Privacy Policy

Last Updated: February 21, 2026  |  Effective: February 21, 2026

1. Who We Are

This Privacy Policy describes how the developer of the Resolve app ("Developer," "we," "us") collects, uses, and protects information in connection with your use of the Resolve mobile application and associated website (the "Service").

By using Resolve, you agree to the practices described in this Policy. If you do not agree, please stop using the Service.

2. The Core Principle: Local-First, You in Control

Resolve is designed with a local-first philosophy:

• All of your personal data — plans, journal entries, goals, habits, analytics, and more — is stored on your device by default.
• Nothing leaves your device unless you explicitly turn on a sharing or sync feature.
• The app explicitly confirms this: "Resolve is always encrypted (on/offline). You control when/if data leaves your device."

This means the vast majority of users — those who do not opt into cloud features — share essentially no personal data with us.

3. What Information We Handle

3.1 — Data You Create (Stored Locally)

The following data is created and stored only on your device unless you opt into syncing:

• Plans, goals, habits, and tasks you create
• Journal and diary entries
• Behavioral analytics and patterns (generated locally)
• XP, levels, skills, and progression data
• Notification history and auto-reply logs (from text monitoring features, if enabled)
• App usage and Screen Time data
• Calendar events and timeline entries
• App category assignments

3.2 — Account Information (Required to Log In)

When you create an account, we collect:

• Your email address and a hashed version of your password (via Firebase Authentication)
• A unique user ID assigned to your account
• A friend code you can share to connect with Allies

This is the minimum information required to create and secure your account.

3.3 — Data You Choose to Sync to the Cloud

If you toggle on "Share Stats to Backend" in Settings, the following limited data is synced to Firebase for features like the web dashboard and Ally visibility:

• Your level, rank, XP, and gameplay stats
• Your friend code and display name
• Data you explicitly share with Allies (e.g., progress visible to a Mentor)
• Leaderboard entries, guild membership, and gifting activity

This toggle is off by default. You must actively enable it. You can turn it off at any time, and synced data will be removed from our servers within 30 days of account deletion.

3.4 — Backup Data

If you use the local backup feature, a backup file is created on your device or a location you choose (such as local storage). Backup files are encrypted with AES-256-GCM using a key derived from your account password (PBKDF2WithHmacSHA256). We do not receive or store your backup files.

4. How We Use Information

When data does reach our servers (for users who opt in), we use it to:

• Operate the Service — leaderboards, Ally connections, guild features, weekly shops, and gifts
• Authenticate your account and maintain your session
• Moderate the Service and enforce our Terms of Service
• Respond to support requests and maintain service reliability
• Detect and prevent fraud, abuse, or security incidents

We do not use your data for:

• Advertising or targeted marketing of any kind
• Building advertising profiles
• Selling to data brokers or any third party
• Training third-party AI models

5. Data Sharing — The Complete Picture

Your data is shared only in these specific, limited circumstances:

6. Weather Data (Open-Meteo)

Resolve uses Open-Meteo to provide weather context for your day, including current conditions and historical weather that may correlate with your habit data. When you use weather features:

• Your device's approximate coordinates (latitude and longitude) are sent directly to Open-Meteo's API.
• Open-Meteo is a free, open-source, no-API-key weather service. They do not require or store user identifiers.
• We do not log, store, or share your coordinates on our servers.
• This data is not linked to your user account or identity in any way.

If you do not use weather features, no location data is transmitted.

7. On-Device AI (Gemini Nano 4 — MediaPipe)

Resolve includes AI-powered insights and analysis features powered by the Gemini Nano 4 Instruction-Tuned model running via MediaPipe Tasks. This model is downloaded and executed entirely on your device:

• No data leaves your device for AI inference. Your personal content (journal entries, plans, behavioral data) is processed locally.
• The model does not communicate with Google, the Developer, or any server when performing AI tasks.
• You can verify model availability and status in the app's settings under the Neural Engine section.

8. Notification & Text Monitoring Features

If you enable notification monitoring or text monitoring features, the app may access notification content on your device to provide smart filtering, auto-reply suggestions, and missed message tracking. This data:

• Is processed locally on your device.
• Is stored in the local database and never transmitted to our servers.
• Is only accessible through Notification Listener Service permissions you explicitly grant.
• Can be disabled at any time in Settings → Text Monitoring.

Auto-reply messages, if enabled, are sent from your device directly through Android's notification system. We do not intercept or log the content of those replies.

9. Encryption & Security

We take security seriously and apply it at every layer:

• Local data at rest: Sensitive preferences are stored in Android's EncryptedSharedPreferences using AES-256-SIV (key encryption) and AES-256-GCM (value encryption), backed by the Android Keystore.
• Local database: Your app database is encrypted at the file level.
• Backup files: When you export a backup, it is encrypted using AES/GCM/NoPadding with a key derived from your password via PBKDF2WithHmacSHA256. Only someone who knows your password can decrypt a backup.
• In transit: All communications with Firebase and Open-Meteo use HTTPS/TLS.
• Authentication: Your account password is never stored in plaintext. Firebase Authentication handles credential security.

No security system is perfect, and we cannot guarantee absolute security. However, the local-first design means that even in the unlikely event of a server breach, your personal content (plans, journal, habits) is never exposed because it was never sent to us.

10. Granular Privacy Controls

You have real, meaningful controls over your privacy in Resolve:

• Backend Sync toggle: Turn off "Share Stats to Backend" in Settings to prevent any stats from reaching the cloud. Default: off.
• Ally management: You choose exactly who your Allies are and can remove them at any time.
• Text monitoring: Enable or disable notification access independently of other features.
• Weather features: Weather functionality only activates when you use it; no background location tracking.
• AI model: The Gemini Nano model is on-device. AI features work without any internet connection or data transmission.
• Account deletion: You can delete your account from within the app. Local data is deleted immediately; cloud data within 30 days.

11. Children's Privacy

Resolve is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child under 13 has provided us information, please contact us at contact@slumberingthread.com and we will delete it promptly.

12. Your Rights

Depending on where you live, you may have rights regarding your personal data, including:

• Access: The right to know what data we hold about you.
• Correction: The right to correct inaccurate data.
• Deletion: The right to request deletion of your data. Because most of your data is on your device, you can delete the app to remove it. For cloud data, delete your account or contact us.
• Portability: You can export your data using the in-app backup feature.
• Restriction / Objection: You can turn off cloud sync at any time in Settings.

To exercise any right related to data held on our servers, contact us at contact@slumberingthread.com. We will respond within 30 days.

13. Data Retention

• Local data: Retained on your device until you delete the app or your account.
• Cloud data (if opted in): Retained for as long as your account is active. Deleted within 30 days of account deletion.
• Account credentials: Retained until account deletion.
• Legal/compliance data: May be retained longer if required by applicable law.

14. Voiding of Privacy Protections

If you violate our Terms of Service or act in bad faith — including but not limited to abusing other users, attempting to breach the Service's security, or engaging in unlawful conduct — the privacy protections described in this Policy may be limited to the extent necessary to:

• Investigate or address the violation.
• Protect the safety and rights of other users.
• Comply with applicable law or legal process.

This does not mean we will arbitrarily share your data. It means that if you seriously violate the rules designed to protect everyone, we retain the right to take the actions needed to address that, which may include reviewing relevant account data.

15. Third-Party Links & Services

The Service may contain links to third-party websites or services (such as Open-Meteo's documentation or Google's Gemini Nano license page). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them any information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and notify you within the app or by email where feasible. Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

17. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact us:

contact@slumberingthread.com

This Privacy Policy was last updated February 21, 2026. Prior versions are available upon request.