Privacy Policy

Last updated: 2 May 2026 · Effective for Atomic You v0.5 and later.

Most privacy policies are written so they can never be wrong. This one tries to be clear about what we actually do.

Who we are

Atomic You ("the app") is operated by Prateek (the developer behind it), reachable at hello@atomicyou.org. The app is currently in open beta on Android.

What stays only on your device

The following is stored locally on your phone in the app's private storage. It is not transmitted to any server, by us or anyone else:

• The full text of your identity statements (e.g. "I keep my body strong, energized, and well cared for")
• The open-text answers you write during onboarding (what tripped you up before, what you enjoy)
• Every habit you create or accept — name, exact time, duration, steps, cue, implementation intention, science backing, reasoning
• Your daily completion logs, skip reasons, mood tags, and any reflection notes
• Your streak history and grace-day usage
• The detailed schedule you provide in the Life Audit (work hours, routine durations)
• Your notification preferences

If you uninstall the app, this data is removed with it. If you want a backup, you can opt in to Google Drive backup (described below).

What we share with our servers

A small amount of information is sent to our servers (Google Firebase) so the app can function — sign-in, the buddy feature, streak research metrics, and a per-user rate limit on AI calls. We have intentionally kept this list short.

Sign-in

Sign-in uses Google Sign-In via Firebase Authentication. We receive your name, email, and profile photo URL from Google so the app can remember you across reinstalls and so the buddy feature can pair you with someone you know. Your email is held by Firebase Authentication and is not stored in our database alongside any habit data.

Schedule signals

To restore your routing state across reinstalls and to support buddy pairing, we store on your user record:

• The categories of identity you chose (e.g. "body", "mind") — not the specific statements you wrote
• Your wake-up and bedtime windows
• Your energy pattern (morning, evening, or mixed)
• A six-character invite code generated for buddy pairing
• A Firebase Cloud Messaging device token, used to deliver buddy nudges
• A daily counter (e.g. "3 of 4 done today") that your buddy can see

Buddy pairing

If you invite a buddy or accept a buddy invite, our database stores the pairing (your user IDs, the pairing status, the date) and any nudges you exchange. Your buddy can see your name, profile photo, today's completion count (e.g. "3 of 4"), and your current streak number.

Sharing specific habits with your buddy is opt-in per habit. If you toggle "share with buddy" on a habit, the habit's name, dimension (body/mind/rest/relationships), and current streak are written to a shared section of our database that only your buddy can read. Habits you do not share remain on your device only. Implementation intentions, reflections, schedules, and steps are never shared, even for shared habits.

Streak metrics

For each habit, an anonymized record is stored in our database for research on whether the compassionate-streak design retains users better than rigid streaks. The record contains: a habit ID, the dimension category (body/mind/rest/relationships), current streak, best-ever streak, lifetime completion count, completion rate over the last 30 days, average duration in minutes, and whether the habit was generated by the AI scheduler or added manually. No habit names or contents are included.

AI usage counter

A daily counter of AI plan-generation calls is stored on your user record (e.g. "2 calls today") so we can rate-limit abuse. It contains no inputs, outputs, or content — only counts and dates.

What never goes to our servers

• Habit names, descriptions, cues, or implementation intentions
• Daily completion details (which specific habits you did)
• Reflection notes, mood tags, or skip reasons
• The exact text of your identity statements
• The open-text answers you wrote during onboarding (your obstacles and enjoyment)
• The detailed schedule beyond wake/bed windows (work hours, routine durations)

Google Drive backup (optional)

You can choose to back up your habit data to your own Google Drive. Before being uploaded, the backup is encrypted on your device using AES-256-CBC with a key derived from your account ID, and stored in Google Drive's appDataFolder — a private, app-only folder you can review and revoke access to from your Google account. Google Drive itself stores only an opaque encrypted blob; the contents are not visible to Google or to other apps.

Note on threat model: because the encryption key is derived from your account ID, an attacker who obtained both your encrypted backup and your Firebase account identifier could decrypt the backup. We are working on stronger key isolation (a random key held in your phone's secure keystore) and will update this policy when shipped.

AI plan generation

When you finish onboarding, your identity selections, schedule windows, and open-text answers are sent over HTTPS to a backend service we operate (a Firebase Cloud Function). That service forwards the request to Anthropic's Claude API to generate your habit plan. The same flow runs when you tap "Try something different" on a habit.

Our backend logs only the call count for rate-limiting; it does not store the request or response contents. Anthropic, the AI provider, processes the request to generate the response and does not use it to train its models when accessed via the API. Anthropic may retain inputs and outputs for up to 30 days for trust-and-safety monitoring, per their API policy.

Notifications

The app uses local notifications for habit reminders and Firebase Cloud Messaging for buddy nudges. Notification preferences are stored on your device. You can disable notifications at any time from your phone's settings or from within the app.

Analytics and crash reporting

The current beta does not include third-party analytics or crash reporting. If we add either before the public release, this policy will be updated and existing beta users will be notified in-app before any data starts flowing.

Children

Atomic You is intended for users aged 18 and over. We do not knowingly collect data from children. If you believe a child has used the app, please contact us and we will remove the associated account and data.

Your rights

Wherever you live, the following applies — but if you are in the EU, UK, or California, these are also your statutory rights under GDPR / UK GDPR / CCPA:

• Access — you can ask us what data we hold about you on our servers
• Correction — you can ask us to correct inaccurate data
• Deletion — you can delete your account from inside the app, which triggers automated cleanup of every Firestore record tied to your user ID (your user record, all subcollections, your invite code, and any pending nudges) typically within minutes
• Portability — your habit data is stored on your device and can be backed up to your own Google Drive; for server-side data, contact us
• Objection — there are no analytics in the current beta to opt out of

To exercise any of these, email hello@atomicyou.org. We will respond within 30 days.

How long we keep things

Server-side data is kept while your account is active. When you delete your account, all server-side data tied to your user ID is removed automatically; we audit periodically and target full removal within seven days at the latest.

Where data is processed

Firebase services run in Google's global infrastructure, with our project hosted in a multi-region configuration. Anthropic processes data in the United States. By using Atomic You, you consent to your data being processed in these regions.

Changes to this policy

If we make material changes to this policy, we'll notify you in the app and update the "Last updated" date at the top. Continued use after a change means you accept the new version.

Contact

Questions, concerns, or data requests: hello@atomicyou.org.