Privacy Policy — The Observing Ego
The Observing Ego

Privacy Policy

Your inner world belongs to you.

Last Updated: March 21, 2026  |  Version 1.1

The Observing Ego is a personal mental health tool, and we take that responsibility seriously. This policy is written in plain language because we believe you deserve to understand exactly what happens with your most private thoughts, feelings, and health data — not wade through legalese to find out.

The short version: your data stays on your device. We do not sell it, share it with advertisers, or process it on our servers. The only place your information goes is where you choose to put it — your iPhone, and optionally Apple's encrypted iCloud.

This policy applies to The Observing Ego iOS application ("the App") developed by The Observing Ego team ("we," "us," or "our"). It covers all users, with special protections for users under age 13.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Storage and Security
  4. Children's Privacy (COPPA)
  5. Health Data
  6. Your Privacy Rights
  7. Data Retention
  8. Algorithm Disclosure
  9. Third-Party Services
  10. Safety Features and Crisis Data
  11. Changes to This Policy
  12. Contact Us

1. Information We Collect

We only collect information you actively enter into the App or data you explicitly grant permission to read. We collect nothing passively, and nothing leaves your device except through the optional iCloud sync you control.

Mood and Emotional Data

When you log a mood entry, we record:

  • Emotion category, primary feeling, and secondary descriptors you select
  • Emotional intensity (on a scale appropriate for your age group)
  • Valence and arousal coordinates (your position on the circumplex model)
  • Body sensations you tag (e.g., chest tightness, calm stomach)
  • Timestamp and optional notes

This data is the core of the App and stays entirely on your device. It is never transmitted to our servers.

Journal Entries

The App supports multiple journaling formats:

  • Free-form journal — text entries you write manually
  • Dream journal — dream descriptions and associated themes
  • Cognitive-Motivational-Relational (CMR) journal — structured emotional analysis entries
  • DBT Diary Cards — Dialectical Behavior Therapy self-monitoring records

All journal content is stored locally on your device. If you enable iCloud sync, journal entries are encrypted in transit and at rest using Apple's end-to-end encryption infrastructure.

Clinical Assessment Responses

If you choose to complete clinical self-assessments, we store your item responses and the calculated total score for:

  • PHQ-9 (Patient Health Questionnaire — depression screening)
  • GAD-7 (Generalized Anxiety Disorder scale)
  • WHO-5 (World Health Organization Well-Being Index)
  • C-SSRS (Columbia Suicide Severity Rating Scale) Safety
  • ASQ (Ask Suicide-Screening Questions) Safety
  • STIPO-R (Structured Interview of Personality Organization — Revised)
  • BDI-II / BAI (Beck Depression / Anxiety Inventories — ages 13+)
  • BYI (Beck Youth Inventories — ages 7–17)

Important: For safety assessments (C-SSRS, ASQ), we record only whether a safety check occurred — a simple boolean flag. We never store your specific responses to individual safety questions. This is an intentional privacy protection.

All assessments are screening tools, not diagnostic instruments. Each assessment displays a disclaimer to this effect.

Medication Information

If you use the Medication Tracker feature (available to teens and adults), we store:

  • Medication name, dose, and frequency you enter manually
  • Scheduled reminder times
  • Compliance log (which doses you marked as taken or skipped)

Medication names are stored locally only and are never transmitted externally — not even through iCloud sync unless you have enabled it. This data is protected with iOS file encryption.

Habit and Behavioral Logs

When you log habits, we record the habit type, date, and any notes you add. Habit categories include:

  • Sleep (duration, quality)
  • Exercise and physical activity
  • Nutrition and hydration
  • Social interaction
  • Substance use (alcohol and drug tracking — adults 18+ only, with explicit opt-in)
  • Custom habits you define
Defense Mechanism and Mentalizing Logs

The App includes psychoanalytically-informed tools for tracking defense mechanisms and mentalizing patterns. If you use these features, we store:

  • The defense mechanism type you identify
  • Mentalizing dimension ratings
  • Timestamp and optional reflective notes

These entries are particularly sensitive and receive the same on-device storage protections as clinical assessment data.

Health Data (HealthKit) Permission Required

With your explicit permission, the App reads the following data types from Apple HealthKit:

  • Heart rate and heart rate variability (HRV)
  • Resting heart rate
  • Step count and activity
  • Sleep analysis (duration and sleep stages)
  • Respiratory rate
  • Blood oxygen saturation (SpO₂)

On iOS 18 and later, the App may also write State of Mind entries to HealthKit when you log a mood entry, if you grant this additional permission. You can revoke this at any time in iPhone Settings → Privacy → Health.

HealthKit data is read on-device and used only within the App for insight generation. It is never transmitted to our servers and is excluded from iCloud sync.

Motion and Activity Data (CoreMotion) Opt-In Only

As part of optional digital phenotyping features, the App may request access to CoreMotion data (step counts, activity classification). This feature:

  • Is opt-in only — you must explicitly enable it in Settings
  • Is used only for on-device correlation with mood patterns
  • Is never transmitted externally
  • Can be disabled or cleared at any time

Not available to users under 13.

Account and Subscription Information

The Observing Ego does not have user accounts in the traditional sense. There is no username, email address, or password stored by us.

Subscription purchases ($4.99/month or $39.99/year) are processed entirely by Apple through StoreKit 2. We receive only a receipt token to verify your subscription status. Apple's privacy policy governs all payment processing. We never see your payment card information.

Your App Store ID is not linked to any of your health or mood data.

Technical and Diagnostic Data

We do not operate analytics, crash-reporting, or tracking SDKs. We do not collect device identifiers, IP addresses, or advertising IDs.

If the App crashes, Apple may collect a crash report through the standard iOS crash reporting system, subject to your device's Analytics settings and Apple's privacy policy. We receive only aggregated, anonymized crash statistics from App Store Connect — never personally identifiable information.

What we never collect We never collect: your name, email address, phone number, location, IP address, advertising identifiers, device fingerprint, contacts, photos, or any data not explicitly described above. We have no analytics SDK, no tracking pixels, and no third-party data brokers.

2. How We Use Your Information

All data processing happens on your device. Here is exactly what the App does with your information:

Purpose Data Used Where Processed
Display your mood history and insights Mood logs, habit logs, journal entries On-device only
Generate correlations between mood and habits/health Mood logs, habit logs, HealthKit data On-device only
Score clinical assessments Assessment responses On-device only
Send medication reminders Medication schedule you entered On-device (iOS Notifications)
Verify subscription status StoreKit receipt token On-device (via Apple)
Sync data across your Apple devices All app data (if iCloud enabled) Apple CloudKit (encrypted)
Trigger safety resources when clinically indicated Specific mood intensity + assessment scores On-device only
Age-appropriate content gating Birth date you entered (stored locally) On-device only
We never use your data to: Serve advertisements · Train AI or machine learning models · Profile you for marketing · Share with data brokers · Make automated decisions that affect your rights or wellbeing · Contact you without your request.

3. Data Storage and Security

On-Device Storage

All App data is stored using SwiftData, Apple's modern persistence framework. Data files are protected by iOS Data Protection using the Complete Protection class — this means your data is encrypted with a key derived from your device passcode and is inaccessible when the device is locked.

iCloud Sync (Optional)

If you choose to enable iCloud sync, your App data is synced through Apple CloudKit. Health and clinical assessment data is stored in CloudKit's private database using end-to-end encryption — Apple cannot read this data, and neither can we. Standard mood logs and journal entries use CloudKit's encrypted private database, accessible only by you on your Apple ID-linked devices.

You can disable iCloud sync at any time in iPhone Settings → [Your Name] → iCloud → The Observing Ego. Disabling sync does not delete data from your device.

Biometric Authentication

The App supports Face ID and Touch ID lock via Apple's LocalAuthentication framework. You can configure an auto-lock timeout in Settings. Biometric data never leaves your device — we never see or store it. This feature adds an additional layer of protection if someone else has physical access to your unlocked phone.

Data We Cannot Access

Because all data is on-device and/or end-to-end encrypted via CloudKit, we have no technical ability to access your journal entries, mood logs, assessment responses, or any other personal content. This is a deliberate architectural choice. It also means we cannot recover data on your behalf — please ensure you have iCloud Backup or manual backups enabled.

No External Servers

The Observing Ego does not operate backend servers that receive, store, or process your personal data. There are no databases controlled by us that contain your information. All analytics, correlation calculations, and insight generation run entirely on your device.

4. Children's Privacy

COPPA & Texas SCOPE Act Notice This section applies to users under 13 years of age and is required by the Children's Online Privacy Protection Act (COPPA) and the Texas Securing Children Online through Parental Empowerment Act (SCOPE Act, HB 18).

Parental Consent

Users under 13 may only use The Observing Ego with verifiable parental consent. During setup, the App prompts for a parent or guardian's date of birth to verify adult status. A parent-controlled PIN is established to manage child account access. By providing consent, the parent or guardian confirms they have reviewed this Privacy Policy and agree to the collection practices described herein on behalf of their child.

What We Collect from Children Under 13

The App collects from children only what is necessary for the core mood tracking features:

  • Mood selections from a simplified, age-appropriate emotion grid (emoji + words)
  • Intensity ratings on a 1–5 scale
  • Optional notes (parent-visible)
  • Date of birth (to maintain age-appropriate content)

What We Do Not Collect from Children Under 13

  • No name, email address, or contact information
  • No location data of any kind
  • No persistent device identifiers
  • No photos or voice recordings
  • No behavioral tracking or profiling
  • No HealthKit or CoreMotion data
  • No content beyond basic mood logging (journal, clinical assessments, and medication tracking are not available to users under 13)

Parental Rights Under COPPA

Parents and legal guardians have the right to:

  • Review all information collected from their child by contacting us at the address below
  • Delete their child's data by using the "Delete All Data" option in Settings or by contacting us
  • Revoke consent at any time, which will stop future collection and allow data deletion
  • Refuse further collection without affecting access to any portion of the App that does not require the data

We will respond to verifiable parental requests within 30 days.

Crisis Resources for Children

Safety features are always available to child users and are never paywalled. When age-appropriate safety thresholds are met, the App displays crisis resources and prompts the child to talk to a trusted adult (parent, guardian, or school counselor). The 988 Suicide and Crisis Lifeline is displayed in a child-appropriate format.

Texas SCOPE Act (HB 18) Compliance

In compliance with the Texas Securing Children Online through Parental Empowerment Act, we do not engage in the following practices for users under 18:

  • No targeted advertising based on personal data
  • No sale or sharing of minor users' data with third parties
  • No data collection beyond what is necessary for stated app functions
  • No profiling of minor users for commercial purposes
  • No use of design patterns that encourage extended engagement beyond the user's stated goals

5. Health Data

HealthKit Data — Read Access

The App may request read access to Apple HealthKit data to provide health-correlated mood insights. All HealthKit authorization is handled through Apple's standard permission dialog — you control exactly which data types to share.

HealthKit data is used exclusively within the App on your device. It is:

  • Never transmitted to any external server, including ours
  • Never included in iCloud CloudKit sync
  • Never used for any purpose other than generating insights you view in the App
  • Processed using Apple's privacy-preserving on-device APIs

You can revoke HealthKit permissions at any time in iPhone Settings → Privacy & Security → Health → The Observing Ego.

HealthKit State of Mind — Write Access (iOS 18+)

On devices running iOS 18 or later, you may grant permission for the App to write State of Mind entries to HealthKit when you complete a mood log. This allows your mood data to appear in the Apple Health app and contribute to Apple's mental health features. This permission is separate from read access and entirely optional. We do not read back this written data.

Clinical Assessment Data

Clinical assessment results (PHQ-9, GAD-7, C-SSRS, etc.) are sensitive health information. This data:

  • Stays on-device in an encrypted SwiftData store
  • Uses end-to-end encryption if synced via CloudKit
  • Is never transmitted to our servers
  • Is never shared with insurance companies, employers, or any third party
  • Cannot be accessed by us under any circumstances
Important Disclaimer The Observing Ego is not a medical device and does not provide medical advice, diagnosis, or treatment. All clinical assessments in the App are validated screening tools used for self-awareness and personal tracking only. Results should be discussed with a qualified mental health professional. The App is not a substitute for professional care.

Texas Data Privacy and Security Act (TDPSA) — Sensitive Data

Under the Texas Data Privacy and Security Act (effective July 1, 2024), mental health data, clinical assessment data, and health metrics constitute "sensitive personal data." We comply with the TDPSA's requirements for sensitive data:

  • We process sensitive data only for the specific purposes described in this policy
  • We do not sell sensitive personal data
  • We obtain consent before collecting sensitive data (through in-app permission flows)
  • We provide the rights described in Section 6 below

6. Your Privacy Rights

Under applicable law, including the Texas Data Privacy and Security Act (TDPSA), you have the following rights regarding your personal data:

Right to Access

You have the right to know what personal data we process. Because all your data is stored locally on your device and in your private iCloud account, you can view it directly within the App at any time. There is no separate database to request access to.

If you would like a human-readable summary of the data types we collect, contact us at the address in Section 12. We will respond within 45 days as required by the TDPSA.

Right to Correction

You can edit or correct any data you have entered in the App at any time using the App's built-in editing features. All data is yours to modify.

Right to Deletion

You can delete all data associated with your use of the App in two ways:

  • In-app: Settings → Data Management → Delete All Data. This permanently removes all locally stored mood logs, journal entries, assessment results, medication data, and preferences.
  • Device-level: Deleting the App from your iPhone also removes all associated local data.

If you have iCloud sync enabled, deleting data in-app or removing the App will also remove data from your iCloud account. We cannot recover deleted data on your behalf.

Because we operate no servers containing your data, there is no additional deletion request process required on our end — deletion from your device is complete deletion.

Right to Data Portability

You can export your data from the App in Settings → Data Management → Export Data. Export formats include JSON (machine-readable) and PDF (human-readable summary). This allows you to take your data to another service or share it with your healthcare provider.

Right to Opt Out of Sale / Targeted Advertising

We do not sell your personal data and do not engage in targeted advertising. There is nothing to opt out of in this regard.

Right to Appeal

Under the TDPSA, if we decline to act on a privacy rights request, you have the right to appeal our decision. To appeal, contact us at the address in Section 12 with the subject line "Privacy Rights Appeal." We will respond within 60 days and provide information about further recourse, including the ability to contact the Texas Attorney General's office.

Right to Non-Discrimination

We will not discriminate against you for exercising any of the rights described above. Exercising your privacy rights will not affect your access to the App, your subscription status, or the quality of the App's features.

How to Submit a Rights Request Email info@myobservingego.com with the subject line "Privacy Rights Request." Please describe the right you wish to exercise. We will verify your identity and respond within 45 days (TDPSA requirement).

7. Data Retention

Your data is retained as long as you keep it in the App. Because data lives on your device (and optionally in your iCloud account), you control retention entirely. There is no server-side retention to describe.

Data Type Retention How to Delete
Mood logs Until you delete them In-app swipe-to-delete or Delete All Data
Journal entries Until you delete them In-app swipe-to-delete or Delete All Data
Assessment results Until you delete them In-app delete or Delete All Data
Medication records Until you delete them In-app delete or Delete All Data
HealthKit-read data Used in-session; not persistently stored by App Revoke HealthKit permission in iPhone Settings
StoreKit receipt token While subscription is active Managed by Apple; cancel subscription via App Store
Safety check occurred flag Until you delete all data Delete All Data in Settings

We do not retain any data on our own infrastructure. Subscription transaction records are retained by Apple per Apple's data retention policies.

8. Algorithm Disclosure

In compliance with the Texas Securing Children Online through Parental Empowerment Act (SCOPE Act) and in the spirit of transparency for all users, we disclose how automated analysis works in the App.

Correlation Engine

The App includes a correlation analysis engine that looks for statistical relationships between your mood patterns and other factors (sleep, exercise, medication adherence, HealthKit metrics). Key facts about this system:

  • All computation runs on your device — no data leaves your phone for analysis
  • The engine requires a minimum of 7 data points per group before any insight is shown
  • Only correlations with a Pearson |r| ≥ 0.3 (moderate or stronger) are surfaced to you
  • Results are always described as "associated with," never as "causes" — we never claim causal relationships
  • Sample sizes are displayed alongside every correlation so you can assess the strength of evidence
  • No algorithmic decisions are made about you — insights are informational only, for your personal reflection

Digital Phenotyping (Opt-In)

If you enable digital phenotyping features (available to users 13 and older), the App uses passively-collected motion data (step counts, activity classification) to look for patterns associated with mood states. This is a research-informed approach drawn from academic literature on behavioral biomarkers. Key facts:

  • This feature is off by default and requires explicit opt-in
  • Data is processed entirely on-device using CoreMotion APIs
  • No raw motion data is stored persistently — only aggregated daily summaries
  • This feature is not available to users under 13
  • You can turn it off and clear its history in Settings → Privacy → Digital Phenotyping

Clinical Assessment Scoring

Assessment scoring algorithms follow published clinical manuals exactly. Cutoff scores and severity bands are not modified or approximated. No machine learning or AI is used in scoring — all calculations are deterministic rule-based algorithms matching the published instruments.

Safety Trigger Logic

The App uses rule-based logic (not AI) to determine when to display safety resources. Triggers are based on published clinical thresholds. See Section 10 for details.

No Automated Decisions with Legal or Significant Effects The App does not make any automated decisions that have legal or similarly significant effects on you. All algorithmic outputs are informational tools for your personal use. The App never diagnoses, denies access to care, or takes action on your behalf without your explicit instruction.

9. Third-Party Services

The Observing Ego integrates with the following Apple platform services only. We have no relationship with any advertising networks, analytics providers, data brokers, or other third parties.

Apple CloudKit

CloudKit is Apple's cloud database service, used for optional data sync across your Apple devices. When you enable iCloud sync:

  • Data is stored in your personal iCloud account, not in any database we operate
  • Health and assessment data uses CloudKit's end-to-end encrypted private database
  • Apple processes data per Apple's Privacy Policy
  • We have no ability to access your CloudKit data
Apple HealthKit

HealthKit is Apple's health data framework. Our use of HealthKit:

  • Is governed by Apple's HealthKit Framework License Agreement
  • Data read from HealthKit is used only within the App for your personal insights
  • We do not share HealthKit data with any party, including Apple, beyond what iOS requires to operate the API
  • All HealthKit usage is disclosed in our App Store listing and PrivacyInfo.xcprivacy manifest
Apple StoreKit 2 (In-App Purchases)

Subscription purchases are processed by Apple through StoreKit 2. We receive only:

  • A transaction receipt confirming your subscription is active
  • No payment card data
  • No Apple ID or personal information

Billing disputes, refunds, and subscription management are handled directly through Apple. You can manage subscriptions at: Settings → [Your Name] → Subscriptions.

No other third parties We do not use Google Analytics, Firebase, Mixpanel, Amplitude, Sentry, Crashlytics, Segment, or any other third-party SDK. There are no tracking pixels or ad networks. The App's only external dependencies are Apple's own platform frameworks.

10. Safety Features and Crisis Data

Safety Features Are Always Free

Crisis resources, the 988 Suicide and Crisis Lifeline, safety planning tools, and all safety-related features are always accessible regardless of your subscription status. Safety features are never behind a paywall or authentication gate.

When Safety Resources Appear

The App displays safety resources and/or a safety check flow when specific clinical thresholds are met. These thresholds are based on published clinical guidelines:

  • Selection of the emotion "Suicidal" at any intensity (teens ≥ 6 intensity; adults ≥ 7 intensity)
  • "Hopeless" emotion logged at high intensity (≥ 9 for adults; age-adjusted thresholds for younger users)
  • "Worthless," "Trapped," or "Empty" at intensity ≥ 8 (adults)
  • PHQ-9 Question 9 (thoughts of self-harm) response above "Not at all," or total score ≥ 18
  • C-SSRS or ASQ affirmative responses indicating suicidal ideation with intent or plan

General negative emotions (angry, scared, sad, etc.) do not trigger safety resources regardless of intensity, to avoid unnecessary alarm and respect normal emotional experience.

Safety Data Minimization

When a safety check is triggered, the App records only a single boolean value: "a safety check occurred on this date." We never record your specific responses to safety questions — not the questions you answered, not your level of risk, not the details of any crisis episode. This is an intentional privacy protection.

The safety check screen uses iOS fullScreenCover presentation, which cannot be accidentally dismissed by swiping, ensuring it is seen before continuing.

Crisis Resources Provided

  • 988 Suicide and Crisis Lifeline — call or text 988
  • Crisis Text Line — text HOME to 741741
  • 911 — for immediate emergencies
  • Age-appropriate resources for child users (school counselor, trusted adult)

Accessing these resources from within the App does not share any of your App data with crisis services. Phone calls and texts go directly from your device.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Display an in-app notification for material changes that affect your rights or data practices
  • For significant changes affecting children's data (under 13), we will seek renewed parental consent before the changes take effect

Your continued use of the App after a policy update constitutes acceptance of the revised policy. If you disagree with changes, you may delete the App and your data at any time.

Prior versions of this policy are available upon request by contacting us at info@myobservingego.com.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, want to submit a parental consent request or revocation, or have concerns about the App's data practices, please contact us:

The Observing Ego Email: info@myobservingego.com
Subject lines for faster routing:
• "Privacy Rights Request" — TDPSA access, deletion, portability
• "Parental Consent" — COPPA requests regarding a child user
• "Privacy Rights Appeal" — to appeal a declined request
• "Safety Concern" — urgent issues (we aim to respond within 24 hours)

We will respond to all privacy-related requests within 45 days, as required by the Texas Data Privacy and Security Act. For parental consent requests under COPPA, we aim to respond within 30 days.

If you are a Texas resident and believe we have not addressed your concern adequately, you may contact the Texas Attorney General's office regarding your rights under the TDPSA.