You Are Not to Blame - Privacy Policy

Bravery Academy · Last updated: April 4, 2026

1. Introduction

This Privacy Policy ("Policy") describes how Bravery Academy ("we," "us," or "our") collects, uses, stores, and protects information in connection with the "You Are Not to Blame" mobile application ("App"). By installing, accessing, or using the App, you ("User," "you," or "your") acknowledge that you have read, understood, and agree to be bound by this Policy in its entirety.

If you do not agree to this Policy, you must immediately uninstall the App and cease all use.

2. Data Controller

The data controller responsible for your personal data is:

Bravery AcademyEmail: support@bravery.academy

For privacy-related inquiries, please contact us at the address above.

3. Information We Collect

3.1. Information You Provide Directly

The App collects the following categories of information that you voluntarily enter during use:

  • Session responses: text you type during the 12-step Responsibility Pie technique (descriptions of situations, thoughts, feelings, action plans).
  • Responsibility percentages: numerical values you assign to responsibility factors.
  • Mood self-assessments: numerical ratings you provide before and after practice sessions.
  • Vault password: a password you create to encrypt your session data. We do not store or have access to your password.
  • Preferences: language selection, notification settings, diagnostics consent.

3.2. Information Collected Automatically

  • Crash reports and diagnostics: if you have enabled diagnostics, anonymized crash data may be collected via Sentry for stability improvement purposes.
  • Purchase information: transaction identifiers processed through App Store / Google Play and RevenueCat for entitlement verification. We do not receive or store your payment card details.

3.3. Information We Do NOT Collect

  • We do not collect your name, email address, phone number, or physical address.
  • We do not collect device identifiers for advertising purposes.
  • We do not collect location data.
  • We do not create user accounts or require registration.
  • We do not collect biometric data.

4. How We Use Your Information

All session data (text responses, percentages, mood ratings, action plan items) is stored exclusively on your device in an encrypted vault. We use your information solely for the following purposes:

  • To provide core App functionality (the 12-step Responsibility Pie technique).
  • To encrypt and protect your session data locally on your device.
  • To process in-app purchases and verify premium entitlements.
  • To send local push notifications (daily reminders) if you enable them.
  • To improve App stability through anonymized crash reports (only with your explicit consent).
  • To provide optional AI guidance (only with your explicit per-request consent, as described in Section 6).

We do not sell, rent, lease, or trade your personal information to any third party for any purpose whatsoever.

5. Data Storage and Security

5.1. Local-Only Architecture

All personal session data is stored exclusively on your device. We do not operate servers that store your session content. There is no cloud backup, cloud sync, or remote storage of your practice data.

5.2. Encryption

Your session data is encrypted in a password-protected local vault. On supported native builds, new vault data uses Argon2id key derivation with AES-GCM authenticated encryption. Older vault data and fallback runtimes may use the previous PBKDF2/AES-CBC vault format with integrity protection. The vault password is never transmitted or stored in plaintext.

5.3. Secure Storage

Sensitive metadata (encryption salt and password verifier) is stored in the operating system's secure keychain (Android Keystore). General encrypted session data is stored in the application's sandboxed local storage.

5.4. Limitations

While we implement industry-standard security measures, no method of electronic storage is 100% secure. You are solely responsible for maintaining the confidentiality of your vault password and the physical security of your device. We disclaim all liability for unauthorized access resulting from your failure to protect your password or device.

6. AI Data Processing (Google Gemini)

6.1. Overview

The App offers an optional AI guidance feature powered by Google's Gemini API. This feature is entirely optional and is never activated without your explicit, per-request consent.

6.2. What Data Is Sent

When you explicitly consent to an AI request, the following data may be sent to our AI worker and Google Gemini service provider:

  • Selected step responses relevant to the specific AI request type (never the full session).
  • Responsibility percentage values.
  • The request may also include request type, app locale, system prompt id, and a session-scoped hash used only for request handling.

The exact data payload is displayed to you in a consent preview before each request. Only the fields shown in the preview are transmitted.

6.3. How Google Processes This Data

We use Google's Gemini API under a paid commercial API agreement. Under Google's API Terms of Service for paid plans:

  • Google does NOT use your API input or output data to train, improve, or develop its AI models.
  • Data is processed solely to generate the AI response and is subject to Google's data processing terms.
  • Google may temporarily retain data for abuse monitoring and legal compliance in accordance with its data processing addendum.

For full details, refer to Google's Cloud Data Processing Addendum and Gemini API Terms of Service.

6.4. Your Control

  • AI features are disabled by default.
  • Each AI request requires a separate, explicit consent action.
  • You can decline any AI request at any time without affecting App functionality.
  • No AI request is sent in the background or without the consent dialog.

6.5. Disclaimer

AI-generated guidance is provided "as is" and is intended solely as supplementary support. It does not constitute professional advice of any kind. You are solely responsible for evaluating and deciding whether to follow any AI-generated suggestions. We disclaim all liability for any actions you take based on AI-generated content.

7. Third-Party Services

The App integrates the following third-party services:

7.1. App Store / Google Play Billing / RevenueCatPurpose: processing in-app purchases and verifying premium entitlements.Data shared: anonymous transaction identifiers.Privacy policy: https://www.revenuecat.com/privacy

7.2. Google Gemini APIPurpose: optional AI guidance generation.Data shared: selected session fields (only with explicit consent).Privacy policy: https://policies.google.com/privacy

7.3. SentryPurpose: crash reporting and stability diagnostics (only with your consent).Data shared: anonymized crash reports, stack traces, device model, OS version.Privacy policy: https://sentry.io/privacy

7.4. Expo NotificationsPurpose: local push notification scheduling.Data shared: none (notifications are scheduled locally on-device).

We are not responsible for the privacy practices of third-party services. You are encouraged to review their respective privacy policies.

8. Data Retention and Deletion

8.1. Session Data

Your session data remains on your device until you delete it. You may delete individual sessions through the App's history screen, or delete all data by clearing the vault.

8.2. Uninstallation

Uninstalling the App permanently deletes all locally stored data, including encrypted sessions, vault metadata, and preferences. This action is irreversible.

8.3. AI Request Data

Data sent to Google Gemini API for AI processing is subject to Google's data retention policies for paid API usage. We do not retain copies of AI requests or responses on any server.

8.4. Crash Reports

Anonymized crash reports collected via Sentry are retained for up to 90 days for stability analysis and are then automatically purged.

9. Children's Privacy

The App is not directed at children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. By using this App, you confirm that you meet the minimum age requirement in your jurisdiction.

If you believe a child has used the App, please contact us, and we will take appropriate steps.

10. Your Rights

10.1. General Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of access: to know what personal data we process.
  • Right of deletion: to request deletion of your personal data.
  • Right to data portability: to receive your data in a structured format.
  • Right to withdraw consent: to withdraw consent at any time.
  • Right to object: to object to certain processing activities.

10.2. How to Exercise Your Rights

Because all personal data is stored locally on your device and we do not maintain copies, you exercise most rights directly through the App:

  • Access: view your session data by unlocking the vault.
  • Deletion: delete individual sessions or clear the entire vault.
  • Portability: export your session summary as PDF.
  • Withdraw consent: disable diagnostics or decline AI requests at any time.

For any additional requests, contact us at support@bravery.academy.

10.3. European Economic Area (EEA) / GDPR

If you are located in the EEA, our legal basis for processing is:- Consent (Article 6(1)(a)) for diagnostics and AI features.- Contract performance (Article 6(1)(b)) for core App functionality.- Legitimate interests (Article 6(1)(f)) for purchase verification.

You have the right to lodge a complaint with your local data protection authority.

10.4. California (CCPA/CPRA)

We do not sell or share personal information as defined under the CCPA/CPRA. We do not use personal information for cross-context behavioral advertising.

11. International Data Transfers

When you use the optional AI feature, your selected session data is transmitted to our AI worker and Google Gemini service provider, which may be located outside your country of residence, including in the United States. Google processes this data under its data processing addendum, which includes standard contractual clauses for international transfers.

By consenting to an AI request, you acknowledge and consent to this international transfer of the selected data.

12. Changes to This Policy

We reserve the right to update this Policy at any time. Changes will be reflected by updating the "Last updated" date. Continued use of the App after changes constitutes your acceptance of the revised Policy.

For material changes that significantly affect your rights, we will provide notice within the App before the changes take effect. If you do not agree with the updated Policy, you must uninstall the App.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, please contact:

Bravery AcademyEmail: support@bravery.academy

We will make commercially reasonable efforts to respond within 30 days.