Privacy Policy

1. Who We Are

Door 24 Technologies LLC (“we,” “us,” “our”) builds and operates Breakout: Rewire Your Mind — a mobile app for daily audio coaching, spoken affirmation practice, and on-demand state-change tools.

This policy covers data collected through the Breakout iOS app, the breakoutmind.com website, and any related services (collectively, the “Service”).

2. What We Collect

We collect the minimum data needed to provide the Service. Here’s the full list — no surprises.

Data you give us

• Email address — Account creation, password resets, important account notices. Not collected if you use Apple Sign-In with hidden email or continue anonymously.
• Name or nickname — Personalize your in-app experience (greeting, ritual).
• Gender — Tailor content and recommendations.
• Age range — Tailor protocol intensity and content.
• Attribution (“How did you hear about us?”) — Understand how users find Breakout.
• Diagnostic quiz responses — Identify your primary loop type and personalize your program.
• Saved tracks, favorites, playlists — Persist your library preferences across sessions.
• Installed rewrites (affirmation selections) — Track which identity rewrites you’re actively practicing.

Data we collect automatically

• Device info (platform, OS version, timezone) — Deliver a working app, schedule notifications at the right time.
• Usage data (features used, streaks, install completions) — Track your progress, power the home dashboard.
• Push notification token — Deliver daily reminders and motivational quotes.
• Crash logs and error reports — Fix bugs. Includes device info, OS version, and stack traces.
• Performance traces — Measure app start time, screen load speed, and network request duration so we can keep the app fast.
• Session replay on errors — When a crash or error occurs, a replay of the screen leading up to it is captured with all text and images masked. No personal content is visible in replays.
• Analytics events (screen views, feature engagement, categorical demographic data such as age range and gender selected during onboarding) — Understand which features are working, which need improvement, and how usage varies across demographics.

Data we explicitly do NOT collect

• No audio recordings. Speech recognition during the install ritual is processed entirely on-device by Apple’s built-in speech engine. No audio is recorded, stored, or transmitted to any server.
• No camera data. The front-facing camera is used as a live mirror during the install ritual. No photos or video are captured or stored.
• No health data. We don’t read from or write to Apple Health.
• No contacts, location, or browsing history.
• No advertising identifiers. We don’t run ads.

3. How We Use Your Data

• Run the app. Authenticate you, save your progress, deliver your daily breakout, play audio.
• Send notifications. Daily reminders and motivational quotes — only with your permission, and only at times you choose.
• Improve the product. Aggregate, anonymized usage patterns help us understand what’s working. We never tie analytics to your identity for profiling purposes.
• Communicate with you. Account-related emails (password resets, policy changes) and support responses.
• Comply with the law. Respond to valid legal requests if required.

We will never sell your personal data. We don’t run ads. We don’t do behavioral profiling.

4. Third-Party Services

We use a small number of trusted services to operate the app. Each receives only the data required for its specific function.

• Firebase (Google) — Authentication and database. Accesses email, user ID, app data. Privacy policy
• PostHog — Analytics. Accesses anonymized usage events, device info, user ID. Privacy policy
• RevenueCat — Subscription management. Accesses user ID, purchase receipts. Privacy policy
• Sentry (Functional Software) — Crash reporting and performance. Accesses crash logs, performance traces, session replays (text and images masked), device info, navigation breadcrumbs, error screenshots. Privacy policy
• Expo — Push notifications. Accesses push token, notification content. Privacy policy
• Apple — Payments (App Store) and Sign-In. We never see your payment details. Privacy policy

We do not share data with data brokers, advertising networks, or any party not listed above.

5. Data Storage and Security

• All user data is stored in Google Cloud (Firebase) data centers in the United States.
• Data in transit is encrypted via TLS. Data at rest is encrypted by Google Cloud.
• Authentication uses Firebase Auth with secure token-based sessions.
• Firestore security rules enforce owner-only access — your data is readable and writable only by your authenticated account.
• Local data on your device is stored using MMKV (high-performance key-value storage). MMKV is not encrypted at rest by default.

No system is 100% secure. We take reasonable measures to protect your data, but cannot guarantee absolute security.

6. Account Deletion

You can delete your account at any time from Settings within the app.

Deletion is immediate and permanent. When you tap “Delete Account”:

1. All your data in Firestore is recursively deleted — profile, saved tracks, favorites, playlists, installed rewrites, activity history, and audit logs.
2. Your RevenueCat subscription record is removed.
3. If you signed in with Apple, your Apple Sign-In token is revoked.
4. Your Firebase Auth account is deleted.

There is no grace period and no undo. Downloaded audio files are also removed from your device. If you want a copy of your data before deleting, contact us at support@breakoutmind.com.

Active subscriptions: Deleting your account does not automatically cancel your App Store subscription. You must cancel separately through your Apple ID settings before deleting your account, or you’ll continue to be charged.

7. Data Retention

• Active accounts: Data is retained as long as your account exists.
• Deleted accounts: All data is deleted immediately upon account deletion.
• Crash logs and performance data: Retained by Sentry for 90 days, then automatically purged. Session replays follow the same 90-day retention.
• Analytics data: Retained in aggregate (anonymized) form. Individual-level analytics data is retained by PostHog according to their data retention policies. Analytics data is reset when you delete your account.
• Support emails: Retained as long as necessary to resolve your request, then archived.

8. Your Rights

Regardless of where you live, you can:

• Access your data — request a full export by emailing us
• Correct inaccurate data — update your profile in the app, or email us
• Delete your account and all associated data — from Settings, instantly
• Opt out of notifications — disable categories or all notifications in app settings
• Opt out of analytics — toggle off “Analytics” in the app’s Settings screen at any time

California residents (CCPA)

You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We don’t sell personal information, so there’s nothing to opt out of — but we’ll honor any request.

EU/EEA residents (GDPR)

You have the right to access, rectify, erase, restrict processing, and port your data. Our legal basis for processing is legitimate interest (operating the Service) and consent (notifications, analytics). To exercise any right, email us.

9. Children’s Privacy

Breakout is not intended for anyone under 18. We do not knowingly collect data from minors. If we learn that a user is under 18, we will delete their account and data immediately.

10. Changes to This Policy

We’ll update this policy when something meaningful changes — not for cosmetic rewording. When we do:

• The “Last Updated” date at the top will change.
• For material changes, we’ll notify you via email or an in-app notice before the changes take effect.
• Continued use of the app after notification constitutes acceptance.

11. Contact