Brogress · Legal
Privacy Policy
This Policy explains how we collect, use, share, and protect your personal data when you use the Brogress mobile application and the brogress.app website. It is provided in accordance with Articles 12, 13, and 14 of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
§ 01Who we are
The data controller responsible for processing your personal data is:
Netsh UG (haftungsbeschränkt) Hermann-Löns-Strasse 13A78234 Engen, Germany
Registered: Amtsgericht Freiburg HRB 728075
Managing Director (Geschäftsführer): Ferdinand Netsch
Email: hello@brogress.app
We have appointed an external Data Protection Officer (Art. 37 GDPR) to oversee our handling of personal data:
Data Protection Officer · Datenschutzbeauftragter Dr. Sebastian KraskaIITR Datenschutz GmbH
Marienplatz 2
80331 München, Germany
Email: email@iitr.de
Phone: +49 89 189 173 60
For any privacy question — including requests to access, correct, port, or delete your data, or to withdraw consent — please email hello@brogress.app or contact our DPO directly. We will respond within 30 days as required by Art. 12(3) GDPR.
§ 02Scope of this Policy
This Policy applies to personal data we process when you use the Brogress mobile application on iOS or macOS (the “App”) and when you visit brogress.app (together, the “Service”). Brogress is a self-development app that uses an AI-powered “coach” to help you set goals, reflect on yourself, and build daily habits.
Honest disclosure
We protect your data with TLS in transit and AES-256 at rest, but we do not yet apply application-layer (end-to-end) encryption — authorised personnel can technically access your data when operating the Service. See § 11 (Security) for details.
§ 03Personal data we collect
We only collect what we need to operate the Service. Below is a complete list, grouped by category.
3.1 Account data
When you sign in with your Apple ID via Sign in with Apple, we receive and store:
- An opaque, app-specific Apple user identifier
- Your email address (this may be your real address or an Apple “private relay” address — your choice when signing in)
- Your given and family name (only on first sign-in; editable later)
In the App you may additionally provide:
- A display name and a public handle (username)
- Your birthday (used to verify you meet our minimum age requirement)
- Your gender (optional; used to tailor self-reflection items where these differ)
- Your time zone
- A push-notification device token, if you allow notifications, so we can send reminders
3.2 Self-reflection responses (sensitive)
Brogress includes self-reflection assessments — sets of multiple-choice and free-text questions that draw on established psychological frameworks (for example, the Schwartz Personal Values questionnaire and Big-Five-style personality items). Your responses are stored, mapped to internal “six pillar” scores (Heart, Iron, Edge, Flow, Vault, Brain), and used by the coach to personalize its conversations with you.
Because these responses can reveal information about your personality, values, and emotional patterns, we treat this data as sensitive and process it only on the basis of your explicit consent, which you give before completing each assessment.
3.3 Coach conversations and the “private notes” section (sensitive)
When you talk to the coach inside the App, we store:
- Every message you send (including text transcribed from voice — see § 3.8)
- Every reply the coach generates
- Internal “state” updates the coach makes — points awarded, missions completed, achievements unlocked, edits to the coach’s notes about you
We also maintain a coach profile file about you with six sections: persona, hard rules, your stated preferences, coaching style, durable life-context notes (e.g. your job, where you live), and an internal “private notes” section.
Honest disclosure: the “private notes”
The private-notes section is generated and updated by the coach itself as it talks with you. It contains the coach’s working psychological model of you — patterns it observes, what motivates you, what tends to backfire.
This section is not visible to you in the App today. It is sent to our AI provider on every coach turn so that the coach can speak to you consistently. It is not shared with anyone else other than that provider (Microsoft Azure AI Foundry — see § 6). You can request a copy of this section by emailing hello@brogress.app, and you can delete it (along with everything else) at any time by deleting your account. We are working on a feature to let you read and edit this section directly inside the App.
3.4 Goals (WOOP)
For each goal you set, we store the four WOOP components — your Wish, the imagined Outcome, the Obstacle (often something internal, e.g. “I procrastinate when I’m anxious”), and your Plan — together with the goal’s status, history, and the conversational elicitation that produced it.
3.5 Missions, achievements, points, breathing sessions
We store the missions you take on (daily and one-off), the achievements you unlock, every point allocation event with the coach’s reasoning attached, and basic metadata for each breathing exercise you complete (technique, length, score, time of day).
3.6 Knowledge graph (sensitive)
As you talk with the coach, it builds a structured knowledge graph of the people, places, employers, hobbies and goals you mention, so that it can refer back to them in later conversations. This graph is stored in Microsoft Azure (Sweden) and partitioned by user — it is not shared between users.
3.7 Social data
If you use friend, challenge, or leaderboard features, we store:
- Your friends list and pending friend requests
- Blocks you set, and reports you submit (and reports submitted about you)
- Challenges you set up with friends and their state
- Activity-feed entries (achievements, milestones, streaks) that are visible to your friends
What becomes visible to a friend. When you add a friend, your handle, level, total points, current streak, your six pillar scores, and your profile picture (if you have uploaded one — see § 3.13) become visible to that friend in the in-app leaderboard and friend list. If you don’t want a friend to see this information, remove them or block them.
3.8 Voice
If you record a voice debrief, the audio is transcribed on your device using Apple’s on-device speech recognition. Only the resulting text leaves your phone; the audio itself is never sent to our servers or to any third party.
3.9 Technical / log data
When you use the Service, our servers record:
- The IP address you connect from
- Your device and operating-system type
- Date, time, and details of each request
- Truncated content (first 500 characters) of coach messages, for debugging and quality monitoring
These logs live in Microsoft Azure Application Insights (Sweden Central) and are retained for approximately 90 days, after which they are deleted automatically.
When an error occurs while processing your request, the resulting log line may include your account ID so we can reproduce and fix the problem. We do not enrich logs with your account ID for routine (non-error) requests, and we do not attach it as a structured telemetry dimension — it appears only as text in the body of error messages emitted by our backend code.
3.10 Crash and error reports
If the App crashes or hits an unexpected error, we send a description of the error to Sentry GmbH (de.sentry.io, hosted in Germany). We have configured Sentry not to send your user ID; however, an error message can occasionally include short fragments of text from a server response if our backend ever returns user content inside an error.
3.11 Subscription data
Brogress uses Adapty (Adapty Tech Inc.) as its subscription-management platform. The Adapty SDK is initialized at app launch and, once you sign in, is linked to your Brogress account ID so entitlement checks can route correctly. Through Adapty we and Adapty process:
- The Apple identifierForVendor (IDFV) — a per-vendor identifier scoped to apps from us; it is not the cross-app advertising identifier (IDFA), which we do not access
- Apple App Store and (in future) Stripe purchase events — product, price, country, transaction state, renewal status
- Paywall interactions — which paywall variant you saw, whether you started or completed a purchase, restores
- The Adapty profile ID, mapped to your Brogress user ID
Free-plan usage counter. Independently of Adapty, we
count how many AI-coach debriefs you have started (the
debriefs_used_lifetime counter on your account) so the app
can enforce the lifetime free-plan limit before a paid subscription
unlocks unlimited usage. This counter is processed on the contractual
basis (Art. 6(1)(b) GDPR) and is purged with everything else when you
delete your account.
3.12 What we do NOT collect
For the avoidance of doubt, the App does not access:
- Your contacts, calendar, location, motion data, or HealthKit data; nor your photo library at large — when you choose a profile picture, iOS’ system PhotosPicker hands us only the single image you select, and the App never receives photo-library permission. See § 3.13
- Any data through general-purpose analytics SDKs in the mobile app (Firebase, Mixpanel, Amplitude, Google Analytics, Adjust, AppsFlyer, Branch, Segment, etc. — we use none of these inside the App). Adapty processes IDFV and product-interaction events for the limited purpose of subscription analytics — see § 3.11 and § 5. The brogress.app website uses Google Analytics 4 with opt-in consent only; see § 16
- Any data through advertising SDKs — we serve no ads and use no ad SDKs
- The Apple advertising identifier (IDFA) — we have not implemented App Tracking Transparency and do not request it
3.13 Profile picture (optional)
In Profile › Settings › Edit Profile › Profile picture you may upload an image that will be displayed next to your handle on the profile screen, the leaderboard, the friends list, and friend-request cards inside the App. Uploading a picture is entirely optional — without one, we render a coloured circle containing the first letter of your display name.
What happens when you upload:
- iOS’ system PhotosPicker presents your photo library out-of-process and hands the App the bytes of the single image you selected. The App is never granted general photo-library permission and cannot read any other photo.
- Our backend re-encodes the image as a centred, square-cropped, 512×512 JPEG. The re-encode intentionally discards every EXIF metadata field, including any GPS coordinates that your phone may have embedded when the photo was taken.
-
The processed image is stored in a separate, private
Azure Blob Storage container named
brogress-avatarsin Sweden Central. Anonymous public access is disabled at the storage-account level. When the App needs to display your picture next to your handle, our backend serves a URL that includes a long-lived, read-only Shared Access Signature (SAS) scoped to that single container — the same pattern we use for the App’s static character and achievement artwork. The SAS lets the iOS image cache fetch your picture without each individual request being authenticated by your account, while keeping the underlying blob storage closed to the public internet. - You can replace the picture at any time, or remove it via Profile picture › Remove photo. Removal deletes the blob and reverts the in-app rendering to the initial fallback.
- To deter abuse, profile-picture changes are limited to ten per account per day.
- On account deletion, the avatar blob is purged together with the rest of your data — see § 8.
3.14 Feedback you send us
If you choose to send us suggestions, ideas, feature requests, bug reports, or other feedback about the Service — for example by emailing hello@brogress.app — we store the message you sent and the email address it was sent from. We use feedback to improve the Service and may quote anonymised excerpts internally or in product communications. We do not publish your name, email address, or any other identifier alongside feedback without your separate consent. The same retention and security commitments described in § 8 and § 11 apply. The Terms of Service grant us a perpetual, royalty-free licence to use Feedback for any purpose (see § 17 of the Terms); this Policy governs how any personal data contained in Feedback is processed.
§ 04How we use your data & legal bases
We process your personal data only on the legal bases set out in Art. 6 (and where applicable Art. 9) of the GDPR.
| Purpose | Legal basis |
|---|---|
| Operating the App and providing the coaching service to you | Performance of a contract — Art. 6(1)(b) GDPR |
| Sending coach messages to our AI provider so that the coach can reply | Performance of a contract — Art. 6(1)(b) GDPR |
| Storing your self-reflection responses and using them to personalize the coach | Explicit consent — Art. 6(1)(a) and Art. 9(2)(a) GDPR |
| Sending push reminders | Consent — Art. 6(1)(a) GDPR; granted in iOS settings; revocable any time |
| Showing your stats to friends you have added | Performance of a contract — Art. 6(1)(b) GDPR; friend features are opt-in |
| Storing and serving your uploaded profile picture so that it can be displayed in the App (see § 3.13) | Performance of a contract — Art. 6(1)(b) GDPR |
| Operating, debugging, and improving the Service through logs and crash reports | Legitimate interest — Art. 6(1)(f) GDPR (keeping the Service reliable) |
| Processing in-app subscriptions and entitlements through Adapty (see § 5) | Performance of a contract — Art. 6(1)(b) GDPR |
| Subscription analytics through Adapty (paywall interactions, conversion, retention) | Legitimate interest — Art. 6(1)(f) GDPR (operating, measuring, and improving the subscription product) |
| Counting completed debriefs to enforce the free-plan lifetime limit | Performance of a contract — Art. 6(1)(b) GDPR |
| Complying with legal, accounting, and tax obligations | Legal obligation — Art. 6(1)(c) GDPR |
Where we rely on legitimate interests (Art. 6(1)(f)), you have the right to object to that processing — see § 9.
§ 05Sub-processors and recipients
We use the following carefully selected sub-processors. We do not sell your personal data, and we do not share it with anyone for marketing purposes.
| Sub-processor | Purpose | Categories of personal data | Location | Safeguards |
|---|---|---|---|---|
| Microsoft Ireland Operations Ltd. (Microsoft Azure) | Backend hosting (PostgreSQL, Blob Storage, Cosmos DB Gremlin, Application Insights) and the AI coach (Azure AI Foundry) | Account identifiers, coach conversations, coach profile (incl. private notes), self-reflection responses, knowledge graph, missions, achievements, points, breathing-session metadata, social-graph rows, profile pictures, server logs (incl. IP), and the AI prompts and completions described in § 6 | Backend storage in Sweden Central; AI Foundry deployed with the EU Data Zone (inference may route to any Microsoft region within the EU) | DPA + Microsoft Online Services Terms; data stays within the EU |
| Apple Distribution International Ltd. | Sign in with Apple authentication; Apple Push Notification service (APNs) | Apple user identifier, email address (or Private Relay alias), given/family name on first sign-in, device push-notification token | Apple global infrastructure (incl. United States) | EU–U.S. Data Privacy Framework |
| Sentry GmbH / Functional Software, Inc. dba Sentry | Crash and error reporting | Crash diagnostics (stack traces, app version, OS, device model); may incidentally include short text fragments from a server response. We have configured Sentry not to send your user ID | Frankfurt, Germany (de.sentry.io) | DPA; data stays in the EU |
| Adapty Tech Inc. | Subscription management, entitlement sync, paywall analytics | Apple identifierForVendor (IDFV), Brogress account ID, App Store purchase events (product, price, country, transaction state, renewal status), paywall interactions | United States | DPA signed; certified under the EU–U.S. Data Privacy Framework (Art. 45 GDPR adequacy decision) |
| Google LLC / Google Ireland Limited | Website analytics on brogress.app (Google Analytics 4) — loaded only after you click Accept on the cookie banner. Not used inside the mobile App. See § 16 |
Anonymised IP address (truncated by Google before storage),
_ga* first-party cookie ID, page URL, referring URL,
utm_* campaign parameters, browser, OS, device class
|
EU front-end servers; aggregated reporting data may be stored on Google infrastructure in the United States | DPA via Google’s Data Processing Terms; EU Standard Contractual Clauses; certified under the EU–U.S. Data Privacy Framework (Art. 45 GDPR adequacy decision); IP anonymisation enforced; Google Signals + ad personalisation disabled; data retention set to 2 months |
We will update this list before adding any new sub-processor that processes personal data on our behalf. If you would like a copy of any of the data-processing agreements above, please email hello@brogress.app.
In addition to the sub-processors above, we may share your personal data with public authorities (e.g., the German tax office, courts, or police) where we are required to do so by law (Art. 6(1)(c) GDPR).
§ 06What we send to our AI provider
Because this is the data flow most likely to surprise you, we describe it explicitly. Every time the coach replies to you, we send the following to Microsoft’s Azure AI Foundry service (deployed with the EU Data Zone, meaning inference is restricted to Microsoft regions within the European Union):
- Your full coach profile, including the “private notes” described in § 3.3
- Your knowledge graph (people, places, hobbies, goals you have mentioned)
- Your active missions, friends list, and active goals (titles, status, brief previews)
- Up to the last 10 messages in your conversation
- Your current message
- Internal protocol rules (what tools the coach may use, etc.)
We do not send: your email address, your IP address, your device token, your account UUID, or any other user’s data.
Microsoft retention for abuse monitoring
Under the default Azure OpenAI / AI Foundry policy, Microsoft retains prompts and completions for up to 30 days for abuse- monitoring purposes, accessible only to authorized Microsoft personnel for that purpose. If we have obtained “Modified Abuse Monitoring” status from Microsoft, this retention does not apply. Email hello@brogress.app if you would like to know our current status.
Microsoft does not train AI models on your data
Under Microsoft’s Azure OpenAI / AI Foundry enterprise terms, the prompts and completions we send for inference are not used to train, retrain, or improve Microsoft’s foundation models, OpenAI’s foundation models, or any other model offered through the service. Inference is performed against pre-trained models; your conversations do not become training data, and they are not shared with OpenAI or any other third party outside the contractual processing relationship with Microsoft.
§ 07International transfers
The vast majority of your personal data is processed and stored within the European Union. Backend storage (PostgreSQL, Blob Storage, Cosmos DB Gremlin, Application Insights) is deployed to Microsoft Azure’s Sweden Central region; the AI coach is deployed with Microsoft’s EU Data Zone, restricting inference to Microsoft regions within the EU; crash reports are processed by Sentry GmbH in Frankfurt. Microsoft may replicate operational backups to other Microsoft data centres within the EU for redundancy.
Two of our sub-processors are based in the United States:
- Apple handles your Apple-ID authentication and routes push notifications. Apple is certified under the EU–U.S. Data Privacy Framework, which the European Commission has determined provides an adequate level of protection (Art. 45 GDPR adequacy decision).
- Adapty Tech Inc. processes subscription and paywall data on our behalf. Adapty is certified under the EU–U.S. Data Privacy Framework, the UK Extension, and the Swiss–U.S. DPF.
Where any other transfer outside the EEA may incidentally occur (for example, if Microsoft replicates standard backups to a paired region), we rely on the European Commission’s Standard Contractual Clauses (SCCs) (Art. 46(2)(c) GDPR) together with our sub-processors’ supplementary technical and organisational measures.
§ 08How long we keep your data
| Category | Retention |
|---|---|
| Account data, coach conversations, coach profile (incl. private notes), goals, missions, achievements, point events, assessment responses, knowledge graph, breathing sessions, social graph | Until you delete your account (no automatic rotation) |
| Application server logs (Azure Application Insights) | ~90 days |
| Crash and error reports (Sentry) | ~90 days |
| AI provider prompt/completion records held by Microsoft for abuse monitoring | Up to 30 days (Microsoft default) |
| Internal AI-call rate-limit log | 2 days (auto-purged) |
| Profile picture (if uploaded) | Until you remove it via Settings or delete your account; an upload replaces any earlier picture immediately |
| Adapty subscription profile (IDFV, purchase events, paywall interactions) | Until you delete your account; on deletion we call Adapty’s GDPR profile-and-data delete endpoint to remove the profile on their side. Tax-relevant purchase records may be retained independently — see the row below |
| Account data we are legally required to retain (e.g., tax records relating to a paid subscription) | As long as required under German law — typically up to 10 years under § 257 HGB and § 147 AO |
Account deletion. When you delete your account in
Profile › Settings › Delete Account, we purge all of
the categories above from our active systems: the relevant rows in our
PostgreSQL database, every blob under your user prefix in Azure Blob
Storage, your profile picture in the brogress-avatars
container, your partition in our Cosmos DB knowledge graph, your Adapty
profile (via Adapty’s GDPR delete-profile-and-data API), and we
revoke your Apple refresh token. Anything we are legally required to
retain is segregated and deleted as soon as the legal retention period
expires.
§ 09Your rights under the GDPR
Under the GDPR you have the rights set out below. To exercise any of them, email hello@brogress.app from the address associated with your account; we will respond within 30 days (Art. 12(3) GDPR). Exercising your rights is free of charge.
- Right of access (Art. 15) — receive a copy of your personal data and information about how we process it. We currently provide this on email request; an in-app self-service export is on our roadmap.
- Right to rectification (Art. 16) — correct inaccurate data. Most account fields are editable in the App in Profile Settings; you can also email us for anything else.
- Right to erasure / “right to be forgotten” (Art. 17) — delete your account at any time inside the App in Profile › Settings › Delete Account. This wipes your data from our systems as described in § 8.
- Right to restriction (Art. 18) — ask us to stop using (but keep) certain data while a question about it is being resolved. Email us.
- Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format. Email us.
- Right to object (Art. 21) — object to processing based on our legitimate interests (Art. 6(1)(f)). The simplest way to fully exercise this right is to delete your account.
- Right to withdraw consent (Art. 7(3)) — where we rely on your consent (assessments, push notifications), you can withdraw it at any time without affecting the lawfulness of processing before the withdrawal. Withdraw consent for assessments by deleting your account; for push notifications, by disabling notifications in iOS Settings or by removing your device token in the App.
Right to lodge a complaint (Art. 77). If you believe we have mishandled your personal data, you can complain to a supervisory authority. The competent authority for our company is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Königstraße 10a70173 Stuttgart, Germany
poststelle@lfdi.bwl.de
+49 711 615541-0
You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence or place of work.
§ 10Automated decisions and profiling
The App computes derived metrics about you — your six pillar scores, your overall level, your point total, suggested challenges, and which achievements to surface — based on your activity. These are automated, but they have no legal effects or similarly significant effects on you, and so Art. 22 GDPR does not apply: they only determine what you see inside the App.
The coach also generates and updates the “private notes” described in § 3.3, which is a form of profiling within the meaning of Art. 4(4) GDPR. The notes are used solely to make the coach’s replies more consistent and personal to you; they are not shared with any third party other than our AI provider, and they have no effects outside the App. You can request a copy of the notes by emailing us.
§ 11Security
We protect your personal data with appropriate technical and organisational measures (Art. 32 GDPR), including:
- TLS / HTTPS for all network traffic between your device, our backend, and our sub-processors
- AES-256 at-rest encryption (Microsoft-managed keys) for the databases and blob storage that hold your data on Microsoft Azure
- iOS Keychain for the auth token stored on your device
- Strict access controls on our backend — only authorized personnel and Microsoft sub-processor staff with operational access
Honest disclosure: who can read your data
We do not currently apply application-layer (end-to-end) encryption to your coach conversations or coach profile. This means that, in addition to Microsoft (which holds the at-rest keys), authorized members of our team can technically read your data, although we do so only when necessary to debug issues, investigate reports, or improve the Service.
Client-side, user-key encryption is something we may explore in future versions. We will update this Policy if and when that ships.
We will notify you and the competent supervisory authority of a personal data breach in line with Articles 33 and 34 GDPR.
§ 12Minors
Brogress is intended exclusively for adults. You must be at least 18 years of age to create an account or otherwise use the Service. By creating an account, you confirm that you are at least 18. If we become aware that we have collected personal data from a person under 18, we will delete that data as soon as possible. If you believe a person under 18 is using the Service, please email hello@brogress.app.
§ 13Aggregated and de-identified data
We may aggregate and irreversibly de-identify usage data from across our user base — for example, the distribution of pillar scores, achievement unlock frequencies, completed-debrief counts per cohort, paywall conversion rates, and retention curves — in order to understand how the Service is used, to evaluate features, and to make product decisions. Aggregated and de-identified data is not personal data within the meaning of Recital 26 of the GDPR (or § 1798.140(m) of the California Consumer Privacy Act). We do not attempt to re-identify aggregated data, we do not combine it with personal data after de-identification, and we may retain it indefinitely for the purposes above. We do not sell or share aggregated data for advertising purposes.
§ 14Business transfers
In the event of a merger, acquisition, reorganisation, financing, asset sale, insolvency, or similar transaction, your personal data may be transferred to a successor or affiliated entity. Any such transfer will remain subject to this Privacy Policy, or to a privacy policy that is at least as protective. Where the transfer would materially change how your personal data is processed, we will notify you in the App or by email at least 30 days in advance, and you may delete your account before the transfer takes effect — see § 8 on what happens when you delete.
§ 15US Residents and US state consumer rights
15.1 Who this section applies to
This section provides additional disclosures and rights for residents of the United States, in particular under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and its 2026 implementing regulations. Parallel rights apply to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Texas (TDPSA); where those laws grant rights that go beyond the CCPA, we honour them. For residents of the European Union, the United Kingdom, and Switzerland, the rights described in § 9 apply instead and are usually broader than those listed below.
15.2 Categories of personal information we collect
Below is the same data described in § 3, mapped onto the categories defined in CCPA § 1798.140(v). For each category we identify the source, the purpose, and the recipients — named sub-processors are listed in § 5.
| CCPA category | Examples we collect | Source | Disclosed for a business purpose to |
|---|---|---|---|
| Identifiers | Apple user identifier, Brogress account UUID, IP address, device push-notification token | You; your device; Apple at sign-in | Microsoft Azure; Apple; Sentry |
| Customer-records information | Name (given/family on first sign-in), display name, handle, email address (or Private Relay alias) | You; Apple | Microsoft Azure; Apple |
| Internet or other electronic activity | Server logs (request metadata, truncated coach-message fragments for debugging), in-App interactions, paywall events | Your device; our backend | Microsoft Azure; Sentry; Adapty |
| Geolocation (coarse only) | IP-derived approximate region; no GPS or precise geolocation | Your network connection | Microsoft Azure |
| Audio, electronic, or visual information | Profile picture, if you upload one (re-encoded with all EXIF metadata stripped, see § 3.13). We do not receive your voice — voice is transcribed on-device and only the resulting text leaves your phone (see § 3.8) | You | Microsoft Azure |
| Commercial information | Subscription status, App Store purchase events, paywall interactions | Apple App Store via Adapty | Adapty; Microsoft Azure |
| Inferences | Six-pillar scores, level, point totals, suggested challenges, the coach’s “private notes” (see § 3.3) — all derived from your activity in the App | Generated by Brogress from your activity | Microsoft Azure |
| Sensitive personal information (CCPA § 1798.140(ae)) | Self-reflection responses (psychometric items), contents of coach conversations including text from voice transcription, the knowledge-graph inferences about you, mental-wellbeing indicators derived from your messages | You | Microsoft Azure (Sweden + EU Data Zone) |
We retain each category for the periods described in § 8. You have the right to access this data including data older than 12 months, by emailing hello@brogress.app.
15.3 We do not sell or share personal information
We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioural advertising, as those terms are defined in CCPA §§ 1798.140(ad) and (ah). Brogress runs no advertising, embeds no advertising or analytics SDKs, and does not have advertising or data-broker partners. No “Do Not Sell or Share My Personal Information” opt-out mechanism is therefore required, but if you would like written confirmation of this for your records, email hello@brogress.app with the subject line Do Not Sell or Share.
15.4 We do not use automated decision-making technology for significant decisions
The automated processing described in § 10 (computing your six-pillar scores, awarding points, surfacing achievements, generating coach replies and the “private notes”) determines only what you see inside the App. It does not make decisions that affect your employment, housing, credit, education, healthcare, insurance, or access to essential goods and services, and it does not have any legal or similarly significant effect on you. The CCPA right to opt out of ADMT for significant decisions therefore does not apply; you may nonetheless stop all automated processing at any time by deleting your account.
15.5 We do not run a financial-incentive programme
Brogress charges a flat subscription price (see § 3.11). We do not offer rewards, discounts, free service, or other financial incentives in exchange for the collection, retention, sale, or sharing of personal information. There is therefore no financial-incentive notice to make under CCPA § 1798.125(b).
15.6 Use of sensitive personal information
We use the sensitive personal information listed in § 15.2 only to provide and personalise the contracted Service as described in § 3, § 4, and § 6. We do not use sensitive personal information to infer characteristics about you that fall outside the Service, to target advertising, or for any of the secondary purposes that would trigger the CCPA right to limit (CCPA § 1798.121). The 2026 CCPA regulations classify the contents of messages as sensitive personal information unless the recipient is the intended recipient; the AI coach you converse with is the intended recipient of your messages within the meaning of the regulation, and the contents of those messages are not disclosed to any human at Microsoft except under the limited 30-day abuse-monitoring process described in § 6.
15.7 Your rights as a US resident
- Right to know (CCPA § 1798.110) — what categories of personal information we collect, the sources, the purposes, and the categories of recipients. This information is in §§ 3, 4, 5 and 15.2.
- Right to access (CCPA § 1798.110(a)(5)) — receive a copy of the specific personal information we hold about you, including data older than 12 months (per the 2026 CCPA regulations). Email hello@brogress.app.
- Right to delete (CCPA § 1798.105) — delete your account from Profile › Settings › Delete Account, or by emailing us. The purge is described in § 8.
- Right to correct (CCPA § 1798.106) — most account fields are editable in-app under Profile › Settings; for anything else, email us.
- Right to opt out of sale or sharing (CCPA § 1798.120) — not applicable; we do not sell or share (see § 15.3).
- Right to limit use of sensitive personal information (CCPA § 1798.121) — already limited to the contracted Service (see § 15.6); no further opt-out mechanism is required.
- Right to opt out of ADMT for significant decisions — not applicable; we do not use ADMT for significant decisions (see § 15.4).
- Right to non-discrimination (CCPA § 1798.125) — exercising any of the rights above does not change the price you pay, the features available to you, or the quality of the Service.
- Right to appeal a denied request — email hello@brogress.app with the subject line Privacy Appeal within 30 days of our response.
15.8 Authorised agents
You may designate an authorised agent to submit a request on your behalf. The agent must provide written authorisation signed by you, and we may verify the authorisation directly with you before fulfilling the request. We may deny a request from an unverified agent.
15.9 Verification
We verify your identity by matching the email address you contact us from against the email address associated with your Brogress account. For requests involving sensitive personal information or deletion, we may ask additional questions tied to your account activity (for example, the approximate date of your first debrief, the topic of a recent conversation, or your subscription start date) before fulfilling the request. We will not request more information than necessary to verify identity.
15.10 Response timeline
We respond to verifiable consumer requests within 45 days of receipt, extendable by up to 45 additional days where reasonably necessary, with notice to you, in line with CCPA § 1798.130(a)(2). For requests under the GDPR (EU/UK residents), our response window is one month per Art. 12(3) GDPR (see § 9).
15.11 Annual disclosure metrics
For the preceding 12 months: number of personal-information sales: zero (we do not sell). Number of personal- information sharing transactions for cross-context behavioural advertising: zero (we do not share). We will publish access-, deletion-, and correction-request volumes annually in this section starting with our first full operating year after launch.
15.12 Notice at collection
This Privacy Policy serves as our notice at collection under CCPA § 1798.100(b). We provide the same notice in-App on the Welcome screen before you sign in, and a link to this Policy is available from the App’s settings menu.
15.13 Children’s information
Per § 12, Brogress is for adults aged 18 and over only. We do not knowingly collect personal information from anyone under 18, which exceeds the CCPA threshold of 16 (consent required for sale or sharing) and the COPPA threshold of 13. We do not sell or share personal information regardless of age.
§ 16Cookies and analytics on the website
The brogress.app website uses two categories of storage:
-
Strictly necessary — a single
localStoragekey (brogress.consent.v1) that remembers your cookie-banner choice, and short-lived cookies the page sets for its own operation (session keep-alive, CSRF). These are exempt from § 25 (1) TDDDG and rest on Art. 6 (1)(f) GDPR (legitimate interest in a functional website). -
Google Analytics 4 (only after you click
“Accept” on the cookie banner) — we use Google
Analytics 4 to count visits to brogress.app and identify which
marketing channel referred them (the
utm_sourceparameter on your inbound URL). Lawful basis: your consent (Art. 6 (1)(a) GDPR + § 25 (1) TDDDG). You can withdraw your consent at any time via the Manage cookies link in the page footer.
When you have given consent, Google Analytics 4 collects: the page URL,
the referring URL, an anonymised IP address (Google truncates the IP
before storage and we have IP-anonymisation enabled), browser, OS, and
device class, a pseudonymous client identifier stored in a first-party
_ga* cookie, and the standard utm_* parameters
on your inbound link. We have switched off Google Signals data
collection, granular location/device data collection, and ad
personalisation signals; data redaction is enabled to strip query
parameters that look like personal data. Data retention inside the
GA4 property is set to 2 months, the shortest
retention period Google permits.
Google LLC (United States) is our processor for the analytics service; the processor relationship and EU–U.S. transfer safeguards (Standard Contractual Clauses + EU–U.S. Data Privacy Framework) are summarised in § 5. The mobile App does not use web cookies and is not covered by this section.
§ 17Changes to this Policy
We will post a new version of this Policy here whenever we make a material change. The “Effective” date at the top reflects the version currently in force. For changes that affect how we use your personal data in a substantial way, we will additionally notify you in the App or by email. For US residents, we will provide notice of material changes to § 15 at least 30 days before they take effect.
§ 18Contact
For any privacy question, request, or complaint:
Netsh UG (haftungsbeschränkt) Hermann-Löns-Strasse 13A78234 Engen, Germany
Email: hello@brogress.app