Privacy Policy

Last updated: January 3, 2026

Introduction

At Arpsy, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our emotional wellness platform.

Information We Collect

We collect information that you provide directly to us, including:

• Account Information: When you create an account, we collect your email address and authentication information.
• Emotional Data: We collect the emotional entries, notes, and patterns you choose to record in the app.
• Usage Data: We automatically collect information about how you interact with our service, including device information and usage patterns.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your emotional entries and generate insights
• Send you technical notices and support messages
• Respond to your comments and questions
• Monitor and analyze trends and usage

Legal Basis (EEA and UK)

When required by law, we process personal data under one or more of these legal bases:

• Performance of a contract (providing the service you request)
• Legitimate interests (service improvement, fraud prevention, security)
• Consent (where explicitly requested)
• Legal obligations (where processing is required by law)

International Data Transfers

Your data may be processed in countries outside your own jurisdiction. Where required, we use appropriate safeguards for international transfers, such as contractual protections provided by our service providers.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information. Your emotional data is encrypted and stored securely. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. You can delete your account and data at any time through your account settings.

Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your data
• Export your data
• Opt-out of certain data processing activities

Third-Party Sub-processors

We engage the following sub-processors. A Data Processing Agreement (DPA) under Article 28 GDPR is in place with each:

• Google Firebase (Ireland / EU) — authentication and encrypted database hosting
• Google Cloud Storage (EU multi-region) — encrypted file storage
• Stripe (US, EU-US Data Privacy Framework + SCCs) — payment processing; card data never touches Arpsy servers
• Resend (US, SCCs) — transactional emails (welcome, reminders), encrypted in transit
• Google reCAPTCHA Enterprise (US, SCCs) — bot detection via Firebase App Check, no personal data
• Google Analytics 4 (US, SCCs) — product usage analytics, IP anonymization enabled, only after explicit cookie consent
• Cloudflare (EU edge) — TLS termination and DDoS protection, no access to content

Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Data Controller

Data controller: Arpsy (independent developer based in the Netherlands). For privacy-related requests, contact us at

Contact Us

If you have any questions about this Privacy Policy, please contact us at