Home

Privacy Notice

Last updated: June 5, 2026

1. Who we are

Inner Beat is operated by katherine. katherine is the data controller for the personal data described in this notice, except where Paddle acts as Merchant of Record (in which case Paddle is an independent controller for payment-related data).

2. Personal data we collect

  • Account data — email address, display name, sign-in identifiers (including data returned by Google or Apple sign-in), and authentication tokens.
  • Profile and social data — display name, invite code, friend connections you create inside the app.
  • Check-in content — text notes, mood, sets/reps, photos, videos, and other content you upload.
  • Support messages — anything you send us when you contact support.
  • Usage and device data — log data, approximate IP address, browser/device identifiers, timestamps, error reports.
  • Billing data — subscription status and plan, customer/subscription identifiers returned by Paddle. Card numbers and billing addresses are collected and stored by Paddle, not by us.

3. How we use personal data

  • create and operate your account and provide the Service (contract);
  • store, display, and back up your check-ins and media (contract);
  • enable friend connections and sharing features you opt into (contract);
  • process subscriptions and entitlements (contract, legal obligation);
  • secure the Service, prevent fraud and abuse, and debug errors (legitimate interests);
  • improve product features and reliability (legitimate interests);
  • respond to support requests and important account notices (contract / legitimate interests);
  • comply with applicable law (legal obligation).

4. Legal basis

We rely on (a) performance of our contract with you, (b) our legitimate interests in running and securing the Service, (c) your consent where required (for example optional media access on your device), and (d) compliance with legal obligations.

5. Who we share data with

  • Cloud hosting and storage providers that run our database, file storage, and serverless backend.
  • Paddle, our Merchant of Record, which processes payments, manages subscriptions, handles invoicing, calculates tax, and supports refunds. See Paddle's privacy policy.
  • Identity providers (Google, Apple) when you choose to sign in with them.
  • Professional advisers (legal, accounting) where necessary.
  • Authorities when required by law, subpoena, or to protect rights and safety.

6. International transfers

Some of our providers (including Paddle) may process data outside your country, including in the United States and the European Union. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7. Data retention

We keep your account data for as long as your account exists. Check-in content is kept until you delete it or close your account. Billing and tax records are kept for the period required by law. Backups and logs are kept for a limited period and then deleted or anonymised.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. If you are in the UK or EEA, you also have the right to lodge a complaint with your local supervisory authority. We will respond to verified requests within the time required by law (within one month for GDPR requests).

To exercise your rights, contact us through the support channel in the app, or delete your account from the app to remove your data.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, row-level security on our database, and regular review of our providers. No system is perfectly secure; please use a strong and unique password.

10. Cookies and similar technologies

We use a small number of cookies and local storage entries that are strictly necessary to keep you signed in, remember language preferences, and operate the Service. We do not use third-party advertising cookies. Paddle's checkout may set its own cookies necessary for payment processing.

11. Children

The Service is not directed at children under the age required by local law (typically 13 or 16). If you believe a child has provided us personal data, contact us so we can delete it.

12. Changes

We may update this notice from time to time. Material changes will be communicated through the Service.

13. Contact

For privacy questions, contact katherine through the in-app support channel. See also our Terms & Conditions and Refund Policy.