Aatram Privacy Policy

Effective date: April 29, 2026 · Last updated: April 29, 2026 (v2.1)

Aatram (“we,” “our,” or “us”) is a behavioral-psychology platform that helps you face dreaded tasks. We designed Aatram to keep your most sensitive information on your device. That includes what you avoid, why, and how you feel about it. This page explains exactly what data Aatram collects, what we send to our backend, and what we never touch.

1. What stays on your device

The following data never leaves your device and is never seen by us or any third party:

• Task titles, descriptions, and personal notes
• Dread ratings, reflections, and emotional check-ins
• Power phrases and reflection entries
• Per-task usage history, nudge engagement, and avoidance patterns
• Screen Time / FamilyControls data (we never persist it)

This data is stored locally using Apple’s SwiftData framework and is included in standard iOS device backups (encrypted at rest by iOS).

2. What we sync to our backend

To enable accountability features (Crew, daily focus totals, cross-device courage score), we sync the minimum amount of data needed to make those features work:

• Your display name and chosen title (e.g., “Awake,” “Rising”)
• Your APNs push notification device token (used only to deliver your own focus reminders, never to broadcast your activity to others)
• Circle membership (which crews you are a part of) and circle invite codes
• Aggregated session data: duration, weight tier label (Light/Steady/Heavy/Crushing/Massive), and timestamp. No task title, description, or content.
• Your courage score (a single number from 0 to 100, recomputed from your last seven days of focus activity). Synced so the score you see on this iPhone matches the score your crew sees and the score you see if you sign in on another device.
• Live session presence: while you have an active focus session, a row in the live_sessions table contains your user ID, the circles you’re sharing presence with, your display name, your current weight tier label, and the session start time. The row is automatically deleted when your session ends or after 90 minutes of staleness. This is what lets crew members see you as “Live” even when your phone is locked.

This data is stored in our Supabase backend (PostgreSQL with Row-Level Security policies). It is protected by per-user RLS so other users cannot read your row except where Crew features explicitly require it (e.g., your circle members can see your live presence and signal aggregates). We do not run analytics on it, sell it, or share it with advertisers.

3. Crew safety: Blocks and Reports

Aatram’s Crew (Together) feature is user-generated content. To keep crews safe, Aatram includes two moderation mechanisms:

• Block. When you block another user, we store a row in a user_blocks table. Blocks are symmetric: neither party sees the other in any crew where you both participate. Your block list is visible only to you and is synced across your own devices so it persists if you switch phones.
• Report. When you report another user, we store a row in a user_reports table containing your user ID, the reported user’s ID, the circle context, the reason you selected, and any details you typed. Reports are reviewed within 24 hours. Where appropriate, we will remove offending content, eject the reported user from the circle, or revoke their account. Reports are visible only to Aatram operators, never to other users.

Aatram’s terms of service prohibit harassment, hateful content, sexual content involving minors, doxing, threats, and impersonation. Engaging in any of these may result in immediate account removal.

4. Authentication

Aatram uses Sign in with Apple and Sign in with Google. We receive only your email address (or, for Sign in with Apple, your private relay email if you chose to hide it) and a stable user identifier from these providers. We do not receive your password or social graph. Your email is used to identify your account and to contact you about security issues. We do not send marketing emails.

5. Notifications

Aatram is designed to protect your focus. We do not send push notifications about your crew’s activity:

• No crew push notifications. When you start a focus session, your crew sees you as “Live” only when they open the Aatram app. We do not send lock-screen notifications, banner alerts, or any kind of push to your crew about your sessions, completions, or activity.
• Local notifications (your own). Scheduled by your device for your own focus reminders, behavioral nudges (the Intelligent Notification Engine), predictive interventions, and fresh-start prompts. The text of these never leaves your device.
• Server-sent push notifications (your own only). Aatram’s backend may deliver pushes to you for your own intelligent nudges when device-side scheduling can’t reach you (e.g., long suspension windows). These contain only generic motivational copy. Never task content. Never to anyone but you.

You can disable any notifications from iOS Settings or from inside Aatram (Settings → Notifications).

6. Account deletion

You can permanently delete your account from inside the app: Settings → Delete Account. Deletion is immediate and irreversible. It removes:

• Your authentication identity. Re-signing in with the same Apple or Google account afterwards creates a brand-new account with no history. The previous account is genuinely gone.
• Your user profile, circle memberships, signal history, courage score, block list, reports you filed, and any other data we held under your user ID.
• Your live session rows.
• All on-device data (SwiftData store, UserDefaults, Keychain device token).

If you were the sole member of a circle, the circle is deleted. If others remain, ownership transfers to the longest-tenured member.

7. AI processing

On iOS 26 and later, Aatram uses Apple Foundation Models to generate intelligent nudges. These models run entirely on your device. Your task content is never sent to our servers, to Apple, or to any third-party AI provider for nudge generation.

8. Third-party SDKs

Aatram includes the following third-party SDKs:

• Supabase. Backend database, authentication, realtime subscriptions, and Edge Functions. Serves only the data described in section 2 and section 3.
• GoogleSignIn. Implements the Sign in with Google flow. Subject to Google’s privacy policy.
• Apple Sign in with Apple. Implements the Sign in with Apple flow. Subject to Apple’s privacy policy.

We do not use Google Analytics, Firebase Analytics, the Meta SDK, AdMob, AppsFlyer, or any tracking SDKs.

9. Children’s privacy

Aatram is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe we have, email us and we will delete it.

10. Tracking and advertising

We do not track you across other apps or websites. We do not run third-party advertising. We do not use AppTrackingTransparency-tracked identifiers. The data types we collect are declared in our PrivacyInfo.xcprivacy manifest as “linked to user, not used for tracking.”

11. Changes to this policy

If we materially change this policy we will update the “Last updated” date at the top and notify you in-app on next launch.

12. Contact

Questions? Reach us at aatramapp@gmail.com. General inquiries get a response within 7 business days. Crew-safety reports are reviewed within 24 hours.