Privacy Policy

Last Updated: 21/05/2025

Introduction

At Thought Tamer, we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your data when you use our mobile application (“Thought Tamer”), website (https://thoughttamer.app), or related services (collectively, “Services”). By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

1. Information We Collect

We collect the following types of information to provide, improve, and secure our Services:

a. Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password.
  • Chat Data: Messages you send to our AI chatbot, including text inputs related to your thoughts, goals, or mental blocks.
  • Personality Trait Data: Responses used to generate personality trait scores (e.g., empathy, confidence) after five messages.
  • Subscription Information: Payment details (processed via third-party providers like Stripe or Apple Pay) for subscriptions.
  • Free PDF Giveaway: Email address provided to download free PDFs via our website popup.
  • User Content: Video reviews submitted for the grand slam offer (first 50 reviews get a refund and full access).
  • Contact Information: If you contact us for support, we collect your name, email, and any information you share.

b. Automatically Collected Information

  • Usage Data: Information about how you interact with our Services, such as pages visited, features used (e.g., daily quotes, notifications), session duration, and click patterns.
  • Device Information: Device type, operating system, IP address, browser type, and unique device identifiers.
  • Analytics Data: Aggregated data from tools like Google Analytics, including user demographics, traffic sources, and app performance metrics.
  • Cookies and Tracking: We use cookies, web beacons, and similar technologies to enhance functionality, personalize content, and analyze usage (e.g., tracking PDF downloads).

c. Information from Third Parties

  • Social Media: If you log in via social media (e.g., Google, Apple), we collect your name, email, and profile ID from those platforms.
  • Third-Party Services: Data from payment processors, hosting providers, or marketing tools (e.g., email campaign analytics).

d. Sensitive Information

We may collect sensitive data (e.g., mental health-related inputs in chats) only with your explicit consent. You can opt out of sharing sensitive data, but this may limit some features (e.g., personalized AI responses).

2. How We Use Your Information

We use your information to operate, improve, and personalize our Services, including:

  • Providing Services: Deliver AI chatbot responses, personality trait scores, daily quotes, and push notifications tailored to your inputs.
  • Account Management: Create and manage your account, process subscriptions, and verify your identity.
  • Free PDF Giveaway: Send you the requested PDFs and related updates (with your consent).
  • Grand Slam Offer: Process video reviews for refunds and full access, and use reviews (with permission) for marketing.
  • Personalization: Customize AI responses, quotes, and notifications based on your chat data and usage patterns.
  • Analytics and Improvement: Analyze usage data to optimize app performance, fix bugs, and develop new features.
  • Communication: Send you transactional emails (e.g., subscription confirmations), support responses, or promotional updates (if you opt in).
  • Security: Detect and prevent fraud, unauthorized access, or abuse of our Services.
  • Legal Compliance: Comply with applicable laws, regulations, or legal requests (e.g., tax reporting for payments).

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share data only in these cases:

  • Service Providers: With trusted third parties who perform services on our behalf, such as:
    • Payment processors (e.g., Stripe, Apple Pay) for subscriptions.
    • Cloud hosting providers (e.g., AWS, Google Cloud) for data storage.
    • Analytics providers (e.g., Google Analytics) for usage insights.
    • Email marketing tools (e.g., Mailchimp) for PDF delivery or updates.
    • All providers are bound by contracts to protect your data and comply with privacy laws.
  • Legal Obligations: If required by law, court order, or government authority (e.g., tax audits, subpoenas).
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, with notice to you and continued protection.
  • With Your Consent: For example, if you allow us to share your video review publicly or opt in to third-party integrations.
  • Aggregated/De-Identified Data: We may share anonymized data (e.g., usage trends) for research, marketing, or industry reports, ensuring it cannot be linked to you.

4. Legal Bases for Processing (GDPR Compliance)

For users in the European Economic Area (EEA) or UK, we process personal data under these legal bases:

  • Consent: For sensitive data (e.g., mental health inputs), marketing emails, or cookies (you can withdraw consent anytime).
  • Contract: To provide Services you’ve requested (e.g., AI chats, subscriptions).
  • Legitimate Interests: For analytics, security, or app improvements, balanced against your rights.
  • Legal Obligation: To comply with laws (e.g., tax reporting).

5. Your Data Rights

You have rights over your personal data, depending on your location (e.g., GDPR, CCPA, APP). These include:

  • Access: Request a copy of your data (e.g., chat history, account details).
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Delete your data, subject to legal exceptions (e.g., tax records).
  • Restriction: Limit how we process your data in certain cases.
  • Portability: Receive your data in a machine-readable format for transfer.
  • Objection: Object to processing for marketing or legitimate interests.
  • Withdraw Consent: Stop processing where consent is the basis (e.g., sensitive data).
  • Do Not Sell/Share: Opt out of data sharing for CCPA-covered activities (we don’t sell data, but you can opt out of analytics).

To exercise these rights, contact us at admin@thoughttamer.app and we’ll respond within 30 days (or 45 for CCPA, with extensions). You may need to verify your identity. You can also lodge a complaint with your local data protection authority (e.g., OAIC in Australia, ICO in the UK, CNIL in France).

6. Data Retention

We retain your data only as long as necessary:

  • Account Data: Until you delete your account, plus 6 months for legal compliance (e.g., tax records).
  • Chat Data: For 12 months after your last interaction, unless you request deletion sooner.
  • Payment Data: As required by payment processors and tax laws (typically 7 years in Australia).
  • Analytics Data: Aggregated for up to 24 months.
  • PDF Giveaway Emails: Until you unsubscribe or request deletion.
  • Video Reviews: Until you revoke consent or request deletion.

Deleted data is securely erased or anonymized, except where legally required (e.g., financial records).

7. Data Security

We use industry-standard measures to protect your data, including:

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest (AES-256).
  • Access Controls: Strict access limits for employees and contractors.
  • Regular Audits: Security reviews of our systems and third-party providers.
  • Incident Response: Prompt action and notification in case of a data breach, as required by law (e.g., GDPR’s 72-hour rule).

No system is 100% secure, but we take all reasonable steps to safeguard your information.

8. International Data Transfers

Thought Tamer is based in Melbourne, Australia. Your data may be processed in other countries (e.g., US for AWS hosting, Ireland for Google Analytics), where privacy laws differ. We ensure compliance through:

  • Standard Contractual Clauses: For GDPR-covered transfers (e.g., EU to US).
  • Adequacy Agreements: Where applicable (e.g., EU-Australia).
  • Vendor Agreements: Binding third parties to equivalent protections.

By using our Services, you consent to these transfers, subject to your rights.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Functions: Enable login, session management, and app functionality.
  • Analytics: Track usage (e.g., Google Analytics for page views, PDF downloads).
  • Personalization: Tailor content (e.g., daily quotes based on chats).
  • Marketing: Measure campaign performance (e.g., X post clicks).

You can manage cookies via your browser settings or our cookie consent popup (GDPR/CCPA-compliant). Disabling cookies may limit some features. We honor Do Not Track signals where required.

10. Children’s Privacy

Thought Tamer is not intended for users under 16 (or 13 in the US under COPPA). We do not knowingly collect data from children. If we learn a child’s data was collected, we will delete it immediately. Contact us if you believe this occurred.

11. Third-Party Links

Our Services may link to third-party sites (e.g., payment processors, social media). These sites have their own privacy policies, which we don’t control. Review them before sharing data.

12. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our Services, laws, or practices. We’ll notify you via email (if you have an account) or a website notice at least 7 days before significant changes take effect. Your continued use after the effective date means you accept the updated policy. Check this page regularly for the latest version.

13. Contact Us

For questions, concerns, or to exercise your data rights, contact:
Thought Tamer
admin@thoughttamer.app

For GDPR purposes, Thought Tamer is the Data Controller. For CCPA, we are the Service Provider and Business.

14. Additional Notices

a. CCPA Notice (California Residents)

  • We do not sell personal information.
  • You have the right to opt out of sharing for analytics (contact us).
  • We’ve disclosed all data categories and uses above (see Section 1-3).
  • Request limits: 2 free requests per 12 months; additional requests may incur a reasonable fee.

b. GDPR Notice (EEA/UK Residents)

  • Your data is processed under Article 6 bases (consent, contract, legitimate interests, legal obligation).
  • You have the right to lodge a complaint with your supervisory authority.
  • We appoint a Data Protection Officer if required (contact us for details).

c. APP Notice (Australia Residents)

  • We comply with the Australian Privacy Principles under the Privacy Act 1988.
  • Complaints can be filed with the Office of the Australian Information Commissioner (OAIC).

15. Governing Law

This Privacy Policy is governed by the laws of Victoria, Australia, without regard to conflict of law principles. Any disputes will be resolved in the courts of Melbourne, subject to your mandatory consumer rights in your jurisdiction (e.g., GDPR’s right to sue locally)