1. What we collect
The data we collect depends on which Deployd product you use — select a product tab above for its specific policy. In general, across our products we may collect:
- Authentication data — name, email, and profile image from Google or Apple when you choose to sign in
- In-app content — content you actively submit, processed only to deliver the feature you requested and never retained beyond that purpose
- Usage data — anonymised events (feature usage, crashes) to improve stability and prioritise development
- Device & technical data — device model, OS version, app version, and a random installation ID for crash diagnosis only
- Subscription data — purchase status and expiry dates via the App Store, Google Play, or Paddle; we never receive card or billing details
We do not collect location, contacts, call logs, SMS, or background sensor data in any Deployd product.
2. How we use it
We use your data exclusively to:
- Deliver and improve the features you use
- Manage your subscription and enforce fair-use limits
- Diagnose crashes and fix bugs
- Comply with legal obligations
We do not sell your data, use it to train AI models, serve behavioural ads, build marketing profiles, or share it with data brokers.
4. Your rights
Depending on your jurisdiction (GDPR, CCPA, PDPA, etc.) you may have the right to:
- Access — request a copy of all personal data we hold
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time, for consent-based processing
To exercise any right, use our contact form. We respond within 30 days. You can also delete your account via Settings → Delete Account in any app, or via the Delete Account page.
5. Security
We enforce HTTPS/TLS for all data in transit. Data at rest is encrypted at the infrastructure level. Access to production systems is restricted to the Deployd team and protected by multi-factor authentication. If you discover a vulnerability, please report it via our contact form.
6. Children's privacy
Our products are not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
7. Changes to this policy
We may update this policy as our products evolve. Material changes will be communicated via in-app notice at least 14 days before taking effect. The current version is always available at deployd.in/legal/privacy.
1. What ReplyRight collects
Account & identity data
When you sign in via Google or Apple, we receive your email address, display name, and profile picture. We store this to identify your account and sync your data across devices. We never see your social-provider password.
Email content you submit
When you request a reply, the email text you paste or share into the app is processed on your device first — with all personally identifiable information automatically stripped before anything leaves your phone. We never see or store your raw email content. See Section 2 for exactly how this works.
Tone profile & preferences
Your communication preferences — industry, regional dialect (US/UK English), assertiveness level, enthusiasm level, reply length, language complexity, and output language — are stored locally on your device and synced to your account so replies are personalised consistently. Pro users may additionally save multiple named tone profiles.
Reply history
Generated replies are saved in an encrypted local database and synced to your account. Each history record contains only the AI-generated reply text and the PII-redacted version of your input — never your original, unredacted email. Up to 100 recent replies are stored server-side.
Daily usage counters
We record the number of AI reply requests made each day per account to enforce the free-tier daily limit. Only the count is stored — no content.
Subscription & purchase data
Your subscription status (Free or Pro) and expiry date are processed by RevenueCat via Google Play or the Apple App Store. We receive entitlement status and expiry only — we never receive your payment card or billing details.
Crash & error data
Unhandled app exceptions are reported to Firebase Crashlytics. Reports contain anonymised stack traces, device model, OS version, and app version only — never your email content or personal data.
What we don't collect
We do not collect your location, contacts, call logs, SMS messages, microphone or camera data, advertising identifiers, background sensor readings, or payment card details.
2. PII redaction before AI processing
Before any email content leaves your device, ReplyRight automatically detects and replaces personally identifiable information with anonymous placeholder tokens. This on-device pass is the first gate. Our server applies the same redaction algorithm a second time before forwarding content to the AI provider.
The 10 categories that are redacted
- Email addresses →
[EMAIL_1] - URLs and domain names →
[URL_1] - Credit / debit card numbers →
[CARD_1] - IBAN bank account numbers →
[IBAN_1] - US Social Security Numbers →
[SSN_1] - National IDs — Indian PAN, Aadhaar, generic passports →
[NATID_1] - Dates of birth (multiple formats) →
[DOB_1] - Phone numbers — international and local formats →
[PHONE_1] - Street addresses containing a street-type keyword →
[ADDRESS_1] - Names in identifiable salutations and closings →
[NAME_1]
How the token map works
PII is replaced with tokens before the content leaves your device. The AI receives only the redacted version. Once a reply is generated, the tokens are swapped back in-app so your reply reads naturally. The token map is held in device memory only for the duration of a single request — it is never stored, transmitted, or logged.
3. AI processing
Reply generation is powered by large language models routed through a secure Deployd server function (a Supabase Edge Function). The current default provider is Groq (Llama 3.3 70B); Google Gemini 2.0 Flash may be used as an alternative. Your device never calls AI APIs directly.
Data sent to AI providers: PII-redacted email text and your tone profile settings only. Your user ID, name, email address, and all other personal details are never sent to any AI provider.
Both Groq and Google are contractually prohibited from using content submitted through their APIs to train or improve their foundation models.
4. How we use your data
We use your data exclusively to:
- Authenticate you and maintain your account
- Generate AI-powered email replies and follow-ups
- Personalise replies using your tone profile
- Store your reply history and sync it across devices
- Enforce free-tier daily usage limits
- Manage your Pro subscription status
- Diagnose crashes and fix bugs
- Comply with legal obligations
We do not sell your data, use it to train AI models, serve behavioural advertisements, build marketing profiles, or share it with data brokers.
5. Third-party providers
6. Data retention
Your account data is retained for as long as your account is active.
- Reply history — stored until you delete individual replies (from the History screen) or your entire account. Deletion removes records from both your device and our servers.
- Usage counters — retained for up to 90 days.
- Crashlytics data — follows Firebase's default 90-day retention policy.
To delete your account and all associated data, use Settings → Delete Account in the app or our Delete Account page. Deletion is completed within 7 days.
7. Your rights
Depending on your jurisdiction you may have the right to:
- Access — request a copy of all personal data we hold
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and all data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — at any time, for consent-based processing
GDPR (EU/UK): You may lodge a complaint with your local supervisory authority (e.g. the ICO in the UK or the DPC in Ireland).
CCPA (California): We do not sell personal information. California residents have the right to know, delete, and opt out of the sale of personal information — the last right is not applicable as we do not sell data.
To exercise any right, use Settings → Delete Account in the app or contact us. We respond within 30 days.
8. Security
ReplyRight's local database is encrypted using SQLCipher (AES-256). The encryption key is generated randomly on first launch and stored in the iOS Keychain or Android Keystore — it never leaves your device.
- All data in transit is encrypted with TLS
- Row-level security on Supabase ensures only your account can access your data
- On Android,
FLAG_SECUREprevents reply content appearing in recent-apps thumbnails or screen recordings - On iOS, the app displays a blur overlay when backgrounded to hide content from the app switcher
- Android backup is disabled — the encrypted database cannot be extracted via ADB backup
- Free-tier limits and Pro validation are enforced server-side and cannot be bypassed by modifying the app
9. Children's privacy
ReplyRight is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
10. International data transfers
Our service providers (Supabase, Groq, Google, RevenueCat, Firebase) process data on servers located in the United States and other countries. For users in the EEA, UK, or Switzerland, these transfers are conducted under appropriate safeguards such as Standard Contractual Clauses.
11. Changes
Material changes communicated via in-app notice at least 14 days before taking effect. Current version at deployd.in/legal/privacy?app=replyright.
12. Questions?
1. What VerseFlow collects
Account & identity data
VerseFlow works without an account — you start as an anonymous user with no sign-in required. If you choose to sign in with Google or Apple (required to purchase a subscription), we receive your email and display name to enable cross-device sync. You can use the app indefinitely without providing any personal information.
Streak & progress data
Your reading streak, completed dates, longest streak, and freeze token usage are stored on your device and synced to your account (if signed in).
Journal entries
Personal reflections you write in the journal feature are stored on your device and, if signed in, synced to Firebase Firestore. Journal entries are only accessible to you — they are never read by Deployd.
Favourites & preferences
Saved verses and settings (reminder time, theme, font size) are stored locally and synced to your account for cross-device consistency.
Analytics events
We track anonymised in-app events to understand how the app is used and prioritise improvements. Events contain no personal identifiers and no text content. See Section 2 for the full list.
Subscription & support data
Subscription status is managed by RevenueCat via the App Store or Google Play — we receive entitlement status and expiry only, never card or billing details. We also receive anonymised crash reports via Firebase Crashlytics, and, only if you contact support or request account deletion, your email address and message text via Formspree.
What we don't collect
We do not collect your location, contacts, camera or microphone access, payment card details, advertising identifiers, or any biometric data.
2. Analytics & notifications
VerseFlow logs the following anonymised events via Firebase Analytics:
- verse_viewed — verse reference and day of year (no personal data)
- journal_saved — date and character count only (no journal text)
- share_tapped — share type (image or text) and content type
- paywall_shown, purchase_completed — subscription events with product ID
- streak_completed — streak length and whether it is a new record
None of these events contain your name, email, journal content, or any personally identifiable information.
Daily reminders and streak alerts are scheduled entirely on your device. A background task checks whether your streak was maintained — it does not transmit any data to a server.
3. Third-party providers
4. Data retention & deletion
If you use the app anonymously, no personal data is stored on our servers. Your data lives only on your device and is deleted when you uninstall the app.
If signed in, requesting deletion via Settings → Delete Account in the app or our Delete Account page permanently removes the following within 7 days:
Analytics data is aggregated and anonymised, and cannot be individually deleted. Local data is cleared from your device immediately. After deletion, you are signed out and a new anonymous session is created automatically.
5. Your rights
Depending on your location, you may have the right to access, correct, delete, restrict, port, or object to the processing of your personal data. Use Settings → Delete Account in the app or contact us to exercise any of these rights. We respond within 30 days.
EU/UK users may lodge a complaint with their local data protection authority. California residents have additional rights under the CCPA, including the right to know and delete — we do not sell personal information.
6. Security
Data in transit to and from Firebase and RevenueCat is encrypted via TLS, and data at rest is encrypted by Google's infrastructure. Firestore security rules ensure only your account can read or write your data. Firebase App Check (Play Integrity / App Attest) blocks API calls from unauthorised apps, and Apple Sign-In credentials are stored in your device's secure keychain. Local data is excluded from device backups.
7. Children's privacy
VerseFlow is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children.
8. International data transfers
Our service providers (Firebase, RevenueCat) process data on servers located in the United States and other countries. For users in the EEA, UK, or Switzerland, these transfers are conducted under appropriate safeguards such as Standard Contractual Clauses.
9. Questions?
1. What StreakForge collects
Account & identity data
StreakForge requires a Google or Apple account. At sign-in, we receive your email address, display name, and avatar URL from your sign-in provider, and store these locally and sync them to our database to identify your account and enable cross-device sync.
Habits
Each habit you create stores its name, category, icon, colour, frequency (daily / weekdays / weekends / custom days), difficulty level, reminder time & enabled state, creation date, sort order, and archive date.
Completion history
Each time you complete, skip, or freeze a habit, a record is created with the habit ID, date (YYYY-MM-DD), completion timestamp, XP earned, the record type (completion / skip / freeze), and any optional note you write.
Gamification state
Your total XP, current level (1–20), level name, the list of unlocked badge IDs, and the timestamp of your last level-up.
Daily intentions
A short text string you can optionally set each day, shown on your Today screen.
Journal entries
Habit-linked journal content, an optional mood tag (good / neutral / hard), and a creation timestamp.
Preferences
Theme, global notification toggle, per-habit reminder times, grace period settings, skip usage, streak freeze token count, focus mode, weekly report opt-in, app lock state, and onboarding completion flag.
Subscription status
Your Premium entitlement status and expiry are managed by RevenueCat. This is not stored on your device, and we do not store any payment card data.
No analytics, no crash reporting, no ad network. StreakForge contains no third-party analytics SDK (no Firebase Analytics, Mixpanel, Amplitude, etc.), no crash reporting service (no Sentry, Crashlytics, etc.), and no advertising network. We do not track how you navigate or interact with the app beyond what is described above.
2. Local-first architecture
StreakForge is designed to work entirely offline. Every read and write goes through your device's local storage first. Supabase sync is secondary — a convenience, not a requirement.
How sync works
When you move the app to the background, your local data is pushed to Supabase. When you return to the app, the latest cloud state is pulled down. Both operations are fire-and-forget — if the network is unavailable, the sync is silently skipped and retried on the next app state change. In the event of a conflict, the remote record wins.
The local copy on your device is always the functional source of truth. If you uninstall the app or clear app data, your data can be restored by signing in again and triggering a sync.
Data keys
All local storage keys are prefixed with sf_ (e.g. sf_habits, sf_completions, sf_gamification) and are stored in your device's local AsyncStorage, using the platform's standard app sandbox.
3. How we use your data
We use the data we collect solely to operate StreakForge's features for you personally:
- Account identity — to authenticate you and associate your data across devices
- Habits & completions — to display your Today list, compute streaks, calculate XP, and generate insights and progress charts
- Gamification state — to show your level, XP progress bar, and unlocked badges
- Intentions — to display your daily intention on the Today screen
- Journal entries — to show your per-habit journal history
- Preferences — to personalise your experience (theme, reminders, grace periods, app lock, focus mode)
- Completion history — to generate behavioural insights such as best day of week, weakest day, average streak length, and typical time of day
We do not use your data for advertising, marketing, or training any machine-learning or AI model. Your data is never sold.
4. Third-party providers
No other third-party service receives your data. There is no analytics provider, no crash reporting service, and no advertising network integrated into StreakForge.
5. Notifications
StreakForge requests permission to send you local push notifications. All notification scheduling happens on-device — no notification content is transmitted to our servers. The following notification types are used:
- Habit reminders — delivered at the time you set for each habit; enable or disable per habit and globally in Settings → Reminders
- Streak-at-risk alerts — sent at 8:00 PM if an active streak on a habit scheduled for today hasn't been completed yet
- Streak milestone alerts — a heads-up the day before you would hit a streak milestone (3, 7, 14, 30, 100, or 365 days)
- Weekly summary — an opt-in notification sent Sunday at 7:00 PM summarising your weekly completions and XP earned
Notifications contain only the habit name and a motivational message. You can revoke notification permission in your device's system settings at any time.
6. Data retention
Your data is retained on our servers for as long as your account is active. You can archive or delete individual habits, and journal entries are retained until you delete them or delete your account. To permanently delete your account and all associated data, use Settings → Delete Account in the app or visit our Delete Account page. Deletion is completed within 7 days and is irreversible.
7. Your rights
Depending on your location, you may have the right to access, correct, delete, restrict, port, or object to the processing of your personal data. Premium users can export a full JSON backup from Settings at any time. Use Settings → Delete Account in the app or contact us to exercise any of these rights. We respond within 30 days.
If you are located in the European Union or UK, you also have the right to lodge a complaint with your local supervisory authority (e.g. the ICO in the UK, or the DPC in Ireland).
8. Security
All data in transit between the app and Supabase is encrypted with TLS 1.2+, and Supabase encrypts data at rest using AES-256. Row-level security (RLS) policies ensure only your authenticated user ID can read or write your data rows. Authentication sessions are stored in your device's encrypted keychain (iOS Keychain / Android Keystore).
If you enable App Lock in Settings → Security, the app requires Face ID or fingerprint authentication after more than 5 minutes in the background. Biometric data never leaves your device. Deployd never processes or stores payment card information — all billing is handled by Apple App Store or Google Play.
9. Children's privacy
StreakForge is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children.
10. Questions?
Use our contact form ↗ or email support@deployd.in
1. Tools & privacy
DailyTools is a collection of 47+ browser-based utilities that run entirely on your device. No personal data is collected, stored, or transmitted to any server.
Every tool — JSON formatting, image compression, password generation, Base64 encoding, regex testing, and all others — executes using standard browser APIs. Your input data never leaves your browser. There are no user accounts, no sign-in, and no backend.
The only data stored in your browser is your cookie consent preference.
2. Advertising & cookie consent
DailyTools is supported by Google AdSense advertising. Ads are loaded only if you explicitly accept cookies via the consent banner on first visit. Your preference is stored in localStorage so you are not asked again.
If you accept cookies, Google AdSense may collect non-personal browsing data (browser type, page visits, timestamps) in accordance with Google's Privacy Policy. If you decline, no ad scripts are loaded and no cookies are set. You can change your preference at any time by clearing this site's local storage.
3. What we never do
- Collect any input data you use in our tools
- Require an account or sign-in
- Run analytics, tracking scripts, or telemetry
- Store anything on our servers (there is no backend)
- Use session recording, heatmaps, or behavioural tracking
- Share data with third parties beyond Google AdSense (if consented)
4. Your rights
Because DailyTools collects no personal data, there is nothing to access, export, or delete. If you have any questions, contact us.
5. Security
DailyTools is served over HTTPS with strict security headers (HSTS, X-Frame-Options, CSP). All tool processing happens in your browser with no server involvement.
6. Children's privacy
DailyTools does not collect personal data from anyone, including children under 13.
7. Changes
Any material changes at deployd.in/legal/privacy?app=dailytools.
1. What VeganLens collects
No account required
VeganLens does not require you to create an account or sign in. There is no connection between the app and your identity.
Scan history & favourites
When you scan a barcode, VeganLens records the barcode value, product name, brand, image URL, and ingredient verdict in a local SQLite database on your device. Products you mark as favourites are also stored locally. This data never leaves your device unless you explicitly use the product correction ("Report Issue") feature described below.
Diet preference & app settings
Your chosen diet mode (Vegan, Vegetarian, or Exploring), language preference, and theme preference are stored locally via AsyncStorage. None of this is transmitted to any server.
Daily scan quota
Free-tier users receive 3 scans per 24-hour window. The quota is derived by counting rows in your local scan history table — it is never sent to our servers and cannot be verified or altered remotely.
Product corrections (optional)
If you use Report Issue on a scan result, you may optionally submit a product correction. This sends the barcode, product name, your suggested verdict (Vegan / Vegetarian / Non-Veg / Not Food), and optional free-text notes to Google Firestore. Submissions are write-only — we cannot read your other data, only this correction. No personal identifier is included.
Subscription status
If you purchase VeganLens Pro, RevenueCat processes the transaction on behalf of Google Play. RevenueCat receives a device-generated user identifier and your subscription status. We do not receive your payment card, billing address, or real name. See Section 4 for details.
Anonymised analytics
Firebase Analytics collects anonymised usage events: screen views, scan outcomes (verdict), feature usage (OCR, manual entry, favourites), paywall impressions, and subscription events. Barcodes are passed through a one-way hash before being logged — the original barcode value is never stored in analytics. No ingredient text, product names, or personal identifiers are included in any analytics event.
Crash reports
Firebase Crashlytics automatically collects crash reports containing the stack trace, device model, Android version, and app version. No personal data is included in crash reports.
2. Local-first storage
All scan history, favourites, the product cache, your diet preference, and language settings live in a local SQLite database and AsyncStorage on your device. The app works fully offline for barcodes you have previously scanned (results are cached for 24 hours).
Your data is never uploaded to Deployd's servers — Deployd has no backend database of user activity.
To permanently delete all local data, use Settings → Delete All Data in the app. This removes scan history, favourites, the product cache, diet preference, and onboarding state from your device. You can also uninstall the app to achieve the same result.
3. AI & product data
Open Food Facts
When you scan a barcode that is not already in your local cache, VeganLens fetches the product from Open Food Facts (world.openfoodfacts.org). Only the barcode value is sent — no device identifier, user ID, or other data is included. Product data is licensed under CC BY-SA 4.0. Open Food Facts is a non-profit; see their privacy policy for details on how they handle requests.
OCR label scanning
When you use Scan Label to photograph a product's ingredient list, VeganLens sends the image to our Firebase Cloud Function, which forwards it to Google Gemini Flash for text extraction. The extracted ingredient text is returned to your device and classified locally. The image is not stored by us or by Google beyond the duration of the request.
Gemini AI fallback
When an ingredient cannot be classified using the local database, VeganLens sends the unclassified ingredient token(s) to our Firebase Cloud Function, which calls Google Gemini Flash for classification. No barcode, product name, product image, user identifier, or personal data is included in these requests — only the unclassified ingredient text. Responses are cached locally so the same ingredient is never queried twice. All AI requests pass through Firebase App Check (Play Integrity attestation), and the Gemini API key is stored server-side only.
4. Third-party providers
VeganLens has no advertising network and does not sell, rent, or trade any data to any third party.
5. Data retention
Local data (scan history, favourites, product cache, diet preference, language settings) is retained on your device until you delete it via Settings → Delete All Data or uninstall the app.
Product corrections submitted via Report Issue are stored in Google Firestore and retained indefinitely to improve the ingredient database — contact us to request deletion of a correction you submitted.
Analytics data is retained for 14 months, and crash reports for 90 days, per Google's standard policies. RevenueCat retains subscription records for the duration of your subscription and in accordance with their data policy.
6. Your rights
Because the vast majority of VeganLens data is stored locally on your device, you have direct control over it at all times:
- Access & export — your scan history and favourites are stored in plain SQLite, accessible with any SQLite browser
- Delete — use Settings → Delete All Data to permanently delete all local data, or uninstall the app
- Correct product corrections — contact us to request deletion of a specific correction submitted via Report Issue
- Opt out of analytics — enable Limit Ad Tracking or equivalent on your Android device (an in-app toggle is planned)
For any questions about data shared with third-party providers (RevenueCat, Firebase), contact us and we will assist within 30 days.
EU/UK users have the right to access, rectify, erase, restrict, and port their personal data, and to object to its processing, under the GDPR / UK GDPR. To the extent we act as data controller (primarily for product corrections submitted to Firestore), contact us to exercise these rights.
7. Children's privacy
VeganLens is not directed at children under 13 (or 16 in the EU/UK). We do not knowingly collect personal data from children.