Privacy Policy

Effective Date: May 14, 2026 Last Updated: May 14, 2026

Pearl ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Pearl mobile application (the "App"). Please read this policy carefully. By using Pearl, you agree to the practices described here.

If you have questions, you can reach us at: info@steadymaking.studio

1. Information We Collect

1.1 Information You Provide Directly

Account Information When you create a Pearl account, we collect your email address and password. Your password is never stored in plain text — it is hashed and managed securely by Firebase Authentication (Google).

Profile Information During onboarding, we ask for your preferred name so we can personalize your experience.

Journal Entries The core content you write in Pearl — your journal entries, intentions, and reflections — is stored locally on your device and synced to our secure cloud database.

Journey Responses If you use Pearl's Journeys feature to work toward personal goals, we securely store your responses to onboarding questions, depth questions, milestone information, and your journey's status and progress.

User Preferences We securely store your in-app preferences (such as notification settings) and brief contextual information you share during onboarding (such as what brought you to the app).

1.2 Information We Collect Automatically

Usage and Analytics Data We use Firebase Analytics to understand how users interact with Pearl. We associate this data with your Firebase user ID, not your name or email. This data is used to provide a robust, performant feature set.

Subscription Information We use RevenueCat to manage subscriptions. RevenueCat receives your app user ID (your Firebase UID), the subscription product you purchased, your platform (iOS or Android), and subscription lifecycle events (purchase, renewal, cancellation, expiration). We store your subscription status in our database to determine which features you can access.

Error and Diagnostic Data We use Sentry for error monitoring. When the app crashes or encounters an error, Sentry may receive your user ID, the error message, a stack trace, and the app environment (e.g., production). This helps us identify and fix bugs. No journal content is sent to Sentry.

2. How We Use Your Information

We use your information for the following purposes:

  • Providing the App — to create and maintain your account, sync your entries and journeys across devices, and deliver the features you use.

  • AI-Powered Features — to generate tags for your entries, suggest depth questions, create reflections and intentions, and link entries to your journeys. See Section 3 for more information.

  • Subscription Management — to verify your subscription status and grant access to Pearl Pro features.

  • Analytics and Improvement — to understand how the App is used so we can improve it. Analytics data is aggregated and does not personally identify you by name.

  • Error Monitoring — to detect and fix bugs and crashes that affect your experience.

  • Communications — to send you important notices about your account or this policy, if needed.

We do not sell your personal information. We do not use your journal content for advertising.

3. AI Processing of Your Content

Pearl uses Anthropic's Claude AI to power features like automatic tagging, depth questions, reflections, and journey insights.

How it works: When you write a journal entry or engage with a Journey, relevant text from your entry may be sent to Anthropic's API to generate a response. Before your text is sent, we apply a process to strip personally identifiable information (such as names, email addresses, and phone numbers) from the content.

What Anthropic receives: Portions of your journal text (with PII removed), not your name, email address, or account identifiers.

Anthropic's data practices: Anthropic processes this data according to their own privacy policy and API data usage terms. We encourage you to review Anthropic's Privacy Policy and their API usage policies for details on how they handle API data.

Rate limiting: AI features are subject to per-user rate limits to ensure fair use and protect the service.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following limited circumstances:

  • Google / Firebase: User ID, entries, journeys, tags, account data. Used for authentication, cloud database storage, analytics

  • Anthropic: Journal text (PII-stripped). Used for AI-powered features (tagging, reflections, questions)

  • RevenueCat: User ID, subscription events, platform. Used for subscription management and verification

  • Sentry: User ID, error logs, stack traces. Used for error monitoring and debugging

Each of these third parties processes data under their own privacy policies and data processing agreements. We contractually require them to protect your data and use it only for the purposes described above.

We may also disclose your information if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a legal obligation, protect our rights, or protect the safety of our users.

5. Data Storage and Security

Your data is stored in two places:

  • On your device — in a local SQLite database, used to keep Pearl fast and available offline.

  • In the cloud — in Google Firebase Firestore, a secure cloud database, synced automatically when you're online.

We use industry-standard security practices, including encryption in transit (TLS) and Firebase's built-in security rules to restrict access to your data. Only you can access your entries and journeys — Pearl has no feature for sharing your data with other users.

Despite these protections, no system is perfectly secure. We encourage you to use a strong, unique password for your Pearl account.

6. Data Retention

We retain your data for as long as you maintain an account with Pearl. If you delete your account, we permanently delete:

  • All of your journal entries and associated tags

  • All of your journeys, milestones, and journey responses

  • Your user profile and preferences

  • Your subscription record

  • Your Firebase Authentication account

This deletion is initiated immediately upon your request and processed through our secure account deletion system. Local data on your device is also cleared.

We do not retain backups of deleted accounts beyond what is handled automatically by Google Firebase's standard infrastructure retention windows (typically a short period for disaster recovery purposes).

7. Your Privacy Rights

7.1 All Users

Regardless of where you live, you have the right to:

  • Access your data — You can view all of your journal entries and journeys directly within the App.

  • Delete your data — You can delete individual entries or your entire account from within the App. Account deletion permanently removes all associated data from our systems.

  • Correct your data — You can edit your journal entries and profile information at any time.

7.2 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have the following additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access — You may request a copy of the personal data we hold about you.

  • Right to Erasure ("Right to be Forgotten") — You may request that we delete all personal data we hold about you.

  • Right to Restriction of Processing — You may request that we limit how we use your data in certain circumstances.

  • Right to Data Portability — You may request your data in a structured, machine-readable format.

  • Right to Object — You may object to our processing of your data for analytics or other non-essential purposes.

  • Right to Withdraw Consent — Where we rely on your consent to process data, you may withdraw it at any time.

Legal Basis for Processing: We process your data on the following legal bases:

  • Performance of a contract — Processing necessary to provide the App and its features.

  • Legitimate interests — Analytics and error monitoring, to improve and maintain a stable product.

To exercise any of these rights, contact us at: info@steadymaking.studio. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know — You may request to know what personal information we collect, use, share, or sell about you.

  • Right to Delete — You may request that we delete your personal information, subject to certain exceptions.

  • Right to Correct — You may request that we correct inaccurate personal information we hold about you.

  • Right to Opt Out of Sale or Sharing — We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is required, but you have this right regardless.

  • Right to Limit Use of Sensitive Personal Information — We use sensitive information (such as your journal content) only to provide the App's core features, not for any secondary purpose.

  • Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.

Categories of personal information collected in the last 12 months:

  • Identifiers: Email address, user ID

  • Personal records: Preferred name

  • Internet/network activity: App usage events

  • Sensitive personal information: Journal entry content

To exercise your California rights, contact us at: info@steadymaking.studio. We will respond within 45 days, with an extension of an additional 45 days where reasonably necessary.

8. Children's Privacy

Pearl is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete that information.

9. Apple App Store and Google Play

If you downloaded Pearl from the Apple App Store or Google Play, Apple and Google may collect data related to your download and purchase per their own privacy policies. We do not control this data collection. Please refer to Apple's Privacy Policy and Google's Privacy Policy for more information.

In-app purchases are processed by Apple (iOS) or Google (Android). We do not receive or store your payment card details.

10. Third-Party Links and Services

Pearl does not include links to third-party websites. The third-party services we use (listed in Section 4) operate under their own terms and privacy policies, which we encourage you to review.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document. For material changes, we will notify you through the App or by email. Your continued use of Pearl after any changes take effect constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: info@steadymaking.studio

Pearl is a private journaling app. Your entries are yours. We will always be transparent about how your data is used.