UnloopDownload
The ProblemHow it WorksPrivacy

Privacy Policy

Last updated: April 26, 2026 · Operated by ReactiveWeb Studio SRL

1. Who we are

Unloop is operated by ReactiveWeb Studio SRL, Romania. If you have any questions about this policy, contact us at reactiveweb.support@gmail.com.

2. No account required

Unloop works without any account. On first launch, the app silently creates an anonymous session — no name, email address, or sign-up form required. Your data is tied to this anonymous session. You can optionally link an Apple ID at any time from Settings to enable data backup and cross-device access.

3. What data we collect

  • Anonymous session identifier: A random UUID generated automatically on first launch. This is the only identifier created by default. It is not linked to your name, email, or device.
  • Apple ID (optional): If you choose to sign in with Apple, we store Apple’s stable sub-identifier and, optionally, an Apple-relay email address. Sign-in with Apple is never required to use the core app.
  • Episode data: Each time you log a loop, we store: the timestamp, entry source (app, Lock Screen widget, Siri shortcut, or "I reacted"), the action type you selected (Check, Wash, Review, Ask, Search, Repeat, Avoid, or Other), an optional intensity rating (1–5, skippable), your outcome (Stayed, Paused, or Acted), whether you completed the countdown, and session duration in seconds. Server-computed fields are added automatically: hour of day, day of week, and a broad time bucket (Early Morning / Morning / Afternoon / Evening / Night).
  • Pattern insights: Qualitative insights (e.g. "Evenings are harder for you") are generated server-side from your episode data after every 10 episodes. They expire automatically after 10 days.
  • App settings: Your preferences: whether Siri shortcut, Lock Screen widget, or reminders are enabled; your chosen countdown duration (10, 20, or 30 seconds); and your language preference.
  • Anti-overuse flags: To protect you from turning the app itself into a compulsion, we detect and log overuse patterns — for example, logging more than 5 episodes within 60 minutes, or reopening the app 4 or more times in 30 minutes. These flags are used only to show you a gentle nudge and are never shared.
  • Subscription state: Whether your account is on the free or premium plan, your plan expiry date, and subscription events (purchase, renewal, expiration, cancellation). Billing is handled entirely by Apple — Unloop never stores your payment card details.
  • In-app feedback (optional): If you voluntarily submit feedback via the Settings menu, we store your plain-text message (up to 2,000 characters). Feedback is never required.

4. What we do NOT collect

  • Location data of any kind
  • Microphone or voice recordings
  • HealthKit data — the Health & Sleep toggle in onboarding is a v2 placeholder and is currently inactive
  • Contacts or address book
  • Camera or photos
  • The content of your thoughts, fears, or intrusive thoughts — the app records only the action type you selected, not why
  • Persistent device identifiers beyond what Supabase Auth stores for your session
  • Advertising identifiers (IDFA)

5. How we use your data

Your data is used exclusively to power the app: to run the crisis flow, generate your pattern insights, detect overuse, and manage your subscription. It is never used for advertising, never sold to third parties, and never used to build advertising profiles. We do not share episode data with any third party.

6. Third-party services

  • Supabase: All user data, episode logs, insights, and settings are stored in Supabase (a managed Postgres database and auth service). Data is encrypted in transit (TLS) and at rest. Supabase infrastructure is subject to SOC 2 Type II compliance.
  • RevenueCat: Subscription billing is handled by RevenueCat, which processes Apple App Store receipts. RevenueCat receives only your anonymous UUID and subscription transaction data — it has no access to your episode logs or any behavioral data.

7. Data security

Every table in our database is protected by Row-Level Security (RLS): your session can only read and write its own rows. No cross-user data access is possible at the database level. We use TLS for all data in transit and Supabase’s at-rest encryption for stored data. Unloop does not operate its own servers — all infrastructure is managed by Supabase. Episode data (action types, intensity, outcomes) is behavioral health-adjacent data and is treated as sensitive: it is never shared, never used for advertising, and never disclosed to third parties beyond the infrastructure providers listed above.

8. Data retention

  • Episode logs: Retained for the lifetime of your account. Free-plan users can access the last 30 days of history in the app; Pro users access full history. All episode data is permanently deleted within 30 days of account deletion.
  • Pattern insights: Automatically expire after 10 days from generation and are then deleted from our database.
  • Feedback messages: Retained until your account is deleted or until you request removal.
  • Subscription and billing records: Retained for as long as required by applicable tax and accounting law (typically 5–7 years), even after account deletion, in an anonymised form.
  • Anonymous session data: If no account deletion is requested, anonymous session data may be retained indefinitely. You can request deletion at any time.

9. Your rights

If you are located in the European Economic Area or other jurisdictions with applicable data protection law, you have the following rights regarding your personal data. To exercise any of them, email reactiveweb.support@gmail.com or use the in-app controls listed below. We will respond within 30 days.

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can ask us to correct inaccurate data.
  • Erasure (deletion): Use Settings → Account → Delete Account inside the app, or email us. Deleting your account permanently removes all episode logs, insights, settings, feedback, and overuse flags from our database with no orphaned records. Note: deleting your Unloop account does not automatically cancel an active Apple subscription — you must cancel separately via iOS Settings → Apple ID → Subscriptions.
  • Portability: You can request an export of your episode data in a machine-readable format (JSON). Email us to request this.
  • Objection / Restriction: You can object to or request restriction of processing. Because we only use data to power the app (not for advertising or profiling), most objections are satisfied by account deletion.
  • Lodge a complaint: If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection authority (in Romania: ANSPDCP — www.dataprotection.ro).

10. Subscription billing

Premium subscriptions are processed entirely through the Apple App Store. Unloop never stores your payment card details. Subscription management (cancellation, restoration) is available via Settings → Premium → Manage Subscription inside the app, which opens Apple’s standard subscription management sheet.

11. Analytics and advertising

Unloop contains zero advertising trackers. We do not integrate Google Ads, Meta Pixel, or any ad network SDK. We may use privacy-respecting crash reporting to diagnose technical issues — this never includes episode content or personal data.

12. Children

Unloop is not directed at children under 16 (under 13 in the United States per COPPA). We do not knowingly collect data from children below these ages. If you believe a child has provided us with data, please contact reactiveweb.support@gmail.com and we will delete it promptly.

13. Changes to this policy

If we make material changes to this policy, we will notify you via the app or by email before the changes take effect. Continued use of the app after changes are notified constitutes acceptance of the updated policy.