Privacy Policy for MyVase

LAST UPDATED: April 15, 2026

This privacy notice for MyVase LLC ("we," "us," or "our") describes how and why we might collect, store, use, and/or process your information when you use our services, including our mobile applications, App Clips, website at myvase.app, and any other products or services we offer now or in the future (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy.

1. WHAT INFORMATION DO WE COLLECT?

MyVase is built on a local-first privacy architecture. This means all of your personal session data stays on your device. We do not have access to it.

A. Information Stored ONLY on Your Device (Local Data)

This is your private data. It is stored in the app's secure container on your device and never transmitted to our servers. This may include:

• Session Data: Session type, duration, completion status, timestamps, and interaction coordinates.
• User Settings: Audio, notification, display, and scheduling preferences (such as alarm times or daily cutoff settings).
• Usage Tracking: Local-only counters for session history and usage limits.
• Audio Recordings: If a feature involves recording your voice, the recording is stored exclusively on your device and is never uploaded, transmitted, or accessible to us.
• Subscription Status: A local copy of your current tier and expiration date, validated by the platform's purchase verification system (e.g., Apple StoreKit).

B. Information Stored on Our Servers (Authentication Data)

To provide account services, we collect the following minimal data using Firebase Authentication:

• User ID: A unique identifier assigned by Firebase.
• Authentication Provider: The method you used (e.g., email/password, Apple Sign In).
• Email Address: Your email address, only if you use email/password login.
• Timestamps: Your account creation date and last sign-in timestamp.

C. Information Collected via Our Website

When you join our waitlist at myvase.app, we collect your email address through a Google Forms submission. This email is used solely to notify you of product availability and updates. It is stored in Google Sheets (operated by Google LLC) and is not shared with any other third parties, sold, or used for advertising.

D. How Data is Handled by User Tier

• Guest Users: All data is stored locally. Session data is automatically deleted after 7 days.
• Registered Free Users: Authentication data is stored on Firebase. Session data is stored locally and permanently (until you delete the app).
• Premium Subscribers: Same as Registered Free Users.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your information for very limited purposes:

• Local Data is processed on your device to provide app features such as session history, usage limits, scheduling, and personalization.
• Server Data (Authentication) is processed only to allow you to sign in, sign out, and manage your account.
• Website Data (Waitlist) is processed only to send you product updates when you have opted in.

3. WHAT LEGAL BASES DO WE RELY ON?

• Contractual Necessity: We process your Authentication Data to fulfill our agreement with you — to provide a working app, verify your identity, and validate your subscription.
• Legitimate Interest: We have a legitimate business interest in processing anonymous usage and diagnostics data to fix crashes and improve our products.
• Consent: If you opt in to our waitlist or marketing emails, we will use your email address based on your explicit consent, which you can withdraw at any time.

4. WHEN AND WITH WHOM DO WE SHARE YOUR INFORMATION?

We do not sell your data. We only disclose minimal data to the essential service providers needed to run our Services:

• Firebase Authentication (Google LLC): We disclose your email (if used) and authentication tokens to Firebase only for the purpose of logging you in. They do not receive any of your session data.
• Platform Providers (e.g., Apple Inc., Google LLC): If you use a platform sign-in option (such as "Sign in with Apple"), we receive a platform-provided user ID and optional email. If you subscribe or make a purchase, the platform processes your payment. We never see your credit card or financial data. We only receive a digital receipt to validate your purchase.
• Google Forms / Google Sheets (Google LLC): If you join our waitlist, your email address is submitted to Google Forms and stored in Google Sheets.

5. DO WE USE COOKIES OR TRACKING TECHNOLOGIES?

No. We do not use advertising identifiers, cookies, web beacons, or any other technology for tracking or analytics on our website or in our apps.

Firebase Authentication uses secure tokens to keep you logged in. These are a necessary part of account security and are not used for tracking or advertising.

6. HOW DO WE HANDLE SOCIAL LOGINS?

We may offer platform sign-in options such as "Sign in with Apple" or "Sign in with Google." If you use one of these, we receive a platform-provided User ID and your email (either your real one or a private relay, based on your choice). This information is used only for account creation and authentication.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

• Local Data (Guests): Automatically deleted from your device after 7 days.
• Local Data (Registered/Premium): Stored on your device permanently, until you delete the app.
• Server Data (Authentication): Kept for as long as your account is active. If you delete your account, this data is permanently deleted from our servers.
• Waitlist Data: Kept until you request removal or we complete the waitlist campaign, whichever comes first.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

We protect your data in two ways:

1. By Not Collecting It: Your sensitive session data, preferences, and any audio recordings never leave your device.
2. By Securing What We Must: The minimal Authentication Data we store is managed by Google's Firebase, which uses industry-standard security measures (encryption in transit and at rest).

9. DO WE COLLECT INFORMATION FROM MINORS?

Our Services are not marketed to or intended for children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect any data from children under 13. If we learn we have inadvertently collected data from a child under 13, we will delete it.

10. WHAT ARE YOUR PRIVACY RIGHTS?

• Right to Access & Portability: You have full access to your session data at all times, as it is stored on your own device.
• Right to Correction: You can update your account email (if applicable) through the app settings.
• Right to Deletion: You have multiple forms of deletion:
  1. Account Deletion: Delete your server-side authentication data using the "Delete Account" feature in the app's settings.
  2. Full Data Erasure: Delete all local data by uninstalling the app from your device.
  3. Waitlist Removal: Email us at cecilia@myvase.app to be removed from the waitlist.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

We do not track our users in any way. "Do-Not-Track" (DNT) signals are not applicable to our Services.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes (CCPA/CPRA). As a California resident, you have the right to know what data is collected.

• We DO NOT "sell" your personal information.
• We DO NOT "share" your personal information for cross-context behavioral advertising.
• Right to Know/Access: You have the right to request what personal information we collect, use, and disclose.
• Right to Delete: You have the right to request the deletion of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

Yes (GDPR/UK GDPR). As a resident of the EEA or UK, you have rights to access, rectification, erasure, and portability of your data, as described in Section 10.

14. DATA WE DO NOT COLLECT

We are a privacy-first utility. We NEVER collect:

• Usage analytics (beyond your local-only session counters)
• Location data
• Advertising identifiers (IDFA)
• Contact lists, photos, or camera access
• Your audio recordings (these stay on your device)
• Device fingerprinting or cross-app tracking data

15. APP PURPOSE & DISCLAIMERS

MyVase is an emotional performance utility, not a medical device. Our apps are productivity tools designed to help professionals mentally transition and decompress.

They are not intended to diagnose, treat, cure, or prevent any disease or mental health condition. Our apps are not a replacement for professional therapy or medical advice.

Never disregard professional advice because of something you have experienced in our apps. If you are experiencing a mental health crisis, please contact your local emergency services.

16. DO WE MAKE UPDATES TO THIS NOTICE?

Yes. We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any changes by posting the new policy and updating the "LAST UPDATED" date. For significant changes, we may also notify you via email or an in-app notification.

17. HOW CAN YOU CONTACT US?

If you have any questions or comments about this policy, you may contact us at:

Email: cecilia@myvase.app

MyVase LLC
30 N Gould St Ste N
Sheridan, WY 82801
United States

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?

• Review/Update: You can review your session data in the app. You can update your email (if used) in the account settings.
• Delete:
  1. To delete your server authentication account, use the "Delete Account" button in the app's settings.
  2. To delete all your local data, uninstall the app from your device.
  3. To be removed from the waitlist, email cecilia@myvase.app.