Privacy Policy

Phone number. You sign in with your phone number and a one-time SMS code (delivered via Twilio). Your number identifies your account; we don't use it for anything else.

Your content. The thoughts you create, their text, their branching structure, edit history, and any images generated for them, are stored in our database (hosted on Supabase in the United States). Access is enforced per-account: only you, signed in, can read your content.

Voice capture is transcribed entirely on your device, using Apple's speech recognition or a local Whisper model. Your audio is not uploaded to our servers.

If you grant location permission, Thought stamps new thoughts with an approximate place name and the current weather. This uses your coarse location (about 100 meters): coordinates are sent to Apple's geocoding service and to Open-Meteo (a weather service) without any account identity attached. If you deny permission, this feature is simply off.

When you ask Thought to synthesize or summarize, the text of the relevant thoughts is sent to Anthropic (Claude). Image generation sends a prompt to OpenAI. These requests are relayed through our server, which holds the API keys and does not retain request content. Both providers process this data under their API terms, which exclude using it to train their models.

If you add your own API keys in settings, they are stored only in your device's Keychain, and requests go directly from your device to the provider.

When you paste a TikTok, Instagram, or YouTube link, that URL is sent to SocialKit to fetch the video's public title, thumbnail, and transcript. Only the link you paste is shared.

We use PostHog, a product-analytics service, to understand how Thought is used so we can improve it, for example which features are opened and where people get stuck. This covers in-app actions and basic device and app information (such as device model and app version). Because the app is a private friends-and-family beta, events are associated with your account so we can support you directly.

This is product analytics only. It is never used for advertising, never linked to your activity in other apps or websites, and never sold. The contents of your thoughts are not sent to PostHog. Data is processed under PostHog's terms and is deleted when you delete your account.

Deleting a thought in the app removes it from our servers on the next sync. To delete your account and all synced data, email thought@biofare.org and we'll handle it promptly.

Data is encrypted in transit (TLS) and at rest. Server-side access is restricted with row-level security, so each account can only ever read its own rows.

Thought is not directed at children under 13.

If this policy changes, we'll update this page and note material changes in the app.

Questions? Email thought@biofare.org.