Privacy Policy

Effective date: March 1, 2026

This Privacy Policy explains how Inner Child Care (the “App”) and the website at innerchild.care (the “Website”) collect, use, share, and protect information.

Operator / Data Controller: Ruslan Kalinovych (Poland) Contact (privacy & support): myinnerchild.hq@gmail.com
Service regions (initial release): United States, Poland, Ukraine

1) Who this is for (Adults Only)

The App and Website are intended for adults 18 years and older. The App uses an age-gating screen to restrict access to adults. If you are under 18, do not use the Services.

2) Information we collect

We collect information you provide, information generated through your use of the Services, and limited technical data needed to operate and secure the Services.

A) Account and authentication

When you create and use an account, we collect:

  • Email address (for email/password sign-in)
  • Account identifiers (e.g., internal user ID)
  • Session/authentication data (e.g., tokens needed to keep you signed in)

If you use Google or Apple sign-in (when enabled), those providers share information needed to authenticate you (typically a stable account identifier and, depending on your provider settings, your email address).

We do not store your password in plain text.

B) Profile and preferences

We may collect:

  • Profile details you choose to provide (e.g., username)
  • App preferences and settings (e.g., language)

C) Self-reflection and wellbeing-related content (sensitive by nature)

The App may collect and store content you submit such as:

  • Onboarding answers (self-reflection)
  • Daily task answers (text)
  • Interactions (e.g., whether a task was completed)
  • Derived labels or groupings that the App generates from your responses (e.g., category tags)

Important: The App is for self-care and reflection. Please avoid entering medical records or diagnostic information. The App is not for emergencies.

D) Photos and file attachments

If you upload photos or files (for example, as part of a task report or when sending feedback), we collect and store those uploads along with basic metadata (such as upload time and the related feature/task).

Access control intent: Uploads are intended to be accessible only by you and, if needed, authorized personnel for support and security purposes.

E) Feedback and support

If you contact us or submit feedback, we may collect:

  • Your message content
  • Attachments you include (e.g., screenshots)
  • Basic technical context related to your request (e.g., app version)

F) Website contact form

If you contact us on the Website, we collect:

  • Name (if provided)
  • Email address
  • Message content and any details you submit

G) Careers / job applications (Website)

If you apply for a job, we may collect:

  • Name and email address
  • Phone number (optional)
  • Application answers
  • Resume/CV or other files you upload (optional)

H) Device, usage, and logs

We (and our service providers) may collect technical information such as:

  • Device/app/browser information (e.g., OS, app version, language/locale)
  • Request/security data (e.g., IP address and user agent) for security, fraud prevention, and troubleshooting
  • Operational metrics and error logs

Limited logging of snippets/metadata: For debugging and reliability, we may log limited snippets or metadata related to certain operations (for example: identifiers like task/report IDs, timing, and limited content metadata). We do not aim to log full private reflections unless necessary to diagnose an issue you report.

3) How we use information

We use information to:

  • Provide and operate the App and Website
  • Create and manage accounts and sessions
  • Save your progress and personalize your experience
  • Store and display your content to you within the App
  • Respond to support requests and feedback
  • Process and manage job applications
  • Maintain security, prevent abuse, troubleshoot issues, and improve performance

4) Legal bases for processing (EEA/UK)

If you are located in the European Economic Area (EEA) or the UK, we process personal data under the following legal bases (as applicable):

  • Contract: to provide the Services you request (account access, saving content, core app functionality).
  • Legitimate interests: to secure the Services, prevent abuse, troubleshoot, maintain quality, and improve performance.
  • Consent: for cookies/trackers where required (especially for EU/UK visitors) and for any optional features that explicitly ask for consent.
  • Legal obligation: to comply with applicable laws and lawful requests.

5) Cookies and similar technologies (Website)

We use cookies and similar technologies for:

  • Essential functionality (e.g., authentication/session handling)
  • Remembering certain interactions (e.g., local storage markers such as “viewed jobs”)
  • Performance measurement (e.g., Website performance metrics)

EU/UK cookie choices

We plan to provide a cookie banner for EU/UK visitors and will request consent where required by law for non-essential cookies/trackers.

6) Analytics

Currently, the Website uses Vercel Speed Insights to measure performance and improve the Website experience. This may involve collecting performance metrics and technical data needed to deliver and measure the Website.

If we add additional analytics in the future, we will update this Privacy Policy. We aim to use analytics in a way that does not directly identify you.

7) How we share information

We do not sell personal data.

We share information only as needed to operate the Services, including with service providers such as:

  • Supabase (authentication, database, file storage)
  • Vercel (Website hosting and performance monitoring)
  • Resend (sending emails related to Website contact and careers communications)
  • Google / Apple (only if you use their sign-in methods)

We may also share information:

  • If required by law, regulation, or legal process
  • To protect the security and integrity of the Services
  • To investigate abuse or enforce our rights

8) Data retention

We retain information only as long as needed for the purposes described in this Policy.

  • Account and App content: we retain your account data and App content until you request deletion.
  • Support messages: retained as needed to address your request and maintain support history; you may request deletion.
  • Careers applications: typically retained for up to 12 months after the hiring process ends (or longer if required by law), unless you request deletion sooner.
  • Security and access logs: IP address and user-agent/platform logs may be retained for up to 30 days for security and troubleshooting. Some non-identifying operational logs may be retained longer as needed.

Backups

Even after deletion, residual copies of certain data may remain in backups for a limited period and be removed as backups rotate.

9) Account deletion and your choices

How to request deletion

You can request deletion of your account and associated data by emailing: myinnerchild.hq@gmail.com

Where available, the App may also provide an in-app option to initiate account deletion.

What happens after a deletion request

After verifying your request, we will delete data associated with your account as soon as reasonably possible, unless we must retain certain information to comply with law, resolve disputes, or enforce our agreements.

10) Your privacy rights

EEA/UK rights

If you are in the EEA/UK, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to certain processing
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

You can exercise these rights by emailing myinnerchild.hq@gmail.com.

You also have the right to lodge a complaint with your local data protection authority. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).

U.S. / California (if applicable)

Depending on your location and applicable laws, you may have additional rights regarding access, deletion, and information about disclosures. You can contact us at myinnerchild.hq@gmail.com.

11) International processing and transfers

We operate from Poland and use service providers that may process data in other countries (including the United States and countries in the EU/EEA). Where required, we use appropriate safeguards for cross-border transfers (such as contractual protections).

12) Security

We use reasonable safeguards to protect information, including secure connections and access controls.

Administrative access: Production access to user data is restricted to the CEO only.

No method of transmission or storage is completely secure; therefore, we cannot guarantee absolute security.

13) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the effective date.

14) Contact

For privacy questions, support, or deletion requests, contact: myinnerchild.hq@gmail.com