Privacy Policy

Unspiral | AI Emotional Coaching App · Last updated: February 2026

1. Introduction

Welcome to Unspiral. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Unspiral mobile application (“the App”). Unspiral is an AI-powered emotional coaching tool designed to help you decode emotional patterns and build self-awareness through structured conversation.

We are committed to protecting your privacy and handling your data transparently, in full compliance with the General Data Protection Regulation (GDPR) and applicable Portuguese and European Union data protection laws.

By using Unspiral, you agree to the collection and use of your data as described in this policy. If you do not agree, please do not use the App.

2. Data Controller

The data controller responsible for your personal data is:

Leaplane, Lda
Portugal

For any privacy-related inquiries, please contact us at: support@unspiral.co

3. Data We Collect

3.1 Account Information

  • Email address (provided via Google OAuth or email sign-in)
  • Display name (provided via Google OAuth)
  • Profile avatar URL (provided via Google OAuth)
  • Account creation date

3.2 Conversations

  • Messages you send to the AI coach
  • Messages the AI coach sends to you
  • Emotion selections you make during conversations (e.g., emotion bubbles, quick replies)
  • Conversation metadata (start time, end time, status)

3.3 Journal Entries

  • AI-generated summaries of your conversations
  • Emotion classifications (primary and secondary emotions, intensity)
  • Signal classifications (intuition, anxiety response, intrusive thought, avoidance, emotional processing)
  • Classification reasoning
  • Identified threatened needs
  • Suggested actions
  • Thematic tags

3.4 User Memories

  • Persistent facts saved by the AI coach during your conversations (e.g., recurring patterns, personal context, stated preferences)
  • Memory category and creation timestamps

3.5 Usage Data

  • Timestamps of interactions (conversation starts, message sends, feature usage)

4. How We Use Your Data

  • Provide the coaching service: Process your messages, generate AI coach responses, and classify emotional signals during conversations.
  • Generate journal entries: Automatically create structured journal summaries from completed conversations.
  • Maintain conversation memory: Store persistent context so the AI coach can reference relevant details across conversations, providing more personalized and continuous support.
  • Improve the experience: Understand usage patterns to refine the coaching flow, improve AI responses, and enhance app features.

We do not sell your personal data. We do not use your data for advertising or marketing purposes.

5. Third-Party Data Processors

Anthropic (Claude AI)

Purpose: AI processing of conversations, emotion classification, journal generation, and memory management.

Data shared: Conversation messages, emotion selections, and user memories (included in conversation context).

Important: Anthropic does not use data submitted via their API to train their AI models. Your conversations are not used to improve Anthropic's general models.

Supabase

Purpose: Database hosting, user authentication, and Edge Function execution.

Data shared: All data listed in Section 3 is stored in Supabase-managed PostgreSQL databases.

Infrastructure: Hosted on Amazon Web Services (AWS).

Google

Purpose: OAuth authentication only.

Data shared: We receive your email, display name, and avatar URL from Google during sign-in. No conversation data, journal entries, or other app data is shared with Google.

6. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

  • Consent (Art. 6(1)(a)): You provide explicit consent to AI-powered emotional coaching during the onboarding process. You may withdraw this consent at any time.
  • Contract performance (Art. 6(1)(b)): Processing is necessary to provide the coaching service you have requested by creating an account and using the App.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of all personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure: You may delete your account at any time through the in-app settings. Account deletion triggers permanent removal of all your data, including conversations, journal entries, and user memories.
  • Right to data portability: You may request your data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: You may withdraw your consent to data processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).

To exercise any of these rights, contact us at support@unspiral.co.

8. Data Retention

Your personal data is retained for as long as your account remains active. When you delete your account:

  • All conversations, messages, journal entries, user memories, and account data are permanently and irreversibly deleted from all systems.
  • Deletion is a hard delete, not a soft delete. We do not retain backups of individual user data after account deletion.

9. Children's Policy

Unspiral is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete that data. If you believe a child under 13 has provided us with personal data, please contact us at support@unspiral.co.

10. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS (Transport Layer Security).
  • Encryption at rest: Data stored in our databases is encrypted at rest.
  • Authentication security: We use OAuth 2.0 with PKCE (Proof Key for Code Exchange) and email OTP for authentication. We do not store passwords.
  • Access controls: Access to production data is restricted and monitored.

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your data may be transferred to and processed in the United States, where our infrastructure providers (Supabase/AWS, Anthropic) operate. These transfers are conducted in compliance with GDPR requirements, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App. Your continued use of Unspiral after such notification constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@unspiral.co

Data Controller:
Leaplane, Lda
Portugal