Privacy Policy

Last updated: 2026-06-03

BeeCome is a personal-growth app. It exists to help you reflect, not to collect data about you. This policy is a faithful description of what the app actually does with your information — written by the engineer who wrote the code, so it stays accurate.

What we collect

When you create an account, we collect:

• Your email address. That’s it.

That’s all. We do not collect your name, your date of birth, your location, your contacts, your phone number, your device’s unique identifier, your IP-based analytics, or any third-party identifier.

What we don’t collect (deliberately)

• No journal content on our servers in readable form. Your journal entries are encrypted on your device with AES-GCM-256 before they leave your phone. Our servers store the encrypted blobs and never hold the keys. If a determined attacker stole our database, they would see ciphertext — not your journals.
• No analytics SDKs. BeeCome has no Google Analytics, no Mixpanel, no Segment, no Amplitude, no Sentry, no Crashlytics, no FullStory, no PostHog. None.
• No advertising. BeeCome shows no ads, contains no ad SDKs, and shares no data with ad networks.
• No social-login or contact-import. You sign up with email and a password; you never connect Facebook, Google, Apple, or your contacts.
• No location. The app never asks for or accesses your location.
• No usage telemetry beyond what’s needed to run the app. We do not record screen-views, button-clicks, or time-spent metrics outside the journal entries you yourself write.

How your journal entries are protected

1. On your device. Journal entries are stored locally in SQLite, encrypted with AES-GCM-256. The encryption key lives in your device’s secure storage (iOS Keychain via expo-secure-store).
2. In transit to our server. Already-encrypted ciphertext (plus the initialization vector and GCM authentication tag) is sent over HTTPS. The plaintext journal text never leaves your device in unencrypted form when syncing.
3. At rest on our server. PostgreSQL stores the ciphertext as-is. We do not hold your decryption key; we cannot read your journals.

How the AI coach works (the one exception)

When you write a journal entry, you can ask the AI coach to reflect on it. To produce a reflection, the coach needs to read your entry. Here is exactly what happens:

1. Your device sends the plaintext of that single entry, plus your mood and the practice day, to our server over HTTPS — transiently, only for the duration of the request.
2. Our server assembles a prompt and sends it to Anthropic’s Claude API.
3. Anthropic generates a reflection and returns it.
4. Our server returns the reflection to your device.
5. Our server does not store the plaintext journal text. The transient plaintext is held in memory only for the duration of the API call; the persistent record on our server remains the encrypted ciphertext from sync.

Anthropic’s API operates under their own privacy terms. As of this writing, Anthropic does not use data submitted through its commercial API to train its models. Under Anthropic’s standard API terms, inputs and outputs may be retained for a limited period (up to 30 days) for trust-and-safety purposes and are then deleted. See anthropic.com/legal for their current terms.

If you do not use the AI coach for a given entry, no plaintext leaves your device for that entry.

Account deletion

BeeCome supports full account deletion from inside the app. Go to Settings → Delete Account. When you confirm, we:

1. Atomically delete every event, trace, profile, and authentication record associated with your account on our server.
2. Wipe the local SQLite database and the encryption key from your device’s secure storage.

Deletion is immediate and irreversible. We do not retain backups of deleted accounts.

Children

BeeCome is not designed for or directed at children under 13. We do not knowingly collect any data from children under 13.

Changes to this policy

If we change what data the app collects or how we handle it, we will update this page before the change ships. The “Last updated” date at the top reflects the most recent change.

Contact

Questions about this policy or about your data? Email suren@kr8it.com.