Privacy Policy

Last updated: December 13, 2025

Upbrew Technologies ("we," "our," or "us") operates the ThoughtCatcher mobile application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information We Collect

1.1 Information You Provide

When you use ThoughtCatcher, we collect information you provide directly:

  • Account Information: Email address and display name when you create an account.
  • Thought Content: The thoughts, notes, and ideas you capture in the app.
  • Tags and Organization: Tags you create and how you organize your thoughts into ThoughtBoxes.
  • Voice Input: Audio recordings when you use voice-to-text, which are processed to create text and not stored as audio.

1.2 Information Collected Automatically

We automatically collect certain information when you use the Service:

  • Device Information: Device type, operating system version, unique device identifiers.
  • Usage Data: Features you use, time spent in the app, and interactions with the interface.
  • Crash Reports: Information about app crashes to help us improve stability.

1.3 Information from Third-Party Services

If you sign in using Google or Apple:

  • We receive your email address and name from the authentication provider.
  • We do not receive or store your password.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Store and sync your thoughts across devices, enable search functionality.
  • AI Features: Power AI-based search, generate insights, and create memory recaps using your thought content.
  • Improve the Service: Analyze usage patterns to improve features and fix issues.
  • Communicate: Send important updates about the Service, respond to support requests.
  • Security: Protect against fraud, abuse, and unauthorized access.

3. Data Storage and Security

3.1 Where We Store Your Data

  • Your data is stored on secure cloud servers provided by our infrastructure partners.
  • Authentication data is managed by Supabase with industry-standard security.
  • Thought content is stored in MongoDB Atlas with encryption at rest.

3.2 How We Protect Your Data

  • All data is encrypted in transit using TLS/SSL.
  • Data at rest is encrypted using AES-256 encryption.
  • Access to user data is strictly limited to authorized personnel.
  • We regularly audit our security practices.

3.3 Local Security

ThoughtCatcher offers PIN and biometric authentication to protect your thoughts on your device. Your PIN is hashed using SHA-256 and stored securely in your device's secure storage (Keychain on iOS, KeyStore on Android).

4. Data Sharing

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With trusted third parties who assist in operating our Service (cloud hosting, analytics, payment processing).
  • Legal Requirements: When required by law or to protect our rights and safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you explicitly agree to share specific information.

4.1 Third-Party Services We Use

  • Supabase: Authentication and user management
  • MongoDB Atlas: Database hosting
  • RevenueCat: Subscription management
  • Google Cloud: AI/ML services for search and insights

5. Your Rights and Choices

5.1 Access and Export

You can access all your thoughts through the app. We're working on an export feature to download all your data.

5.2 Deletion

You can delete individual thoughts at any time. To delete your entire account and all associated data, go to Settings → Delete Account in the app. This action is irreversible.

5.3 Opt-Out

  • You can disable AI insights generation in Settings.
  • You can opt out of non-essential communications.

6. Cookies and Tracking

The ThoughtCatcher mobile app does not use cookies. Our website may use cookies for analytics and functionality. You can control cookie preferences through your browser settings.

7. Children's Privacy

ThoughtCatcher is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in compliance with applicable laws.

9. Data Retention

We retain your data for as long as your account is active. After account deletion, we may retain certain information for a limited period for legal and business purposes (typically 30 days for backups).

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

Summary of Key Points

  • We collect information you provide (thoughts, account info) and some usage data.
  • Your thoughts are used to provide the Service and power AI features.
  • We do not sell your data.
  • Your data is encrypted in transit and at rest.
  • You can delete your account and all data at any time.
  • We use third-party services for infrastructure (Supabase, MongoDB, RevenueCat).