Privacy Policy
Last updated: 1 June 2026
This Privacy Policy explains how [LEGAL NAME], trading as "Go with the Flow" (GWTF) ("Grove", "we", "us") collects, uses, and protects your personal data when you use the Grove mobile application (the "App"). We are the data controller under the EU General Data Protection Regulation (GDPR) and equivalent laws.
Questions? Contact us at [CONTACT EMAIL].
1. Summary
- Grove is a private reading-reflection journal. You speak or type thoughts about books you read, and an AI helps you turn them into a written insight.
- To do this, your reflections are sent to a third-party AI provider (see Section 4) so it can craft an insight. This is the most important thing to understand about Grove.
- We store your account and reflections so you can return to them.
- We do not show ads, and we do not use third-party analytics or tracking.
- You can export your reflections and permanently delete your entire account from within the App at any time.
2. The data we collect
a) Account data — your email address and a securely hashed password (handled by our authentication provider, Supabase; we never see your password in plain text), and a display name derived by default from your email.
b) Content you create — the books, chapters, and reading progress you add, and your reflections: the text of what you spoke or typed, the AI-generated insight, the follow-up questions and your answers, and a short theme tag.
c) Voice input (if you use it) — when you dictate, your device's speech-recognition converts speech to text. On some devices this is processed by your operating-system provider (Apple or Google) under their own terms. We receive only the resulting text — we do not record, transmit, or store the audio.
d) Book lookups — when you search for a book, the title or ISBN is sent to Open Library to find editions, and (when auto-detecting chapters) to Google search to find a table of contents.
e) Stored on your device only — your theme, language, and other preferences and your login session stay on your device. If you enable biometric app-lock, your fingerprint/Face ID data never leaves your device — it is handled entirely by your operating system.
What we do NOT collect: no advertising, no third-party analytics or tracking SDKs, no contacts, no location, no advertising profiles.
3. Why we use your data, and our legal basis (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Create and operate your account | Performance of a contract (Art. 6(1)(b)) |
| Store and display your reflections, books, and insights | Performance of a contract (Art. 6(1)(b)) |
| Send your reflection to an AI provider to generate an insight | Performance of a contract (Art. 6(1)(b)) |
| Keep the service secure and prevent abuse | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. How your reflections are processed by AI
When you create a reflection, the text of your reflection (and the book/chapter title for context) is sent through our secure server to a third-party AI provider, which returns a crafted insight and follow-up questions. We do this only to provide the feature you requested, and the provider acts as a data processor on our instructions.
We currently use:
- Anthropic (Claude) — United States. Under Anthropic's commercial API terms, your inputs and outputs are not used to train their models and are retained only briefly for safety purposes. Privacy policy: https://www.anthropic.com/legal/privacy
- Google (Gemini) — United States. We use a paid Gemini API tier, under which inputs are not used to train Google's models. Privacy policy: https://policies.google.com/privacy
We may add or change AI providers as Grove evolves (for example, other providers such as OpenAI). When we do, we will update this Policy and our subprocessor list before the change takes effect. AI providers may be located outside the EU/EEA, including the United States (see Section 6). We will never sell your reflections or use them for advertising.
5. Who else we share data with (subprocessors)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, backend hosting | European Union (Ireland) |
| Anthropic, Google (and future AI providers) | AI insight generation (see Section 4) | United States |
| Apple / Google | On-device speech-to-text (only if you dictate) | Per your device OS |
| Open Library (Internet Archive) | Book and chapter lookups | United States |
| Expo / EAS | App build and delivery | United States |
A current list of subprocessors is available on request at [CONTACT EMAIL].
6. International data transfers
Some providers are located outside the EU/EEA (primarily the United States). Where personal data is transferred internationally, we rely on appropriate GDPR safeguards such as the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework. Request detail at [CONTACT EMAIL].
7. How long we keep your data
We keep your account and content for as long as your account exists. When you delete your account in the App (Settings → Account → Delete account), we permanently erase your profile, books, chapters, reflections, and insights and delete your authentication record. This is irreversible and happens promptly; residual copies in encrypted backups expire on their normal rotation. AI providers may retain reflection text only briefly per their own terms (Section 4).
8. Your rights
Under the GDPR you have the right to access, rectify, erase ("right to be forgotten" — available via in-App account deletion), port (export from within the App), restrict, and object to processing, to withdraw consent, and to lodge a complaint with a supervisory authority ([your competent data-protection authority — depends on your registered seat]). To exercise any right, contact [CONTACT EMAIL]; we respond within the timeframes required by law (generally one month).
9. How we protect your data
All data in transit is encrypted (HTTPS/TLS). Database rows are protected by Row Level Security, so one user can never read another's data. Secret keys (including AI provider keys) are held only on our server and never shipped inside the App. Account deletion is handled server-side and can only be triggered by the signed-in account owner. No system is perfectly secure, but we take reasonable and appropriate measures to protect your information.
10. Children
Grove is not directed to children under 16. We do not knowingly collect personal data from children under this age. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy as the App evolves. We will revise the "Last updated" date and, for material changes, notify you in the App or by email.
12. Contact
[LEGAL NAME] (Go with the Flow) [Address — street, ZIP, city, country] Email: [CONTACT EMAIL]