MySky Privacy Policy

MySky is developed and operated by Brittany Apps. For questions or requests regarding your personal data, contact us at hello@brittanyapps.com.

MySky is designed with privacy by design and by default.

• Zero analytics SDKs.
• Zero advertising identifiers.
• Zero cross-app or cross-site tracking.
• Your data is never sold, shared for advertising, or used for AI or ML training.

MySky stores most personal data exclusively on your device.

Date, time, and place of birth are stored exclusively on your device in a local SQLite database with AES-256-GCM field-level encryption on sensitive fields including birth place, coordinates, name, birth date, and birth time.

This data is used to calculate planetary positions, house systems, and natal chart aspects via on-device Swiss Ephemeris.

Mood scores, energy levels, stress levels, influence tags, emotional quality tags, notes, wins, and challenges are all stored locally and encrypted at rest. No raw check-in data is ever transmitted.

If you opt in to the Premium AI Reflections feature, only aggregated, non-identifying statistics derived from check-in data are sent - never individual entries.

Free-text journal content is processed entirely on-device via local NLP for keyword extraction, emotion tagging, and sentiment reflection.

Raw text, titles, and NLP results are encrypted at rest and never transmitted.

Sleep data is stored locally on your device.

Dream text, dream feelings, dream mood, dream metadata, and notes are encrypted at rest using AES-256-GCM.

Sleep quality and duration are stored locally but not encrypted.

Dream reflections are generated entirely on-device using symbolic pattern mapping. No AI service is involved in the default dream engine.

Synastry partner data, including name and birth data, is stored locally and encrypted.

Birth place fields use the same AES-256-GCM encryption as your own data.

When you use identity tools such as the Core Values Inventory, Jungian Archetype Profile, or Cognitive Style assessment, your responses and resulting profile data are stored exclusively on your device and encrypted at rest with AES-256-GCM.

This data is never transmitted to any server and is never used for advertising, analytics, or AI or ML training.

Body sensation logs, including somatic map entries, body location tags, intensity ratings, and linked emotions, are stored locally and encrypted at rest with AES-256-GCM.

Nervous system entries, including trigger descriptions, dysregulation context, and restoring practice notes, are also stored locally and encrypted at rest.

This is among the most sensitive data in the app. It is never transmitted, never processed by any external service, and never shared.

Self-reported relational pattern notes, including recurring dynamics, communication tendencies, and attachment observations, are stored locally and encrypted.

No synastry or astrological matching is performed on this data.

MySky includes optional AI-powered features that transmit limited data to external services.

• AI Reflection Insights: aggregated behavioral statistics are sent to a Supabase Edge Function which calls Anthropic Claude. Raw journal text, birth data, dream content, and personal notes are never transmitted.
• AI-Enhanced Dream Interpretations: dream text and selected dream feelings may be sent to Google Gemini to generate a richer narrative interpretation. No birth data, user identifiers, or other personal information is included.
• AI Pattern Insights: aggregated self-knowledge context such as dominant archetype, top core values, cognitive style summary, top somatic pattern region, top relationship pattern tags, and behavioral check-in averages may be sent to Google Gemini. Raw journal text, birth data, dream content, and personal notes are never transmitted.

If you use MySky home screen widgets, recent check-in data such as mood, energy, and sleep scores is shared with the widget extension via a sandboxed App Group container on your device.

This data never leaves your device and is not transmitted to any server.

We process your personal data under consent, performance of a contract, and legitimate interest where applicable.

• Consent under Article 6(1)(a): we collect and process your personal data only after explicit consent via the in-app privacy consent flow. You may withdraw consent at any time via Privacy Settings.
• Performance of a contract under Article 6(1)(b): when you subscribe to Deeper Sky, we process subscription-related data through Apple and RevenueCat to fulfill our contractual obligations.
• Legitimate interest under Article 6(1)(f): we maintain security audit logs and tamper detection to protect the integrity of your locally stored data.

Certain data you may enter, such as emotional states, somatic body sensations, nervous system triggers, and psychological self-assessments, may constitute special category data under GDPR Article 9.

We process this data solely on the basis of your explicit consent and store it exclusively on your device with AES-256-GCM encryption. This data is never transmitted to any server.

Sensitive fields such as journal content, titles, birth places, dream text, mood and stress and energy scores, emotional tags, check-in notes, wins, challenges, and NLP results use AES-256-GCM field-level encryption.

The data encryption key is stored in your device's hardware-backed secure storage.

Secure storage payloads are protected with HMAC-SHA256 tamper detection using a device-unique key. Security events are logged in a rolling audit trail for transparency.

Encrypted .msky backups use AES-256-GCM with PBKDF2-SHA256 key derivation from your chosen passphrase and are never uploaded to any server.

MySky relies on a limited set of third-party services for subscriptions, authentication, optional AI features, geocoding, and app distribution.

• RevenueCat: device identifier generated for subscription and in-app purchase verification. No personal data is shared.
• OpenStreetMap Nominatim: birth city text sent for geocoding to coordinates. Only the city name string is transmitted.
• Supabase: a free account using email and password is required to use MySky. Authentication credentials are stored on Supabase servers in the United States.
• Anthropic Claude: used for AI Reflection Insights via a Supabase Edge Function. Receives only aggregated behavioral stats.
• Google Gemini: used for AI-enhanced dream interpretations and pattern insights with limited transmitted context.
• Apple App Store: processes all subscription and in-app purchase transactions.

When you use optional AI-powered features, limited data is transmitted to servers located in the United States and potentially other countries.

These transfers are necessary to provide the requested service and are made on the basis of your explicit consent.

For users in the EEA, United Kingdom, or Switzerland, transfers to the United States rely on explicit consent and, where available, provider safeguards such as Standard Contractual Clauses.

MySky does not use analytics SDKs, advertising identifiers, or cross-app tracking.

The Apple Privacy Manifest declares coarse location for timezone resolution, user ID for Supabase authentication, and purchases for RevenueCat subscription verification.

All declared data types are not linked to identity and are not used for tracking.

MySky does not use cookies, web beacons, or browser-based tracking technologies.

All data is stored in a local SQLite database and device secure storage.

MySky does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on users.

All reflective content, pattern analysis, and interpretations are provided for self-awareness purposes only.

Under GDPR, CCPA and CPRA, and applicable privacy law, you have rights over your personal data.

• Right of access through Privacy Settings, including a full data inventory, consent status, and recent security events.
• Right to data portability via structured JSON export or encrypted .msky backup where available.
• Right to erasure using the Hard Reset option in Privacy Settings and by uninstalling the app. Supabase authentication deletion can be requested by contacting us.
• Right to rectification through in-app editing of birth data, journal entries, sleep logs, and relationship charts.
• Right to withdraw consent via Privacy Settings.
• Right to restrict processing and right to object, largely controlled through on-device consent settings.
• Right to lodge a complaint with a supervisory authority.
• Right of non-discrimination for exercising privacy rights.

California residents have additional rights regarding categories of personal information, sale and sharing disclosures, and the right to know, delete, and correct.

MySky does not sell personal information and does not share personal information for cross-context behavioral advertising.

Sensitive personal information is used only to provide MySky's self-reflection features.

Your data is stored locally on your device for as long as you keep the app installed.

Consent records expire after 365 days and will be re-requested.

There is no server-side storage of personal data beyond Supabase authentication credentials. If you delete your account, authentication data is removed from Supabase within 30 days.

MySky is intended for users aged 17 and older.

We do not knowingly collect personal information from children under 17.

If we learn we have inadvertently collected data from a user under 17, we will take steps to delete that data promptly.

MySky offers optional auto-renewable subscriptions and a lifetime purchase called Deeper Sky processed through Apple's App Store.

Payment is charged to your Apple ID at confirmation of purchase. Subscriptions renew automatically unless cancelled at least 24 hours before the end of the current period.

MySky does not directly collect or store payment information. All transactions are handled by Apple.

In the unlikely event of a data breach affecting personal information held on our servers, such as Supabase authentication data, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable law.

Because the vast majority of your data is stored exclusively on your device and never transmitted, the risk of a server-side breach affecting personal content is extremely limited.

We may update this Privacy Policy from time to time.

When we make material changes, the last updated date will be revised and, if the change affects how your data is processed, we will re-request your privacy consent within the app.

Email: hello@brittanyapps.com

We respond to privacy-related inquiries within 30 days.