Privacy Policy

Last updated: 6 May 2026

This Privacy Policy explains how AFFIRMED.IO LTD ("we", "us", "our") collects, uses, stores, and shares information about you when you use the Affirmed mobile application and related services (the "Service").

By using the Service, you agree to the practices described in this Policy.

1. Who we are

AFFIRMED.IO LTD
Company number: 16175895
Registered in England and Wales

Registered office:
20 Wenlock Road
London
England
N1 7GU

Contact: info@affirmed.io
Security contact: info@affirmed.io
Data controller: AFFIRMED.IO LTD

2. Information we collect

2.1 Account information

Full name
Email address
Password stored securely as a one way hash
Preferred name optional
Country
Time zone

If you sign in with Apple or Google, we receive your name, email address, and an authentication token where permitted.

2.2 Onboarding and preferences

Life areas and goals
Emotional states and intentions
Feature preferences
Usage intentions

2.3 User generated content

Affirmations
Guided Meditations
Guided Visualisations
Habit and goal tracking data

2.4 Sensitive personal data

Some data may relate to mental health, emotional wellbeing, or recovery behaviours.

We process this data only with your explicit consent. You provide this consent by entering information into the app. You can withdraw consent at any time by deleting your data or your account.

2.5 Technical data

Authentication events
Playback events
AI usage and cost tracking
Device type, operating system, and app version

We do not use advertising or third party tracking services.

2.6 Data stored on your device

Encrypted authentication tokens
Cached content and preferences
Audio files and playback state
Scheduled notifications

3. Permissions

We request the following permissions:

Notifications are used to deliver reminders and prompts you configure.
Biometric access is used to unlock private content and is processed only on your device.
Photo library access is used only when you choose to save content.

We do not access your camera, microphone, contacts, calendar, or location.

4. How we use your data

We use your data to:

Provide and personalise the Service
Generate AI content tailored to you
Deliver reminders and notifications
Maintain security and prevent abuse
Respond to support requests
Improve the Service using aggregated data
Process payments and subscriptions

We apply data minimisation and only collect what is necessary to provide the Service.

You can access, edit, or delete your data at any time within the app or by contacting us.

Legal basis

Contract to provide the Service
Consent for sensitive data and optional features
Legitimate interest for security and operations
Legal obligation where required

5. How we share data

We do not sell your personal data.

We share data only with essential service providers:

Xano for backend and database hosting
OpenAI for AI text generation
ElevenLabs for audio generation
Bunny.net for media storage and delivery
Apple for Apple Sign In
Google for Google Sign In and push notifications via Firebase
Stripe for payments and subscription processing

Stripe processes payment information. We do not store or have access to your full card details.

AI processing

Text you submit may be processed by OpenAI and ElevenLabs to generate content.

OpenAI does not train models on API data and retains it for limited abuse monitoring.
ElevenLabs processes text only to generate audio.

Generated audio is stored without direct personal identifiers.

6. International transfers

Your data may be processed outside the UK and EEA.

We use appropriate safeguards including Standard Contractual Clauses.

7. Data retention

We retain your data while your account is active.

If you request deletion, your data will be deleted within 30 days unless we are required to retain it by law.

Operational logs are retained for up to 24 months.

Payment records are retained as required by law.

8. Your rights

You have the right to:

Access your data
Correct inaccurate data
Request deletion
Restrict processing
Request data portability
Object to processing
Withdraw consent
Lodge a complaint

You can contact us at info@affirmed.io and we will respond within 30 days.

UK users can contact the Information Commissioner’s Office.

9. Security

We use:

Encryption in transit
Secure storage systems
Hashed passwords
Access controls with logging
Device level protection for sensitive features

If a data breach occurs, we will notify affected users and regulators where required.

10. Children

The Service is not intended for users under 13 or under 16 in the UK and EEA.

If we become aware that a child has provided personal data, we will delete it.

11. Account deletion

You can delete your account at any time within the app or by contacting info@affirmed.io.

Deletion will remove your personal data within 30 days, except where retention is required by law.

12. Changes to this policy

We may update this policy from time to time. We will update the date above and notify users where required.

13. Contact

AFFIRMED.IO LTD
20 Wenlock Road
London
England
N1 7GU

info@affirmed.io