, payment providers, authentication systems, support tools, analytics providers, AI providers, or other external services. This Privacy Policy does not govern the privacy practices of third parties. Users should review the privacy policies and terms of any third-party services they use.
WITHIN U is not responsible for the privacy practices, content, security, availability, accuracy, or policies of third-party services.
15. Changes to This Privacy Policy
WITHIN U may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Service, the app, the website, email, in-app messaging, or other reasonable means. The updated Privacy Policy will be effective as of the date stated at the top unless otherwise required by law.
Continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy. If you do not agree with the updated Privacy Policy, you should stop using the Service.