We Unearthed LLC ("Company," "we," "us," or "our") operates the We Unearthed mobile application (the "App"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our App, and informs you about your privacy rights and how the law protects you. We built We Unearthed as a safe, intentional space for women of color and Muslim women. Protecting your privacy and the trust you place in us is central to everything we do.
1. Privacy Policy Uses
This Privacy Policy applies to all information collected through our mobile application ("We Unearthed"), our website (weunearthed.com), and any related services, features, or content we offer (collectively, the "Services").
By downloading, accessing, or using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.
This Privacy Policy does not apply to information collected by third parties, including any websites, services, or applications that may be linked from within the App. We encourage you to review the privacy policies of any third-party services you interact with.
2. User Information
We collect different types of information depending on how you interact with the App. Importantly, we distinguish between data stored on our servers and data that remains exclusively on your device.
Data Stored on Our Servers
| Category | Examples | Collected |
|---|---|---|
| Account Identifiers | Email address, username, encrypted password, authentication provider ID (Google, Apple) | Yes |
| Identity & Personalization | Faith background, life stage, archetype quiz results, identity tags (all optional) | Yes (optional) |
| Reproductive Health Settings | Cycle tracking preferences, cycle length, period start dates, perimenopause status (opt-in only) | Yes (optional) |
| Usage & Interaction Data | Ritual completion counts, feature usage, session timestamps, streak data | Yes |
| Device & Technical Data | Device type, operating system, push notification tokens, app version, timezone | Yes |
| Financial Data | Subscription status only (all payment processing handled entirely by Apple App Store and Google Play Store — we never collect or store payment card details) | Limited |
Data That Stays on Your Device Only
| Category | Examples | Stored on Our Servers? |
|---|---|---|
| Journal Entries | Written expressions, voice-to-text transcriptions, photo reflections | No — device only |
| Reflections & Responses | Your personal reflection answers and self-discovery responses | No — device only |
| AI-Generated Content | Personalized reflections, wisdom, and insights generated for you | No — device only |
3. Collection of Information
Information You Provide Directly
We collect information you voluntarily provide when you create an account, complete onboarding (including optional identity tags, archetype quiz, and cycle tracking setup), update your profile or account settings, contact us for support, or respond to surveys or feedback requests.
Information Collected Automatically
When you use the App, we automatically collect certain technical and usage data, including your device type and operating system version, app usage patterns and feature interactions, ritual completion counts and session timestamps (not the content of your entries), timezone information (used to deliver time-appropriate content), and push notification tokens (if you grant permission).
Information from Third-Party Services
If you choose to sign in using a third-party authentication provider (Google or Apple Sign-In), we receive limited profile information from that provider, typically your email address and name. We do not access your contacts, social media profiles, or other data from these providers.
Information Processed Transiently by AI
When you complete a daily ritual, your journal entries and responses are sent directly from your device to third-party AI providers (Anthropic Claude as the primary provider, OpenAI as a backup) for real-time processing. These providers generate personalized reflections, wisdom, and insights which are returned to your device. This data passes through our servers only in transit — it is not logged, stored, or retained on our servers. The AI providers process your data according to their data processing agreements and do not use your entries for model training.
Information We Do Not Collect
We do not collect or store the content of your journal entries or written expressions, your voice recordings or voice-to-text transcriptions, your photos or photo analysis results, the specific text of AI-generated reflections and wisdom delivered to you, your location data (GPS, IP-based geolocation), or contacts, call logs, or other device data unrelated to the App.
4. Use of Information
We use the information we collect for the following purposes:
| Purpose | Description |
|---|---|
| Account Management | Create and maintain your account, authenticate your identity, and manage your subscription |
| Personalization | Tailor content based on your identity tags, faith background, archetype, and cycle phase (if opted in); surface culturally relevant wisdom |
| Cycle-Aware Features | If opted in, provide menstrual cycle tracking, phase-specific content, and cycle-correlated insights |
| Communications | Send push notifications (with your permission), deliver account-related communications, and respond to support requests |
| App Improvement | Understand usage patterns (not content) to improve features, fix bugs, and develop new functionality |
| Safety & Security | Protect against unauthorized access, maintain data integrity, and enforce our Terms of Service |
We do not use your information to sell or rent your data to third parties, build advertising profiles, make automated decisions that produce legal effects, train AI models on your personal data, or read, analyze, or mine the content of your journal entries on our servers (because we don't have them).
5. Disclosure of Information
We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:
Service Providers
We work with trusted third-party service providers who assist us in operating the App. These providers are contractually obligated to protect your data and may only use it for the specific purposes we engage them for:
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway | Backend hosting & infrastructure | Account data, settings, usage metadata (encrypted in transit and at rest). No journal content. |
| Supabase | User authentication | Email, authentication tokens |
| Anthropic (Claude) | Primary AI processing | Journal entries sent in real-time for processing only — not stored by us or retained by Anthropic for training |
| OpenAI | Backup AI processing | Journal entries sent in real-time during failover only — not stored by us or retained by OpenAI for training |
| Apple App Store / Google Play Store | Subscription & payment processing | Subscription status (they handle all payment data directly) |
| Expo (EAS) | App updates & delivery | Device type, app version |
Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request. Note that because we do not store journal entries on our servers, we cannot disclose content we do not possess.
Business Transfers
If We Unearthed LLC is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a different privacy policy.
6. Use of Tracking Technologies
What We Use
We Unearthed is designed with minimal tracking. We do not use third-party advertising trackers, cross-app tracking identifiers, or fingerprinting technologies.
The tracking technologies we do use are limited to:
- Authentication Tokens: Secure JSON Web Tokens (JWTs) stored on your device to keep you signed in. These are required for the App to function and expire periodically for security.
- Local Device Storage: Journal entries, reflections, and AI-generated content are stored locally on your device. We also cache minimal preferences and session data to improve app performance.
- Push Notification Tokens: If you opt in to push notifications, a device-specific token is stored to deliver notifications. You can revoke this permission at any time through your device settings.
What We Do Not Use
We do not use cookies (the App is a native mobile application), third-party analytics SDKs that track users across apps, advertising identifiers (IDFA/GAID), social media tracking pixels, or server-side logging of journal or reflection content.
Do Not Track
We honor Do Not Track (DNT) signals. Since we do not engage in cross-site or cross-app tracking, no changes to our data practices are needed when a DNT signal is detected.
7. US Considerations
If you are a resident of the United States, you may have additional rights under state privacy laws. This section provides information specific to US-based users.
California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information:
- Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
- Sensitive Personal Information: We collect sensitive personal information (reproductive health settings, faith background) solely to provide the App's core functionality. We do not use this data for profiling or advertising.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
Virginia, Colorado, Connecticut, and Other State Residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and obtain a copy of their personal data. You may also have the right to opt out of targeted advertising, profiling, and the sale of personal data — none of which we engage in. To exercise your rights, please contact us using the information in Section 10.
Health Data Protections
We take the sensitivity of health and wellness data seriously. Cycle tracking settings and reproductive health data are treated with additional safeguards. We do not share health data with employers, insurance companies, or data brokers. Journal entries related to health and wellness are never stored on our servers. In states with specific health data privacy laws (such as Washington's My Health My Data Act), we comply with applicable requirements.
8. Europe Considerations
If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and the UK GDPR.
Legal Bases for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide you with the App and its features (account management, personalization settings, subscription management).
- Consent: For optional features like cycle tracking, identity tags, and push notifications. You can withdraw consent at any time.
- Legitimate Interests: For app improvement, security, and bug fixing, where these interests do not override your rights.
- Legal Obligation: Where we are required to process data to comply with applicable law.
International Data Transfers
Your account data may be transferred to and processed in the United States, where our servers and service providers are located. When we transfer personal data outside the EEA/UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or reliance on service providers' compliance frameworks. Your journal entries and private reflections are not transferred to our servers at all — they remain on your device.
Data Protection Officer
For questions or concerns about our data processing practices, European users may contact us at hello@weunearthed.com. You also have the right to lodge a complaint with your local data protection authority.
Data Retention — Europe
We retain your account data only for as long as necessary to fulfill the purposes outlined in this policy. When you delete your account, we will erase your personal data within 30 days, unless retention is required by law. Journal entries stored on your device are under your control and are not affected by server-side deletion.
9. User Rights
Depending on your location, you may have some or all of the following rights regarding your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you on our servers |
| Correction | Request correction of inaccurate or incomplete personal data |
| Deletion | Request deletion of your personal data (available directly in Settings) |
| Portability | Request your server-side data in a structured, machine-readable format |
| Restriction | Request that we restrict processing of your data under certain circumstances |
| Objection | Object to our processing of your data based on legitimate interests |
| Withdraw Consent | Withdraw consent for optional features at any time (cycle tracking, push notifications, identity tags) |
| Non-Discrimination | We will never discriminate against you for exercising your privacy rights |
How to Exercise Your Rights
You can exercise many of these rights directly within the App:
- Delete your account: Settings → Delete Account (removes all server-side data permanently)
- Disable cycle tracking: Settings → Cycle Settings
- Manage push notifications: Through your device's notification settings
- Update your information: Settings → Profile
- Export your data: Settings → Export (provides a copy of your data)
For any rights requests that cannot be handled within the App, please contact us at hello@weunearthed.com. We will respond to your request within 30 days (or within the timeframe required by applicable law).
Verification
To protect your privacy, we may need to verify your identity before fulfilling certain requests. We will typically verify your identity through your registered email address.
10. Final Details
Children's Privacy
We Unearthed is designed for adults aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from anyone under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@weunearthed.com.
Data Security
We implement industry-standard security measures to protect the personal information stored on our servers, including encrypted data transmission using HTTPS/TLS, encrypted password storage (bcrypt hashing), secure authentication with JSON Web Tokens that expire periodically, regular security updates and dependency auditing, and access controls limiting who can access user data. Journal entries and private reflections benefit from an additional layer of protection: because they are stored only on your device and never on our servers, they cannot be compromised through a server-side breach.
Data Retention
We retain your account data for as long as your account is active and as needed to provide you with the Services. When you delete your account through the App, we permanently delete all your server-side data, including your account information, personalization settings, cycle tracking data, usage history, and all associated metadata. Some data may be retained in encrypted backups for a limited period (up to 30 days) before being fully purged. Journal entries and reflections stored on your device are under your control — uninstalling the App will remove this data from your device. We may retain de-identified, aggregated data that cannot be linked back to you for product improvement purposes.
Third-Party Links
The App may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective" date at the top of this policy, sending a notification through the App, or sending an email to your registered email address for significant changes. Your continued use of the App following the posting of changes constitutes your acceptance of those changes.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
We Unearthed LLC
Email: hello@weunearthed.com
Website: weunearthed.com