iConfess LogoiConfess
Home

Privacy Policy

How we protect and handle your data

Your Privacy Matters

Privacy Policy

iConfess is built with privacy at its core. We are fully committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR).

Last updated: February 15, 2026

Transparency

We clearly explain what data we collect, why we collect it, and how long we retain it. No hidden tracking or surprises.

Security

All communications use HTTPS/WSS encryption. Voice data is processed in real-time and never stored. Session data is ephemeral.

Control

You have full control over your data: access, export, and delete at any time. Account deletion includes a 30-day cooling-off period.

Information We Collect

Account Information

  • Email address — for account creation, authentication, and service communications
  • Authentication tokens — managed securely by Supabase Auth
  • Subscription status — to manage your plan and billing via Creem

What We Do NOT Collect or Store

  • Voice recordings — audio is processed in real-time by our AI provider and never saved
  • Confession content — what you say is never logged, transcribed permanently, or stored
  • Session transcripts — real-time transcripts shown during sessions exist only in your browser memory and are cleared when the session ends

Automatically Collected Data

  • Essential cookies — for authentication and session management only
  • Basic usage metrics — session duration for daily time limit tracking (not content)

How We Use Your Information

Service Operation

  • • Authenticate your identity
  • • Manage your subscription and billing
  • • Track daily usage time limits
  • • Provide customer support

Legal Basis (GDPR)

  • Consent — explicit opt-in at registration
  • Contract — necessary for service delivery
  • Legitimate interest — service security and fraud prevention
  • Legal obligation — compliance with applicable laws

Third-Party Services

We do not sell your personal information. We share data only with the following service providers, solely for operating iConfess:

  • Supabase — authentication and database (account data)
  • AI Voice Provider — real-time voice processing (no data retained)
  • Creem / PayPal — payment processing (billing data only)
  • Vercel — web hosting and infrastructure

Your Rights Under GDPR

Data Rights

  • Right to Access — request a copy of your data
  • Right to Rectification — correct inaccurate data
  • Right to Erasure — delete your account and all data
  • Right to Portability — export your data in a standard format

How to Exercise

  • • Export data from your Profile page
  • • Request account deletion from your Profile page (30-day cooling-off period)
  • • Manage cookie preferences via the cookie banner
  • • Contact us at privacy@iconfess.app for any data requests

Children's Privacy

iConfess requires users to be at least 16 years old. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal data, please contact us immediately at privacy@iconfess.app, and we will promptly delete the account.

Related Information

Terms of Service

Your rights, responsibilities, and our service commitments.

About iConfess

Our mission, values, and privacy-first approach to spiritual reflection.

Crisis Resources

24/7 crisis hotlines and mental health support resources.

Questions About Privacy?

Contact our Data Protection team at privacy@iconfess.app. We respond to all GDPR requests within 30 days.

Back to Home
    Privacy Policy — iConfess | Zero Voice Storage, GDPR Compliant | iConfess