Privacy Policy — BMcks Apps

📋

1. Overview

BMcks Apps (operated by BMCKSAPPS LLC, Silicon Valley) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you use our suite of applications:

MindReset, SleepWell, BudgetBoss, CalorieCrush, AstralPath, FitCrush, ManifestX, BrainForge, HabitStack, FocusFlow, WriteOS, MenoWell, and SmartTutor.

Our apps are designed to be device-first — core functionality works on your device with no account required. Creating an account (via Google OAuth or email/password) is optional and unlocks cross-device sync and premium features.

By using any BMcks App, you agree to this Privacy Policy. If you do not agree, please stop using the app and clear your browser/app data.

🔑

2. Authentication & Accounts

An account is optional for most BMcks Apps. You may use core features without signing in. When you choose to create an account, we support two authentication methods, both powered by Supabase Auth:

Google OAuth (Sign in with Google)

What we receive: Your Google account email address, display name, and profile picture URL — as provided by Google
What we store: Your email, display name, and a unique user ID linked to your Google account. We never store your Google password.
Purpose: Account creation, authentication, and personalising your experience
Google's privacy practices: policies.google.com/privacy

Email & Password

What we collect: Your email address and a hashed password. Passwords are never stored in plain text.
Purpose: Account creation and authentication
Password security: Passwords are hashed using industry-standard bcrypt. We cannot recover or view your password.

ℹ️ You may use any BMcks App without creating an account. Signing in is only required to sync data across devices or access account-linked premium features.

📊

3. Data We Collect — Summary

The following table summarises all data types collected across BMcks Apps, as declared in our Google Play Data Safety section:

Data Type	Collected?	Shared?	Purpose
Account credentials (email, name)	If signed in	Not shared	Authentication via Supabase
Location (Approximate)	Yes	Yes (AdSense)	Advertising targeting
Purchase History	Yes	Not shared	Processing in-app purchases via Stripe
Health & Fitness Info	Yes	Conditional	Core app function; shared with OpenAI for premium AI features only
AI Chat Logs	Yes	OpenAI only	Generating AI responses (processed in-memory, not retained by OpenAI for training)
Journal & Lifestyle Entries	Yes	Conditional	In-app storage; shared with OpenAI for premium AI features only
Financial Data (BudgetBoss)	Yes	Not shared	Budget tracking — stored locally or in your account
Sleep Data (SleepWell)	Yes	Conditional	Core app function; shared with OpenAI for AI sleep coaching only
Birth Chart Info (AstralPath)	Yes	Conditional	Generating astrological readings; shared with OpenAI for AI features only
Student Data (SmartTutor)	Minimal	Never sold	Educational tutoring — subject to COPPA/FERPA; see SmartTutor section
App Interactions / Analytics	Yes	Not shared	App functionality and improvement
Device or Other IDs	Yes	Yes (AdSense)	Ad targeting via Google AdSense

🏃

4. Health, Fitness & Sensitive Data

Several apps collect health, wellness, or sensitive personal data as their core function. This data is used to provide the app's features and is stored locally on your device by default. If you are signed in, it may be synced to your account in Supabase.

Apps and the data they collect

CalorieCrush — Calorie intake, macro breakdown (protein, carbs, fat), meal logs, body metrics 🥗 Nutrition
SleepWell — Sleep duration, sleep start/end times, sleep quality ratings, dream logs 🌙 Sleep
MindReset — Breathing exercise sessions, meditation duration, journal entries, mood logs 🧘 Wellness
FitCrush — Workout logs, exercise types, duration, reps/sets, fitness assessments 💪 Fitness
MenoWell — Symptom tracking, mood, health metrics related to women's wellness 🌸 Women's Health
AstralPath — Birth date, birth time, birth location (used solely to generate astrological charts and readings) ⭐ Astrology
BudgetBoss — Budget entries, income, expenses, financial notes (stored locally or in your account) 💰 Finance
BrainForge — Cognitive training session results, performance scores 🧠 Brain Training
HabitStack — Habit logs, streak data, completion history ✅ Habits
ManifestX — Manifestation journal entries, affirmations, intention logs ✨ Manifestation
FocusFlow — Focus session durations, task lists, productivity logs 🎯 Productivity
WriteOS — User-authored documents, writing drafts, style profiles ✍️ Writing

How this data is used

Primary use: Displaying your personal history, charts, and progress within the app
Local storage: All sensitive data is stored in your device's localStorage or browser storage by default
Account sync (if signed in): Data may be synced to your account in our Supabase/PostgreSQL database to allow access across devices
AI features (premium only): If you activate a premium AI feature, your relevant data is sent to OpenAI's API to generate personalised responses. OpenAI does not use your data to train its models under our API agreement.
Not sold: We never sell your health, financial, or sensitive personal data to advertisers, data brokers, or any third party

⚠️ When you use premium AI features, your data (health metrics, journal entries, birth details, financial summaries) is transmitted to OpenAI for processing. This is subject to OpenAI's Privacy Policy at openai.com/privacy. You can avoid this by not using AI features.

📱

5. App Activity, Analytics & Cookies

We collect basic app interaction data to ensure the app works correctly and to understand how features are used.

What is collected: Which screens you visit, button interactions, feature usage frequency, session duration
Analytics events: We log anonymised usage events to our database to understand feature adoption and improve the product
Ad tracking pixels: Google AdSense and Meta (Facebook) Pixel may set cookies and collect behavioural data for advertising targeting and measurement
Session IDs: An anonymous, randomly-generated session ID may be stored in localStorage to enable consistent app behaviour. This ID contains no personal information.

ℹ️ To opt out of personalised advertising, visit adssettings.google.com (Google) or your device's ad preferences settings.

📍

6. Location Data (Approximate)

Google AdSense may collect approximate location data (derived from your IP address or device) to serve relevant ads. This is standard behaviour for ad-supported apps and websites.

Collected by: Google AdSense (not directly by BMcks Apps)
Type: Approximate location only — not GPS-level precision
Purpose: Delivering geographically relevant advertising
Opt-out: Visit adssettings.google.com to manage Google ad personalisation

ℹ️ BMcks Apps does not request, store, or use your GPS or precise location at any time. AstralPath collects your birth location as text input for chart generation — it is not your current GPS location.

💳

7. Financial Information & Payments

If you purchase a premium plan or AI credits, your transaction is processed securely by Stripe. We store a record of your purchase to activate your subscription or credit balance.

What is collected: Purchase amount, plan type (Pro subscription, Lifetime access, or credit packs), transaction timestamp, Stripe session ID
Stored where: Our secure database (Supabase/Neon PostgreSQL) and Stripe's servers
Shared with third parties: No — your purchase history is never sold or shared with advertisers
Payment card data: Card numbers and banking details are processed exclusively by Stripe and are never seen or stored by BMcks Apps
BudgetBoss financial notes: Budget and expense data you enter in BudgetBoss is stored locally on your device or in your account. We do not connect to your bank or payment accounts.

Stripe is PCI-DSS Level 1 certified. Learn more at stripe.com/privacy.

🔐

8. Data Storage & Security

Local storage: The majority of your data is stored directly on your device using browser localStorage or app storage. This data is only accessible on your device.

Server-side storage: When account features are used (cross-device sync, account history, purchase records), data is stored in Supabase backed by Neon PostgreSQL — a secure, managed database platform with encryption at rest.

Google Drive: Certain apps (e.g., meditation audio in MindReset) serve audio files hosted on Google Drive. These files are read-only media assets. No personal data is written to or shared with Google Drive.

Encryption: All data transmitted between the app and our servers is encrypted using HTTPS/TLS. Data at rest is encrypted by the platform.

We do not transmit any data over unencrypted connections
Payment data is handled exclusively by Stripe (PCI-DSS compliant)
All database queries use parameterized statements (no SQL injection risk)
We apply the principle of minimum data collection — we only store what is necessary for the feature to work

Retention Policy

Account data: Retained for the life of your account and deleted upon request
Purchase records: Retained for 7 years for tax and legal compliance
Analytics events: Retained for up to 2 years in aggregate, then purged
AI chat logs: Not retained server-side — processed in-memory and discarded

🗑️

9. Your Rights & Data Deletion

You have the following rights regarding your personal data:

Access: Request a copy of all data we hold about you
Deletion: Request deletion of your account and associated data
Portability: Request an export of your data in a portable format
Opt-out of advertising: Manage Google ad personalisation via adssettings.google.com
California residents (CCPA): You have the right to know what personal data is collected and to opt out of its sale. We do not sell personal data.
EU/EEA residents (GDPR): You have rights of access, rectification, erasure, restriction, and data portability. Contact us to exercise these rights.

How to delete your data

Device data: Clear your browser's site data or app storage (Settings → Apps → Clear Data) to remove all locally stored information
Account data: Delete your account from within the app (Settings → Delete Account) or submit a request via our Data Deletion Request form
Purchase records: Transaction records may need to be retained for tax and legal compliance, but are not used for any other purpose
Ad data: To opt out of Google AdSense data collection, visit adssettings.google.com

Request Data Deletion

Submit a formal request to delete your account or server-side data for any or all BMcks Apps.

Delete My Data →

🔗

10. Third-Party Services

BMcks Apps integrate the following third-party services. Each has its own privacy policy and data practices:

🔐 Supabase

Powers authentication (Google OAuth and email/password) and stores account data, purchase records, and synced app data. Data is encrypted at rest and in transit.

Privacy Policy ↗

🤖 OpenAI

Powers premium AI features across all apps. Receives health data, journal entries, birth details, and user-generated content when AI features are activated. Under our API agreement, OpenAI does not use your data to train its models.

Privacy Policy ↗

💳 Stripe

Processes all in-app purchases and subscriptions. Handles payment card data securely. PCI-DSS Level 1 certified. We never see or store your card number.

Privacy Policy ↗

🎯 Google AdSense

Serves contextual and personalised ads. Collects device IDs and approximate location for ad targeting. Not shown to SmartTutor student users.

Privacy Policy ↗

📘 Meta (Facebook)

Meta Pixel collects behavioural data for advertising targeting and measurement across Facebook and Instagram ad campaigns. Not active for SmartTutor student sessions.

Privacy Policy ↗

☁️ Google Drive

Some apps (e.g., MindReset meditation library) serve audio files hosted on Google Drive. These are read-only media assets — no personal data is written to or shared with Google Drive by your use of the apps.

Privacy Policy ↗

👶

11. Children's Privacy & SmartTutor (COPPA / FERPA)

General Apps (MindReset, SleepWell, BudgetBoss, etc.)

All BMcks Apps other than SmartTutor are intended for users 13 years of age and older. We do not knowingly collect personal data from children under the age of 13 through these apps.

⚠️ If you are under 13, please do not use any BMcks App other than SmartTutor. If you are a parent or guardian and believe your child has provided personal information through one of these apps, contact us immediately at info@bmcksapps.com. We will promptly delete any such information.

SmartTutor — K-12 Educational Platform

SmartTutor is an AI-powered educational tutoring platform designed specifically for K-12 students, including children under 13. SmartTutor operates under a separate, dedicated privacy policy that addresses COPPA and FERPA requirements in full:

🎓 SmartTutor Privacy Policy (COPPA & FERPA): bmcksapps.com/smarttutor/privacy

Key protections for SmartTutor student users:

COPPA compliance: Children under 13 require verifiable parental consent before accessing any features. No data is collected before consent is granted.
FERPA compliance: When used by educational institutions, we operate as a "school official" and use student education records only for legitimate educational purposes.
No behavioral advertising: SmartTutor does not display behavioral ads to any student user. AdSense and Meta Pixel are not active on SmartTutor pages.
No sale of student data: Student personally identifiable information (PII) is never sold, rented, or leased to any third party.
Data minimization: Most study activity is stored locally on the student's device and never transmitted to our servers.

For the complete SmartTutor privacy policy including parental rights, data deletion, and school district adoption, see bmcksapps.com/smarttutor/privacy.

⚖️

12. Additional Privacy Rights

Depending on your location, you may have additional rights:

California (CCPA): Right to know, right to delete, right to opt out of sale of personal data. We do not sell personal data.
EU/EEA (GDPR): Right to access, rectification, erasure, restriction of processing, data portability, and to object to processing. Legal basis for processing is contractual necessity and legitimate interest.
Children (COPPA): Parents and guardians of children under 13 may review, delete, or revoke consent for any data collected — see the SmartTutor privacy policy for the full process.

To exercise any rights, contact us at info@bmcksapps.com or use our Data Deletion Request form. We respond within 30 days.

📝

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will update the "Last updated" date at the top of this page.

For material changes, we will notify signed-in users via email or an in-app notice. Continued use of any BMcks App after a policy update constitutes your acceptance of the revised policy.

📬

14. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out:

Developer: BMCKSAPPS LLC (Silicon Valley, CA)

Email: info@bmcksapps.com

Website: bmcksapps.com

We aim to respond to all privacy-related inquiries within 5 business days.

For SmartTutor-specific privacy inquiries, COPPA/FERPA matters, or school district adoption, please reference bmcksapps.com/smarttutor/privacy or include "SmartTutor" in your email subject line.