← Mushin

Privacy Policy

Last updated: May 2026

Introduction

Mushin ("the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application available on iOS and Android platforms.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our App.

Information We Collect

We collect information necessary to provide you with daily Zen wisdom, personalized teachings, practice suggestions, and conversations with our AI guide, Mu.

Account Information

• Email address — used for account authentication and password recovery
• Display name — optional, used for personalizing Mu's greetings

Usage Data

• Saved quotes — quotes you bookmark or add to your Reflections
• Coach conversations — messages you send to Mu and responses from our AI
• Notification preferences — your chosen settings for daily reminders and Bells
• Practice selections — practices you engage with and your mindful-day history
• Morning messages — personalized daily messages generated based on the daily quote
• Feedback submissions — messages and ratings you voluntarily send via Settings → Send Feedback, stored alongside your account ID, app version, and device platform so we can respond and reproduce issues

Diagnostic and Crash Data

We use Sentry to capture crash reports, errors, and performance diagnostics so we can fix bugs and keep the App stable. Sentry collects:

• Crash stack traces, error messages, and the sequence of actions leading up to the error (breadcrumbs)
• Device identifiers, operating system type and version, and app version
• Session Replay (errors only): when an error occurs, Sentry records a short replay of the in-app session preceding the crash. All text and images are masked by default so that quote content, conversation text with Mu, reflection titles, profile names, and other personal content are not captured. Only UI structure and the user's interaction path are visible to us.

Crash data and session replays are stored on Sentry's infrastructure under their privacy policy. We do not use Sentry for marketing, advertising, or behavioural tracking.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App and its features
• Generate personalized daily wisdom and teachings
• Power our AI coach, Mu, to provide responsive guidance and reflection
• Send scheduled notifications for daily quotes and practices
• Authenticate your account securely
• Diagnose technical issues and improve performance
• Comply with legal obligations

AI and Anthropic Claude API

Your conversations and content may be sent to Anthropic's Claude API to generate AI-powered teachings, practices, and coach responses. This transmission occurs via our secure backend (Supabase Edge Functions) to ensure your data is encrypted in transit.

Anthropic may use aggregated, anonymized interactions to improve their API service, in accordance with their privacy policy. We do not send personally identifying information beyond what is necessary for the AI to generate contextual responses.

Please note: Do not share sensitive personal, medical, or financial information with Mu, as it will be sent to Anthropic's servers.

Data Storage

Your data is stored securely in two locations:

• Cloud storage: Supabase (powered by PostgreSQL on AWS) — encrypted at rest
• Local device cache: AsyncStorage — encrypted using your device's built-in security

Third-Party Sharing

We do not share your data with third parties, with the following exceptions:

• Anthropic (AI provider): Conversations with Mu, daily quote context, and reflection titles are sent to Claude API to generate responses. Anthropic processes this data under their privacy policy. They may retain data on their own infrastructure independently of our retention practices.
• RevenueCat (subscription management): If you purchase Mushin+, RevenueCat handles purchase verification, entitlement management, and receipt processing on our behalf. They receive an anonymous app user ID, your device platform, and subscription status — not your email, name, or app content. RevenueCat acts as a data processor and is governed by their privacy policy.
• App Store / Google Play: Apple and Google process your subscription payments directly. Mushin never sees your payment details. Refer to their respective privacy policies for how they handle payment data.
• Supabase (cloud database): Hosts your account, reflections, conversations, and preferences as our infrastructure provider. Encrypted in transit and at rest.
• Sentry (crash reporting): Receives crash reports, error diagnostics, and masked Session Replays when an error occurs. Used solely for bug-fixing and stability monitoring — see "Diagnostic and Crash Data" above. Governed by their privacy policy.
• Legal compliance: We may disclose your information if required by law.

We do not sell your data. We do not use marketing analytics or behavioural advertising trackers, and we do not show advertisements. The diagnostic tools described above are used solely to fix bugs and keep the App stable.

Data Deletion and Account Removal

You have the right to delete your account and all associated data. To delete your account:

1. Open the App
2. Tap the leaf icon in the header to access Settings
3. Scroll to "Delete Account"
4. Confirm the deletion

When you delete your account, we permanently remove:

• Your email address and profile information
• All saved quotes and reflections
• All coach conversations
• Notification preferences

Local cache on your device is cleared when you sign out. You may also manually delete the App to clear all local data.

Data Retention

We retain your data for as long as your account is active. If you do not access the App for 24 months, we may contact you to confirm continued interest. Deleted accounts have all data purged from our systems within 30 days.

Note on third-party retention: Our 30-day purge applies only to data on Mushin's infrastructure (Supabase). Conversations sent to Anthropic for AI processing are subject to Anthropic's own retention policies and may persist on their systems independently. Refer to Anthropic's privacy policy for details. Subscription records held by Apple, Google, or RevenueCat are similarly governed by their respective retention practices.

Security

We implement comprehensive security measures to protect your data:

• HTTPS encryption: All data in transit is encrypted
• Row Level Security (RLS): Supabase RLS policies ensure users can only access their own data
• No client-side secrets: API keys are stored securely on our backend only
• Authentication: Your account is protected by secure password hashing (Supabase Auth)

However, no system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete such information and terminate their account.

Your Rights

Depending on your location, you may have rights regarding your personal data, including:

• Right to access your data
• Right to correct inaccurate data
• Right to delete your data
• Right to data portability
• Right to object to processing

To exercise any of these rights, contact us at the address below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Your continued use of the App constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: gallantingo@gmail.com
Organization: Gallantin