guidEase
Last Updated: May 15, 2026
guidEase was built by and for autistic, ADHD, and AuDHD people. We know that trust — especially around something as personal as a journal — isn't given automatically, and shouldn't be. This policy is written to be actually readable, not just legally defensible. If something isn't clear, please reach out.
guidEase is operated by guidEase, Inc., a Delaware corporation ("guidEase," "we," "us," or "our"). You can reach us at hello@guidease.app.
guidEase provides general wellness and self-reflection tools. It is not intended to diagnose, treat, cure, or prevent any mental health condition and is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of a qualified healthcare provider with any questions you may have regarding your mental health.
If you use Face ID or Touch ID to access guidEase, that authentication is handled entirely by your device's operating system. Your biometric data never leaves your device and is never transmitted to us.
We know some users would prefer a fully local, offline-only app. Here's why guidEase uses cloud storage and why we think it's the right call for our users:
Your entries sync to our encrypted database so you can access them across devices, recover them if your phone is lost or replaced, and never lose data to a local storage failure. For users who rely on their journal for pattern recognition and self-understanding over time, losing that history would be a significant harm. We made a deliberate choice to protect against that — with encryption, not local-only storage.
If this tradeoff doesn't feel right for you, you can export all your data at any time and delete your account.
We do not use your journal content to train AI models. We do not sell your data to third parties. We do not serve ads.
All journal entries, mood data, memories, and AI insights are encrypted before being stored in our database using AES-256-CBC with HMAC-SHA256 integrity verification — the same encryption standard used in financial and healthcare applications. Each entry uses a unique initialization vector (IV), so no two entries look alike in storage even if the content were identical.
Your data is encrypted and protected. However, guidEase does not use a "zero-knowledge" or "end-to-end" architecture. This means that in a situation where our encryption key were compromised alongside our database, your data could theoretically be decrypted. We want to be honest about this rather than use language that overstates our protections.
While we use commercially reasonable safeguards to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
What we can tell you with confidence:
All communication between the app and our servers uses TLS 1.2 or higher.
We use the following third-party services to operate guidEase. Each has its own privacy policy.
What we send: Decrypted journal entry text when you request AI analysis or use voice transcription.
Why: To generate the AI-powered insights that are core to guidEase's functionality.
Their commitment: OpenAI does not use data submitted via their API to train their models.
Their policy: openai.com/policies/privacy-policy
When you tap "Analyze," your entry is decrypted on your device and sent to OpenAI. We send only the content needed for analysis — we do not send your username, account ID, email address, or any other identifying information alongside your entries. OpenAI has no way to associate the text they receive with your guidEase account.
What we send: Encrypted journal data, account information, push notification tokens, and support tickets.
Why: Supabase is our database and authentication provider.
Their policy: supabase.com/privacy
What we send: Anonymous usage events (e.g., "entry created," "AI analysis viewed," "entry revisited"). Events may include a property indicating your account type (PIN-only or email) to help us understand how different users interact with the app. No journal content, entry text, or personally identifiable information is ever sent to Mixpanel.
Why: To understand how the app is being used so we can improve it for neurodivergent users.
Their policy: mixpanel.com/legal/privacy-policy
What we send: Crash reports, stack traces, device information, and anonymized interaction breadcrumbs. No journal content or entry text is ever sent to Sentry.
Why: To identify and fix bugs quickly. Sentry is disabled during development — it only runs in production builds.
Their policy: sentry.io/privacy
What we send: Purchase information for Premium subscriptions through Apple's In-App Purchase system.
Why: App distribution and in-app purchases are handled through their platform.
Their policy: apple.com/legal/privacy
What we send: Your device's Expo push notification token (a unique identifier for your app install) and the content of any transactional push notifications we deliver (e.g., journal reminders, insight-ready alerts).
Why: Expo's push notification service delivers notifications to your device. We use Expo as our notification infrastructure so we don't need to manage Apple's APNS or Google's FCM directly.
Their policy: expo.dev/privacy
What we send: Your email address for two purposes: (1) to deliver one-time password (OTP) authentication codes during email-based login and account creation, and (2) to send transactional and marketing emails to users who have opted in.
Why: Authentication and, where you've consented, product updates and announcements. We do not share journal content with Resend.
Their policy: resend.com/legal/privacy-policy
What we send: Your email address, only if you explicitly opted in to marketing emails.
Why: Kit was used to manage our early beta waitlist and tester communications. We may phase this out in favor of Resend as our primary email platform. If you were added to Kit as part of beta signup, you can unsubscribe at any time from any email we send.
Their policy: kit.com/privacy
We keep your data for as long as your account is active. When you delete your account:
This action is permanent and cannot be undone.
You can request account deletion from within the app under Settings → Account → Delete Account.
A note on database backups: guidEase uses Supabase Pro, which maintains automated point-in-time recovery backups with a 7-day retention window. When you delete your account, your data is removed from our active database immediately. Encrypted copies may persist in automated backups for up to 7 days before being permanently overwritten. We cannot restore deleted data from these backups — they exist solely for infrastructure disaster recovery, not user data recovery.
Support ticket records may be retained for up to 12 months for legal and operational reasons, even after account deletion.
Regardless of where you live, you have the right to:
You additionally have the right to access a copy of your personal data, restrict or object to certain types of processing, data portability, and to lodge a complaint with your local supervisory authority.
Our legal basis for processing your data is contract (providing the service you signed up for) and legitimate interests (improving the app through anonymous analytics).
To exercise any of these rights, contact us at hello@guidease.app.
Depending on where you live, you may have additional rights under state privacy laws — including the right to request access to, correction of, or deletion of your personal information. We honor these rights for all users regardless of location. To make a request, contact hello@guidease.app.
guidEase is intended for individuals who are at least 13 years old. We do not knowingly collect, use, or store personal information from children under the age of 13.
If we become aware that we have collected personal information from a child under 13, we will delete that information as soon as reasonably possible. If you believe that a child under 13 has provided personal information through the app, please contact us at hello@guidease.app.
If you are between 13 and 17, you may use guidEase only with the involvement and consent of a parent or legal guardian. We encourage you to review this Privacy Policy with them.
If you are using guidEase through TestFlight as a beta tester, the same privacy practices described in this policy apply to your data. Beta versions may be less stable, but we treat beta users' data with the same care and protections as public users.
If guidEase, Inc. is ever acquired, merges with another company, or transfers its assets, your personal data may be part of that transition. If this happens, we will notify you via in-app notice (and by email if you have one on file) before your data is transferred to any new entity. The new entity would be required to honor the privacy commitments in this policy or give you the opportunity to delete your account first.
In the event of a data breach that affects your personal information, we will notify affected users promptly — within 72 hours of becoming aware of the incident where technically feasible — and will describe what happened, what data was involved, and what steps we are taking.
When we make significant changes to this policy, we'll notify you in the app and update the "Last Updated" date above. Your continued use of guidEase after changes are posted means you accept the updated policy.
We'll never make changes that substantially reduce your rights without giving you a chance to review them and, if needed, delete your account before the changes take effect.
All privacy questions and requests: hello@guidease.app
Website: guidease.app
We're a solo-founded company. We read every message and respond as quickly as we can.
guidEase is not a medical device and is not a substitute for professional mental health care. See our Terms of Service for the full disclaimer.