Privacy Policy

How we collect, use, and protect your reflections.

Last updated ·Version 2026-04-21

Last Updated: April 21, 2026

Privacy at a glance

  • Your reflections are sensitive. Your journal entries, attachment assessment answers, and relationship history are stored under your account in our secure Firebase backend. They are only accessible from your signed-in device(s) and are never sold, never used for advertising, and never used to train third-party AI models.

  • Minimal profile. During onboarding we ask for a first name, age range, gender, and relationship status. You can use Meadow anonymously or sign in with Apple, Google, or email.

  • Cloud sync. Because Meadow is designed to be there when you need it, your data syncs to Google Cloud Firestore (operated by us under our Firebase project) so you can pick up where you left off and restore it on a new device.

  • Limited sharing. We use a small set of reputable vendors for authentication, storage, product analytics, and subscriptions.

  • No ads, no tracking SDKs. We do not integrate advertising, attribution, or ad-measurement SDKs. We do not request App Tracking Transparency permission and do not access your IDFA.

  • No selling, no sharing for ads. We do not sell your personal information or consumer health data, and we do not share it for cross-context behavioral advertising.

  • Your rights. You can update, export, or permanently delete your data at any time — see §13.

1) Who we are & how to contact us

Meadow is a self-guided reflection app for understanding attachment patterns and relationship dynamics, published by The Manhattan App Studio LLC ("we", "our", "us"), a New York limited liability company.

  • Email (privacy & requests): hello@heymeadow.com
  • Data Controller: The Manhattan App Studio LLC (New York, USA)
  • Intended users: Age 16+. Meadow is not intended for children.

Not medical advice. Meadow provides educational self-reflection features. It is not a medical device and does not provide medical, psychological, or mental-health advice, diagnosis, or treatment. If you are in crisis, please contact a qualified professional or your local emergency services.

2) Scope of this policy

This policy covers our iOS mobile app and any marketing website we operate (including heymeadow.com). It explains what we collect, how we use and share it, your choices and rights, and how to contact us.

3) What we collect

A. Profile data

During onboarding and in settings, Meadow asks for:

  • First name
  • Age range (under 25, 25–34, 35–44, 45–54, 55+)
  • Gender
  • Relationship status
  • Notification preferences (daily reminder time, time zone)
  • Optional: email address if you sign in with email, Apple, or Google

B. Attachment assessment data

Meadow includes a short assessment based on the Experiences in Close Relationships – Short Form (ECR-S) plus a set of relationship-history questions. We save:

  • Your 12 ECR-S responses and 6 relationship-history answers
  • Derived attachment anxiety and avoidance scores
  • Your attachment-style category and relationship archetype
  • The timestamp of your most recent assessment

C. Journal & reflection data

When you write in Meadow, we save:

  • Free-text reflections you write in response to in-app prompts (journey, toolkit, and freeform journaling)
  • The prompt, exercise, or day the entry is associated with
  • Created and updated timestamps

Because Meadow is designed for reflection on relationships and emotional experiences, your journal entries and assessment responses may reveal sensitive information, including information about your mental or emotional state. We treat this data as consumer health data under applicable U.S. state law (see §15).

D. Journey progress

To pick up where you left off, we save:

  • Current day, days completed, streak count
  • Day-by-day completion status and section progress
  • Bookmarks

E. Non-health technical & usage data

To operate and improve Meadow, we may collect non-content technical information and usage telemetry, such as:

  • App version, device model, OS version, language, time zone
  • Pseudonymous user and event identifiers
  • Paywall interactions, subscription events, and entitlement status
  • Application lifecycle events (app opened, day completed, phase completed, journey completed)

F. Purchase data

We process in-app purchases and entitlements via:

  • RevenueCat (purchase validation, subscription status, entitlements)
  • Apple App Store (platform billing)

We do not receive your full payment card details.

G. Marketing website (if/when you visit)

We may use basic analytics to understand aggregate traffic (pages visited, referrers) on heymeadow.com. We do not collect your in-app journal or assessment content on our website.

H. Data we do not collect

  • No last name, postal address, or phone number
  • No precise GPS location, contacts, calendars, camera, microphone, or photo library
  • No Apple Health / HealthKit data
  • No advertising identifiers or IDFA
  • No biometric data

4) How we collect data

  • You enter it (onboarding, assessment, journaling, settings)
  • Automatic telemetry (pseudonymous product analytics, app lifecycle events)
  • Purchases (entitlement state via RevenueCat / App Store)
  • Authentication (if you sign in with Apple, Google, or email)

5) How we use data (purposes)

  • Provide core features (assessment, journal, guided journey, reminders, cross-device access)
  • Personalize your journey (for example, recommending exercises based on your attachment style)
  • Product improvement (feature adoption, usability, stability, diagnostics)
  • Security & integrity (abuse detection, troubleshooting, enforcing Terms)
  • Purchases & subscriptions (entitlements, receipts, refunds, reminders)
  • Compliance (legal obligations, responding to lawful requests)

We do not use your journal or assessment content for advertising, profiling you across other apps or websites, or training machine-learning models.

6) Legal bases (GDPR/UK GDPR/EEA)

  • Consent: processing of consumer health data, optional notifications, and any non-essential analytics that involve consumer health data.
  • Legitimate interests / Contract: app operation, security, purchases, and non-health analytics strictly necessary for functionality.
  • Compliance with law: responding to lawful requests, audits, accounting.

You may withdraw consent at any time (see §13). Where required (e.g., Washington/Nevada), we seek affirmative consent before collecting or sharing consumer health data beyond your device.

7) Sharing & processors (who we work with)

We share data only with service providers (processors) that help us run Meadow — under contracts that limit their use to our instructions. We do not sell data and do not share it for cross-context behavioral advertising.

Key vendors & what they receive

VendorPurposeConsumer health data?
Google (Firebase Authentication)Account sign-in (anonymous, Apple, Google, email/password)No
Google (Cloud Firestore)Storing profile, assessment, journal entries, and progressYes
PostHogProduct analytics (event names and pseudonymous IDs only; no journal or assessment content)No
RevenueCatSubscription validation, entitlementsNo
Apple (App Store)Billing & distribution, Sign in with AppleNo
Google (Sign-In)Optional Google sign-inNo

Your journal entries and assessment responses are not transmitted to analytics, attribution, or advertising platforms. We may disclose information if required by law, to protect rights/safety, or during a corporate transaction (with notice and appropriate safeguards).

8) Advertising & attribution

Meadow does not integrate with advertising networks, attribution SDKs, or ad-measurement tools. We may run advertising campaigns on platforms such as Apple Search Ads, TikTok, or Meta, and we may receive aggregated, campaign-level reports from those platforms.

  • We do not send your in-app journal or assessment content to any ad platform.
  • We do not use consumer health data for targeted ads.
  • We do not request App Tracking Transparency permission and do not access your IDFA.

9) Data location, storage & backups

  • Account and journal data: stored in Google Cloud Firestore under our Firebase project, hosted in the United States. Data is encrypted in transit (TLS) and at rest.
  • Vendor systems: telemetry, analytics, and subscription data are stored by our processors in their secure cloud environments (commonly US). All data in transit uses TLS/HTTPS; vendors encrypt data at rest per their standards.
  • Access controls: per-user Firebase Security Rules prevent one user from reading or modifying another user's data.

10) Retention

  • Account data (profile, assessment, journal entries, progress): retained for as long as your account exists. You can delete your account at any time in Settings → Delete Account, which permanently removes this data from our production systems.
  • Vendor analytics/telemetry: retained per vendor defaults and our settings (commonly 90 days to 26 months).
  • Purchases/entitlements: retained as necessary for accounting, fraud prevention, and legal compliance.
  • Backups & logs: our service providers rotate backups and logs on a rolling basis, typically within 30 to 90 days after deletion.

When we no longer need data, we instruct vendors to delete or de-identify it.

11) Security

We apply technical and organizational measures to protect data:

  • Encryption in transit (HTTPS/TLS) between the app and all vendor systems
  • Encryption at rest in Google Cloud Firestore and other vendor systems
  • Per-user Firebase Security Rules enforcing strict access isolation
  • Access controls that limit who on our team can view production data
  • Data minimization (we do not request camera, microphone, photo library, location, or HealthKit permissions)

No method is 100% secure. If a security incident impacts your information, we will follow applicable notification laws.

12) Children

Meadow is intended for individuals 16 years and older. We do not knowingly collect data from children under 16. If you believe a child has used Meadow, contact hello@heymeadow.com so we can assist.

13) Your privacy rights & choices

Depending on your location (e.g., GDPR/UK GDPR, California CPRA, and other U.S. state laws), you may have the right to:

  • Access the data we hold about you
  • Export/port data in a machine-readable format
  • Correct inaccurate data
  • Delete data (including instructing our vendors to delete)
  • Withdraw consent (for health-data processing and any optional processing)
  • Object/restrict certain processing

Exercising your rights

  • In the app: you can update your profile and notification settings in Settings. You can permanently delete your account and all associated journal and assessment data in Settings → Delete Account.
  • Device permissions: manage notifications in iOS Settings → Meadow.
  • Everything else (including access or export requests for data held by our vendors): email hello@heymeadow.com.

To help us locate your records, please include the email address associated with your account or other details that can identify your record with our processors. We will verify requests and respond within the timelines required by law (generally 30–45 days, with possible extension where permitted).

Withdrawing consent for health-data processing will stop future processing and we will instruct processors to delete existing records to the extent feasible.

14) U.S. state privacy notices (summary)

California (CPRA)

  • We do not sell or share personal information for cross-context behavioral advertising.
  • We process Sensitive Personal Information (including information that may reveal mental or physical health) only for the purposes described above (providing the service, product improvement, security/compliance).
  • You can exercise the rights listed in §13.

Colorado / Connecticut / Virginia / Utah / Texas (and similar)

We honor applicable state privacy rights as described in §13.

15) Consumer Health Data Addendum (Washington & Nevada)

This Addendum supplements the policy to comply with Washington's My Health My Data Act (MHMDA) and Nevada's Consumer Health Data Privacy Law.

What is "consumer health data"?

Any personal data linked or reasonably linkable to you that identifies your health status — including mental or behavioral health information. In Meadow, this includes your attachment assessment responses and derived scores, your relationship-history answers, and the content of your journal entries.

Collection & purposes

We collect consumer health data to:

  • Provide you with Meadow's core functionality, including saving your journal entries, assessment results, and journey progress
  • Maintain and secure the app
  • Improve product features and reliability via limited, pseudonymous analytics (journal and assessment content is never transmitted to analytics or ad platforms)
  • Comply with legal obligations

Consent

We request your affirmative consent during setup before collecting or sharing consumer health data beyond your device. You may withdraw consent at any time (see §13).

Sharing

We do not sell consumer health data. We share consumer health data only with processors that support the purposes above (see §7) and only under contracts requiring confidentiality and security. We do not share consumer health data with advertising platforms.

Geofencing

We do not use geofencing to target locations providing health services.

Access, deletion, and appeals

You may request access to or deletion of your consumer health data (§13). If we deny your request, you may appeal by replying to our decision. We will respond with our reasoning and further options, including how to contact your state Attorney General.

16) International transfers

Some processors may store or process data outside your state/country. Where required (e.g., EEA/UK), we rely on Standard Contractual Clauses or comparable safeguards.

17) Changes to this policy

We reserve the right to change and reissue this Privacy Policy at any time by posting an updated version on our website. If we make material changes in the way we collect, use, or disclose your data, we will provide you reasonable advance notice of the changes before they take effect for you. If we have an existing relationship with you we may provide you notice through our mobile app or directly using the contact information you have provided to us. If we do not have an existing relationship with you (for instance, if you only visit our website), any notice we provide will be posted to our website. If you continue using the services after those changes are in effect, our processing of your data will be subject to the new Privacy Policy. We encourage you to regularly review this Privacy Policy to ensure that you remain aware of what data we collect, how we use and otherwise process it, under what circumstances we will disclose it to third parties, and your privacy rights and choices.

18) Contact us

Questions, requests, or appeals: hello@heymeadow.com

19) Glossary (helpful definitions)

  • Consumer health data: Health-related personal data covered by laws like WA MHMDA and Nevada's CHD law. For Meadow, this includes attachment assessment responses and journal content that may reveal mental or emotional state.
  • Pseudonymous ID: An identifier that doesn't directly reveal your identity (for example, a random user ID used for product analytics).
  • Processor / Service provider: A vendor that handles data on our behalf under contractual limits (e.g., Firebase, PostHog, RevenueCat).
  • Sell / Sale: Exchange of personal data for monetary or other valuable consideration (we do not sell).
  • Share (CPRA): Disclosure for cross-context behavioral advertising (we do not share for ads).
  • Cloud sync: Meadow saves your data to Google Cloud Firestore under our Firebase project so you can access it across devices and restore it on a new device.

© 2026 The Manhattan App Studio LLC. All rights reserved.

Questions? Email hello@heymeadow.com.