Aatram Privacy Policy

Effective date: April 27, 2026 · Last updated: April 27, 2026 (v2.0)

Aatram (“we,” “our,” or “us”) is a behavioral-psychology platform that helps you face dreaded tasks. We designed Aatram to keep your most sensitive information on your device. That includes what you avoid, why, and how you feel about it. This page explains exactly what data Aatram collects, what we send to our backend, and what we never touch.

1. What stays on your device

The following data never leaves your device and is never seen by us or any third party:

Task titles, descriptions, and personal notes
Dread ratings, reflections, and emotional check-ins
Power phrases and reflection entries
Per-task usage history, nudge engagement, and avoidance patterns
Screen Time / FamilyControls data (we never persist it; FamilyControls is intentionally disabled in v2.0)

This data is stored locally using Apple’s SwiftData framework and is included in standard iOS device backups (encrypted at rest by iOS).

2. What we sync to our backend

To enable accountability features (Crew, daily focus totals), we sync the minimum amount of data needed to make those features work:

Your display name and chosen title (e.g., “Awake,” “Rising”)
Your APNs push notification device token (used only to deliver your own focus reminders, never to broadcast your activity to others)
Circle membership (which crews you are a part of) and circle invite codes
Aggregated session data: duration, weight tier label (Light / Steady / Heavy / Crushing / Massive), and timestamp. No task title, description, or content.
Live session presence (new in v2.0): while you have an active focus session, a row in the live_sessions table contains your user ID, the circles you’re sharing presence with, your display name, your current weight tier label, and the session start time. The row is automatically deleted when your session ends or after 90 minutes of staleness. This is what lets crew members see you as “Live” even when your phone is locked.

This data is stored in our Supabase backend (PostgreSQL with Row-Level Security policies). It is protected by per-user RLS so other users cannot read your row except where Crew features explicitly require it (e.g., your circle members can see your live presence and signal aggregates). We do not run analytics on it, sell it, or share it with advertisers.

3. Authentication

Aatram uses Sign in with Apple and Sign in with Google. We receive only your email address and a stable user identifier from these providers. We do not receive your password or social graph.

4. Notifications (updated in v2.0)

Aatram is designed to protect your focus. As of v2.0, we do not send push notifications about your crew’s activity:

No crew push notifications. When you start a focus session, your crew sees you as “Live” only when they open the Aatram app. We do not send lock-screen notifications, banner alerts, or any kind of push to your crew about your sessions, completions, or activity.
Local notifications (your own). Scheduled by your device for your own focus reminders, behavioral nudges (the Intelligent Notification Engine), predictive interventions, and fresh-start prompts. The text of these never leaves your device.
Server-sent push notifications (your own only). Aatram’s backend may deliver pushes to you for your own intelligent nudges when device-side scheduling can’t reach you (e.g., long suspension windows). These contain only generic motivational copy. Never task content. Never to anyone but you.

You can disable any notifications from iOS Settings or from inside Aatram (Settings → Notifications).

5. AI nudge generation (iOS 26+)

On iOS 26 and newer, Aatram generates personalized nudge copy and weekly insights using Apple Foundation Models, which run entirely on your device. Your task titles and categories are processed by the on-device model — they never leave your phone, never reach our servers, and never reach Apple’s servers.

On older iOS versions, or when on-device AI is unavailable, the app falls back to deterministic pre-written copy. Either way, no task content is transmitted off-device for AI generation.

6. Where your data is stored

Data	Stored at
Account (email, name, user ID)	Supabase (encrypted in transit and at rest)
Circle memberships, session aggregates, live presence	Supabase
Push device token	Supabase + Apple’s APNs
Task titles, dread ratings, reflection notes, avoidance patterns	Your device only (SwiftData)

Supabase is a SOC 2 Type 2 compliant backend service. Your data sits behind row-level security so other users cannot read your records, except where Crew features explicitly require it (your circle members can see your live presence and aggregated session signals).

7. Your rights

You can, at any time, from inside the app:

See your data — open Settings to view your profile.
Sign out — Settings → Sign Out. Your local data stays on your device.
Delete your account — Settings → Delete Account. This permanently removes your account from our servers, deletes your circle memberships and session aggregates, and wipes all local data. The action cannot be undone.

If you’d like to exercise additional rights under GDPR (right to access, right to portability, right to rectification) or similar laws, email us at the address below.

8. Account deletion details

Settings → Delete Account triggers a server-side delete_my_account RPC that removes:

Your authentication record
Your user profile, circle memberships, and any session aggregates from our backend
Live session rows
All on-device data (SwiftData store, UserDefaults, Keychain device token)

If you were the sole member of a circle, the circle is deleted. If others remain, ownership transfers to the longest-tenured member. The deletion is immediate and irreversible.

9. Third-party SDKs

Aatram includes the following third-party SDKs:

Supabase. Backend database, authentication, and Edge Functions. Serves only the data described in section 2.
GoogleSignIn. Implements the Sign in with Google flow. Subject to Google’s privacy policy.
Apple Sign in with Apple. Implements the Sign in with Apple flow. Subject to Apple’s privacy policy.

10. Children’s privacy

Aatram is not directed to children under 13 and we do not knowingly collect personal information from children under 13.

11. Tracking and advertising

We do not track you across other apps or websites. We do not run third-party advertising. We do not use AppTrackingTransparency-tracked identifiers. We do not use IDFA.

12. Changes to this policy

If we materially change this policy we will update the “Last updated” date at the top and notify you in-app on next launch.

13. Contact

Questions, deletion requests, or GDPR/CCPA rights inquiries:

Email: aatramapp@gmail.com

We aim to respond within 7 business days.