Privacy Policy

Last updated: 2026-05-03

The short version

Osmosis is a private practice tool. We collect what we need to run it and nothing else. We don't use third-party analytics, we don't serve ads, and we don't sell your data. Anything you save is yours; you can delete it at any time.

What we collect

When you create an account

• Your email address (to sign you in and contact you about the service)
• If you sign in with Apple or Google: your name and email as provided by those services

When you use the app

• Your profile information: display name, username, bio, and avatar (only if you provide them)
• Your settings: timezone, theme
• Content you save: the text of fragments (quotes), authors, sources, tags, and any reflections you write
• Engagement metadata: when you saved a fragment, when you last revisited it, your difficulty ratings

What we don't collect

• No location data
• No advertising identifiers
• No cross-app tracking
• No third-party analytics SDKs
• No camera, microphone, or contacts access

Waitlist & early-access emails

If you sign up at osmosis.so before the app is publicly released, we store your email address so we can invite you in when early access opens. We also record an approximate locale (from your browser's Accept-Language header) and the page that referred you, used only to understand how people are finding us.

We send two transactional emails: a confirmation when you sign up, and a single primer when we promote you to early access (the TestFlight invitation itself comes separately, from Apple). Every email contains a one-click unsubscribe link; once you unsubscribe we keep your row marked declinedonly so we don't accidentally re-add you, and we won't email you again.

Legal basis (GDPR Art. 6(1)(b)): pre-contractual measures taken at your request. We do not use waitlist emails for marketing, analytics, or any third-party purpose.

How we use it

Strictly to run the service: authenticate you, store and display your content, deliver the spaced-repetition practice (Embodiment), and respond to support requests if you contact us.

We don't profile you for advertising. We don't share your content with anyone outside the infrastructure providers below.

Where it's stored

Your data is stored with our infrastructure provider:

• Supabase (PostgreSQL database + object storage). Supabase processes data on our behalf under their privacy policy and Data Processing Agreement.

On your device, your authentication token is stored in the iOS Keychain. App settings cache (theme preference) is stored in UserDefaults.

Third-party authentication

If you sign in with Apple or Google, those services authenticate you on our behalf. Their privacy policies apply to that exchange:

• Apple Privacy Policy
• Google Privacy Policy

Security

Data is encrypted in transit (TLS) and at rest (Supabase handles encryption of the underlying database). Row-level security policies ensure each user can only access their own data.

No system is unbreakable. If we ever discover a security incident affecting your data, we'll notify you promptly.

Your rights

• Access. Open Settings → Edit Profile to see what we have for you.
• Correct. Edit your profile fields directly in the app.
• Delete.Open Settings → Delete account. This permanently removes your account and all associated data from our systems. There's no recovery.
• Export.Not yet supported in-app. Email us if you need a copy of your data and we'll send it to you.

Children

Osmosis is not intended for children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we'll delete it.

Changes to this policy

We'll update the “Last updated” date at the top whenever we change this policy. For material changes, we'll notify you via email or in the app.

Contact

Questions, requests, or complaints: support@osmosis.so.