We at Solo Eleven LLC (“Solo Eleven,” “Reflect,” “we,” “us,” or “our”) respect your privacy and are committed to keeping secure any information we collect from or about you. This Privacy Policy describes how we handle personal data when you use our mobile application, Reflect, and any related websites, services, or features (collectively, the “Services”).

Educational & Lifestyle Purpose Only. Reflect is designed solely as a personal‑growth, education, and lifestyle tool that helps you organize thoughts, practice mindfulness, and gain everyday insights. It is not intended for diagnosis, treatment, or cure of any mental‑health or medical condition, nor is it a substitute for professional counseling, psychotherapy, or medical care.

A portion of our Services relies on OpenAI’s artificial intelligence technology—particularly the OpenAI API (sometimes referred to as “OpenAI’s Responses API,” “GPT,” or other OpenAI developer platform endpoints)—to process certain text inputs and generate AI-based responses. Because we are a business customer of OpenAI, the content we send to OpenAI’s API is governed by a customer agreement between Solo Eleven and OpenAI. That means the OpenAI consumer Privacy Policy you may see on openai.com (which applies to end users of ChatGPT and other consumer-facing OpenAI tools) does not directly apply to your content when it is processed by Reflect. Instead, our agreement with OpenAI sets forth how they process user prompts and AI outputs on our behalf.

For more information on how OpenAI collects and uses data for its own model training and development — including your choices regarding such usage — please visit OpenAI’s Help Center. If you have questions about this Privacy Policy or how Reflect integrates with OpenAI, you can contact us using the details provided in the “How to Contact Us” section below.

Important: Reflect is not a medical or healthcare service, and we are not a covered entity under health privacy laws like the Health Insurance Portability and Accountability Act (HIPAA). This means that the information you choose to share in Reflect is not protected by doctor-patient confidentiality or HIPAA in the way that information shared with a healthcare provider might be. We still commit to protecting your data as described in this Privacy Policy, but please keep this distinction in mind when using the Services.

HIPAA & Texas Health Privacy Disclaimer. No Duty to Report by Professionals. If you are a licensed healthcare or mental-health professional, do not use Reflect with PHI or client records. We do not sign BAAs and are not a mandated reporter under Texas law; you remain fully responsible for any professional obligations. Reflect (and Solo Eleven LLC) is not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) or a provider regulated under Texas Health & Safety Code Chapter 611 (which governs licensed mental health professional records). This means any information you share in Reflect—such as journal entries or AI-generated conversation logs—is not subject to HIPAA’s privacy protections, and is not treated as medical or therapist–client records under Texas law.  We do not hold ourselves out as a healthcare provider or mental health facility. Nothing you input into Reflect is protected by doctor–patient confidentiality, and we are not required to comply with HIPAA’s security or privacy rules for medical records. While we still take privacy and data security seriously, you should understand that journaling or sharing personal thoughts in Reflect is distinct from seeking professional care from a licensed medical or mental health practitioner.

No HIPAA Coverage or PHI Storage. Reflect and Solo Eleven LLC are not “covered entities” or “business associates” under the Health Insurance Portability and Accountability Act (HIPAA). Do not upload or store Protected Health Information (PHI) about patients or clients. We do not sign Business Associate Agreements and cannot guarantee HIPAA‑level safeguards. If you choose to share personal health details in Reflect, you acknowledge they are handled under this Privacy Policy, not as medical records.

1. Personal Data We Collect

When you use Reflect, we collect different types of personal data (“Personal Data”) for various purposes as described below.

Personal Data You Provide: You may provide us with certain Personal Data when you use the Services, including:

• Account Information: When you create an account on Reflect, we may collect basic details such as your name, email address, and any other information you voluntarily provide (e.g., an alias or profile image). If there are in-app purchases or subscription payments, we may collect information about the transaction (such as confirmation of payment) to maintain your subscription status. Note: Payment processing (including subscriptions and any refunds) is handled by the Apple App Store and is subject to Apple’s own policies, so we do not receive your full payment card information.

• User Content: Reflect is designed to help you explore your thoughts and ideas. Accordingly, we collect the text, journal entries, and other materials you input into the app (for example, typed text, voice-to-text transcriptions of your voice, or any notes you write). If you choose to use a file-upload or image-upload feature (if offered in the app), we would collect that content as well.

• Audio Note: If you use a voice-to-text feature in Reflect, your raw audio may be processed by Apple’s on-device speech recognition or a third-party speech-to-text provider. Reflect itself does not store raw audio files; we receive only the transcribed text, which is then stored as part of your journal and is used to generate AI responses.

• Communication Information: If you contact us directly (for example, by email or through a feedback form or social media), we will collect your name, email address, and the contents of your message or communication. This may also include any additional information you choose to provide. We use this information to respond to your inquiries, provide support, and improve our Services based on your feedback.

• Other Information You Provide: Occasionally, you might provide additional data — for example, if you fill out a survey, participate in a beta testing program, or provide optional demographic information (such as your age range or well-being goals) to personalize your experience. We will collect whatever information you choose to provide in these contexts.

Personal Data We Collect Automatically: When you use or interact with Reflect, we automatically collect certain technical data and usage information. This may include:

• Log and Usage Data: Our servers automatically record information (“Log Data”) about your use of the app. This can include details such as your device’s Internet Protocol (IP) address, device type and model, operating system version, the dates/times of your visits, and how you navigated or interacted with various parts of the app. For example, we might log which journaling features you use, the prompts or suggestions you view, how long you spend in certain sections, and the frequency of your sessions. We use Log Data for purposes like performance monitoring, security, troubleshooting, and understanding user engagement (e.g., which features are most used) to improve the product.

• Device Information: We collect certain information about the device you use to run Reflect. This includes things like the device model (e.g., iPhone model), unique device identifiers, operating system version (e.g., iOS version), and system settings or configurations. This helps us ensure compatibility across devices and optimize the app for common device types.

• Location Information: We may infer your general geographic location (such as city or region) based on your IP address. This does not give us your precise GPS coordinates, but it helps us detect unusual account activity (for security) and understand usage patterns regionally. If in the future Reflect offers location-based features and you choose to grant precise location access, we would collect your device’s precise geolocation — but you would have control via your device settings to enable/disable such collection. (Currently, Reflect does not collect precise GPS location by default.)

• Cookies and Similar Technologies: If any part of our Services is provided via a web interface (for example, an optional web portal or our marketing website), we may use cookies or local storage in your browser to remember preferences, keep you logged in, or gather analytics data. For example, a cookie might store your session ID so you don’t have to log in repeatedly. We will provide a Cookie Notice or similar disclosure on our website if cookies are used, in compliance with applicable laws. If we begin using non‑essential cookies, we will post a cookie banner and allow you to opt out where required by law.

Personal Data We Receive from Other Sources: We may also receive information about you from third parties or public sources, such as:

• Third-Party Services & Partners: If you interact with any third-party services that integrate with Reflect, those services might send us certain information (according to their own privacy policies and your settings). For instance, if we partner with an analytics provider or error tracking service, they might collect technical data from your app to help us diagnose problems. We require any such partners to use the information only for our specified purposes and to protect it under privacy and security standards comparable to ours.

• Apple (App Store) and Payment Processors: For subscription management, Apple may provide us basic information about your subscription status (e.g. whether you are currently subscribed, your renewal date, and if a refund was processed). This is to allow us to enable premium features appropriately. We do not receive your personal financial information from Apple, aside from possibly an anonymous transaction identifier.

• Marketing or Referral Sources: If you discovered Reflect through an advertisement, referral link, or marketing campaign, we might receive info such as an campaign ID or referrer that led you to install the app. This helps us evaluate our marketing efforts. We generally do not get personal details about you from these sources beyond whatever is necessary to attribute how you found us.

• OpenAI (AI Provider): As noted, we send the textual content of your journal entries or prompts to OpenAI’s API in order to generate AI responses. OpenAI may process that content for us to provide the AI functionality. According to OpenAI, API data is not used to train OpenAI’s public models unless we opt-in. We have configured our usage in line with OpenAI’s policies to protect user privacy; for more details, see OpenAI’s documentation on data usage. We do not share audio recordings with OpenAI (since only text is sent). However, the text you input or dictate is sent to OpenAI’s servers to generate the journaling suggestions and reflections.

• Publicly Available Data: Reflect itself does not scrape or collect data about you from public databases or social media. However, OpenAI’s models are trained on a broad range of public text data. This means the AI might sometimes produce information or general knowledge drawn from public sources. We do not specifically control or contribute to that training data. (For example, if you ask the AI a general question, it answers from its training, not from a Reflect database.)

2. How We Use Personal Data

We use the Personal Data we collect for the following purposes (and in accordance with the legal bases permitted under applicable law):

• To Provide and Personalize Our Services: We use your information to operate the Reflect app and deliver its core functionality to you. This includes using your Input to generate AI-based journaling reflections or suggestions, maintaining your account and preferences, and delivering content back to you. For example, we use the text of your journal entries to generate personalized prompts or insights tailored to you. Without your data, these features cannot function. (Legal basis: performance of a contract with you, i.e., providing the services you’ve requested.)

• To Analyze and Improve the Services: We continuously strive to improve Reflect. We analyze usage patterns, feedback, and interactions (in aggregate and de-identified forms where possible) to identify what’s working and what isn’t. For example, we might look at how often a new feature is used or review anonymized conversations to fine-tune our AI model’s responses. We also may test and troubleshoot to ensure our AI is providing relevant and helpful outputs. Part of improvement also involves conducting research and development, such as experimenting with new AI models or analytics techniques on anonymized data to enhance the user experience. (Legal basis: our legitimate interests in improving our product and business.)

• To Communicate with You: We use contact information (like your email) to send you service-related communications and updates. This may include welcome emails, confirmations (such as confirming a subscription or a support request), and important notices about the app or your account. We may also send educational materials or tips on using Reflect, and, if you opt in, newsletters or promotional content about new features. You can opt out of non-essential communications at any time by following unsubscribe instructions or contacting us. (Legal basis: legitimate interests in keeping you informed about the service; and for promotional emails, your consent where required by law.)

• To Ensure Security and Prevent Fraud/Abuse: We are committed to keeping Reflect a safe space. We may use data (including automated tools) to detect and prevent fraudulent activity, security breaches, and other harmful behavior. For example, we might use IP address and login data to detect multiple failed login attempts (possible brute force attack) or to determine if any usage patterns look like bots or misuse of the API. If you use the app in violation of our Terms (such as attempting prohibited scraping or entering disallowed content), we may process that information to enforce our Terms. We also use your data to investigate violations and, where necessary, to cooperate with law enforcement or comply with legal obligations (see Disclosure section below). (Legal basis: legitimate interests in protecting our service and users; compliance with legal obligations.)

• To Comply with Legal Obligations and Protect Rights: If we are subject to legal requirements to retain or disclose certain data, we will do so. We may use or disclose data as needed to respond to lawful requests by authorities, to satisfy regulatory requirements (for instance, tax and accounting rules for any payments), or to establish or defend legal claims. We also reserve the right to use data to protect our rights or the rights, property, and safety of our users or others. (Legal basis: compliance with legal obligations; protection of vital interests or legitimate interests in defending legal rights.)

• To Aggregate and Anonymize Data: We may convert personal data into aggregated or anonymized form, such that it no longer can be reasonably linked to you. We might use this for internal analysis, such as measuring the percentage of users who use a certain feature, or publish insights about usage trends (for example, average number of journal entries per user, or overall user engagement statistics). This information will not identify you. (We do not re-identify aggregated data except as required by law or for internal consistency checks.)

• Advertising (Currently None): We do not currently use your data for third-party advertising purposes. We do not serve third-party ads in the app, and we do not sell your data for advertising. If this ever changes, we will update this policy and provide appropriate opt-outs.

• Abuse-Detection Logs. We may retain hashed or redacted metadata (IP, timestamps, model scores) for up to 18 months solely to detect fraud, abuse, or security incidents. These logs are not accessible to other users or advertisers.

We will only use your Personal Data for the purposes described above or for compatible purposes. If we need to use your data for an unrelated purpose, to the extent required by law, we will notify you and obtain your consent or ensure we have a lawful basis for the new use. 

We do not proactively monitor journal entries for safety issues and do not routinely disclose them to authorities. In rare cases where we are made aware of an imminent threat (e.g., you directly communicate a threat to us), we may, in good faith, disclose information to law enforcement to prevent harm, but we are not obligated to do so.

3. Disclosure of Personal Data

We may share or disclose your Personal Data in the following circumstances, and always in accordance with applicable privacy laws:

• Vendors and Service Providers: We use trusted third-party companies to help us operate and improve Reflect. These include hosting providers (to store data and run our app in the cloud), analytics services (to help us understand app performance), email service providers (to send communications), crash reporting or error tracking services, and OpenAI (which processes your text to generate AI output on our behalf). These third parties only access your data to perform tasks for us and are contractually obligated not to disclose or use it for other purposes. We require vendors to implement reasonable security measures to protect your data. (Examples: We may store your account data and conversations on Firebase, a platform provided by Google. When our AI processes text via OpenAI, that content is disclosed to OpenAI under our agreement with them.)

• Business Transfers: If Solo Eleven LLC is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of the Service to another provider, your Personal Data may be transferred to a successor or affiliate as part of that transaction. We would ensure that any such successor is bound by terms and practices substantially consistent with those described in this Privacy Policy (or you will be given notice and choice if they are materially different).

• Legal Compliance and Safety: We may disclose Personal Data to government or law enforcement officials or private parties when we believe in good faith that such disclosure is required to comply with a legal obligation or valid legal process (e.g., a court order or subpoena)​. We may also disclose data if we believe it is reasonably necessary to (i) enforce our Terms of Use or other agreements, (ii) investigate and defend ourselves against any third-party claims or allegations, (iii) protect the security or integrity of our Services (for example, investigating suspicious activity or technical issues), or (iv) exercise or protect the rights, property, or safety of Solo Eleven, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

• Affiliates: We may share your information with our corporate affiliates (for instance, if in the future we have a parent company, subsidiaries, or common ownership). Any affiliate receiving your information will only use it for the same purposes outlined in this Privacy Policy.

• With Your Consent: In cases where you explicitly agree to our sharing of information, we may do so. For example, if we ever introduce a feature where you can publish or share a portion of your journal or AI-generated insight with the public or a community, we would only do so with your consent (by you choosing to share or publish). Another example is if you ask us to integrate with a third-party service (like exporting your data to another app), we would send data to that third party at your direction.

• Other Users or Third Parties (By Your Actions): If you voluntarily share content from Reflect with others (for example, by generating a reflection and then sending it to a friend, or by using a feature that creates a shareable link), anyone with access to that shareable content will be able to see the information you chose to share. Similarly, if you use a third-party app or service in conjunction with Reflect (such as sending content to an external note-taking app), the information sent to that third-party will be subject to that third-party’s policies. Always use caution and review the privacy settings when sharing information externally.

• Organization Accounts. If you use Reflect with an email address or access code provided by a business or other organization (for example, your employer or school) that has an enterprise arrangement with us, information from your account (including your journal content and usage data) may become accessible to authorized administrators of that organization. In such cases, the organization can potentially view, monitor, or delete your content in accordance with their internal policies. We will notify you if your account is being placed under an organization’s control, and you will have the opportunity to opt out (e.g., by changing the email on your account or discontinuing use) if you do not wish to be part of the organization’s plan. Any such organizational access will be governed by this Privacy Policy and any applicable agreement between Solo Eleven LLC and the organization, and we will only share your data with the organization as needed to provide the enterprise services.

Texas DTPA Transparency.  We strive to provide accurate and transparent information about how Reflect collects, uses, and shares data, in compliance with the Texas Deceptive Trade Practices Act (DTPA). Specifically:

We do not sell your Personal Data to third parties for monetary consideration. We also do not share your Personal Data with third parties for their own direct marketing purposes.

4. Data Retention

We retain your Personal Data for only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. In determining how long to keep data, we consider factors such as:

• The nature of the data and the purpose for which it was collected (e.g., account information is kept while your account is active; conversation data is kept to provide you ongoing access to your journal history and AI context).

• Our legal obligations (e.g., certain transaction records may be kept for financial reporting or legal compliance).

• Potential disputes or enforcement of our agreements (we might retain certain data if we believe an issue may arise, such as records of consent or opt-outs).

• Security and fraud prevention (we may retain logs for a period of time to investigate suspicious activity).

• Backups and archiving practices (data might remain in secure backups for a short period even after deletion, but we have procedures to delete or anonymize data from backups after a retention period).

In practice, this means: we retain your account data for as long as your account is open. If you delete your account (or request deletion), we will delete your personal information and content, except for any data we are required to retain for legal reasons. Journal entries and conversations are stored so that you can revisit them; if you want them deleted, you would need to delete your account (individual message deletion may not be available – see Your Rights and Choices below). Analytics data is typically aggregated or anonymized over time, but raw logs may be kept for a short period (often 30-90 days) unless needed longer for security. Communications you send us (support emails, etc.) may be retained as long as necessary to address your request and for a short period thereafter in case follow-up is needed.

Future Feature Growth.  While we currently do not offer certain functionalities (like partial deletion of individual journal entries) or advanced analytics integrations, we may introduce them in the future to improve our Services. If we do, we will update this Privacy Policy (and other relevant sections) to explain how any new features or data-handling processes work, and will provide you with notice if any changes affect how we collect, store, or delete your information.

When we no longer have a legitimate need to retain your Personal Data, we will securely delete or anonymize it. If deletion is not feasible (e.g., because data is stored in long-term backups), we will securely store it and isolate it from further use until deletion is possible.

5. Your Rights and Choices

Depending on the laws that apply to you (often based on your place of residence), you may have certain rights regarding your Personal Data. We will honor all applicable data subject rights to the extent required by law. These rights may include:

• No Partial Deletions. At present you cannot remove individual messages or entries; deleting your entire account is the only way to erase stored journal content. See the Terms of Use for details.

• Access and Portability: You have the right to request a copy of the Personal Data we hold about you and to obtain information about how we process it. You may also have the right to obtain your Personal Data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller (data portability), subject to certain exceptions.

• Correction (Rectification): If the Personal Data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. In many cases, you can update basic account info (like your email) directly in the app.

• Deletion (Erasure): You have the right to request that we delete your Personal Data. For example, you can request deletion of your entire account (which will remove your profile information and all journal content). Note: Reflect stores your conversations in a single continuous journal thread in our database. At this time, we may not support deleting individual messages or entries without deleting the entire account. If you wish to remove your data from Reflect, you may need to delete your account, which will erase all associated Personal Data and content (subject to our data retention policy above and technical feasibility). We will honor deletion requests in accordance with applicable law.

• Restriction of Processing: You have the right to request that we limit the processing of your Personal Data under certain circumstances (for example, if you contest the accuracy of the data, you can request we restrict processing until we verify its accuracy).

• Objection to Processing: You have the right to object to our processing of your Personal Data in certain situations, especially if we are processing it based on our legitimate interests or for direct marketing.

• Withdraw Consent: If we are processing your Personal Data based on your consent, you have the right to withdraw that consent at any time. For instance, if you consented to receive promotional emails, you can opt out; if you consented to a survey or beta program, you can withdraw and we will stop using your data from that program.

• Non-Discrimination/No Retaliation: If you exercise any of these rights, we will not discriminate against you or deny you our Services as a result. (However, please note that requesting deletion or restricting processing of certain data might affect our ability to provide the Service — for example, if you ask us to delete or stop using your journal content, the AI features will not function.)

To exercise any of your rights, you can contact us at the email or mailing address provided in the “How to Contact Us” section at the end of this policy. Please clearly describe your request and which right you are seeking to exercise. We may need to verify your identity before fulfilling certain requests (to protect your privacy and security). For example, we might ask you to verify control of the email associated with your account or provide additional information that only the account holder would know.

In some cases, we may decline or limit a request, such as when we cannot verify your identity, if the request involves disclosing data about another individual (and we cannot obtain their consent), or if we have a legal obligation or legitimate business reason to keep the data. We will respond to your request within the timeframe required by law (typically within 30-45 days).

California Residents: If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA) and its amendments (like CPRA). These include the right to know, the right to delete, the right to correct, the right to opt-out of “sales” or certain data sharing, and the right to non-discrimination. This Privacy Policy is designed to comply with those requirements. See the section Additional U.S. State Disclosures below for more information tailored to California and other state laws.

European Residents: While our Services are intended for U.S. users, if you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent laws. This policy is intended to give you information required by those laws (like describing our data processing purposes and legal bases). As noted, you can request access, correction, deletion, etc. If you believe we have not complied with your GDPR rights, you have the right to lodge a complaint with your local data protection authority. However, since we currently target the U.S. market, we do not have an EU/UK representative.

Managing Your Data in Reflect: The Reflect app may offer in-app settings or tools to manage certain data. For example, you might have settings to edit your profile, or export your journal entries. We encourage you to explore the app’s settings for options that give you direct control. For anything not directly available in the app, please contact us.

Note on AI-Generated Content Accuracy: Reflect incorporates AI-generated content, which uses statistical models to predict responses. These models may occasionally produce inaccurate or incomplete information. You should not rely on the factual accuracy of AI-generated output without independent verification. If you notice that your conversation contains factually incorrect information about you (Personal Data) and you would like to request correction or deletion of that information, you can contact us with your request. We will treat it similarly to a request to correct or delete your data, though we will consider the technical feasibility and the nature of AI outputs. (In some cases, it may be more feasible to delete the content than to “correct” an AI statement.)

6. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect Personal Data from children under 13 years of age. If you are under 13, please do not attempt to use our Services or send any personal information to us.

If we learn that we have inadvertently collected Personal Data from a child under 13, we will promptly take steps to delete such information from our records. If you are a parent or guardian and discover that a child under 13 has created an account or provided us with Personal Data without your consent, please contact us at our support email so that we can take appropriate action.

For minors who are 13 or older but under the age of 18: as noted in our Terms of Use, such individuals are only permitted to use Reflect with parental or guardian consent. We encourage parents and guardians to discuss responsible internet and app usage with their teens and to supervise their use of Reflect as appropriate. If you are a parent or guardian of a minor using Reflect and have concerns about their Personal Data, you may contact us to inquire about or request deletion of their information.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect Personal Data against unauthorized access, loss, misuse, or alteration. These measures include encryption of data in transit, access controls to our databases, regular security assessments, and limiting access to Personal Data only to those employees and service providers who need it to perform their duties.

That said, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot guarantee absolute security. You should use caution when transmitting sensitive information via any app or service. Protect your account credentials and do not share your password with others. If you believe your Reflect account has been compromised, please contact us immediately.

Accordingly, we do not accept liability for the security or availability of any third-party platforms or networks that we do not own or control, or for any unauthorized access, disclosure, or loss that results from their acts or omissions.

 We also are not responsible for vulnerabilities or breaches that occur on your own devices or networks, which are outside of our control. (For example, if your phone is jailbroken or infected with malware that logs keystrokes, that is beyond our ability to prevent.)

In the event of a data breach that affects your Personal Data, we will notify you and/or the appropriate regulatory authorities as required by law.  We encourage you to keep your device secure, set a strong pass-code, and avoid sharing account credentials. Remember: anything you choose to store in Reflect is personal but not protected by doctor-patient privilege.

8. Additional U.S. State Disclosures

Some U.S. states have enacted privacy laws that require specific disclosures and grant residents certain rights. This section provides supplementary information for residents of those states (such as California, Colorado, Connecticut, Utah, and Virginia) and should be read in conjunction with the rest of our Privacy Policy.

Categories of Personal Data Collected: In the past 12 months, we have collected the following categories of Personal Data (as defined by applicable state law) about users:

• Identifiers: e.g., name, email address, account login credentials, IP address, and device identifiers.

• Personal Information: e.g., any information you provide in your account profile or communications (which may include things like age range if provided, but we do not collect Social Security numbers, driver’s license numbers, or financial account info from you).

• Protected Classifications: We do not actively collect sensitive demographics like race, ethnicity, or health diagnoses from you. You may voluntarily disclose information about your mental health or feelings in journal entries, but we do not classify or categorize you by any protected class. We also do not infer such characteristics about you​.

• Commercial Information: e.g., records of purchases or subscriptions (the fact that you subscribed, transaction IDs, and subscription term).

• Internet or Other Electronic Network Activity: e.g., usage data, logs, interactions with our app, and website cookies as described above.

• Geolocation Data: general location inferred from IP (city/region), and precise location only if you chose to share it (which is not collected by default).

• Audio/Visual Data: If you use voice features, we process audio to text (but do not store the audio). We may in future allow you to upload an image or avatar; any such visual data is provided by you. We do not collect photos, videos, or recordings of you without your consent.

• Professional or Employment Information: Not collected (unless you provided something in a communication).

• Education Information: Not collected (unless you share something in your content).

• Inferences: We do not profile you to create marketing inferences. The AI might generate inferences during a conversation (e.g. “It sounds like you’re feeling happy today”), but we do not store those as a user profile or use them to target you. We do not infer characteristics about you for advertising or other external purposes.

Purposes for Collection: We collect and use the above categories of data for the business and commercial purposes described in Section 2 (How We Use Personal Data) of this policy. For example, identifiers are used to create your account and secure it, network activity is used to improve the service and for security monitoring, etc.

Categories of Third Parties to Whom We Disclose Data: We may disclose the above categories of Personal Data to third parties as described in Section 3 (Disclosure of Personal Data). In summary, in the past 12 months we have disclosed these categories of Personal Data for our business purposes to: service providers (including cloud hosting providers, analytics providers, OpenAI as our processor for AI processing, and email service providers), and possibly to authorities or other parties for legal compliance if required. We do not sell personal data, and we do not share personal data for cross-context behavioral advertising. We also do not process sensitive personal data for the purpose of inferring characteristics about a consumer​.

Your State Privacy Rights: If you are a resident of California or another state with similar privacy laws, you may have the rights described in Section 5 (Your Rights and Choices), such as the right to know/access, delete, correct, opt-out of certain processing, etc. This Privacy Policy and our practices are intended to comply with those laws. You can exercise your rights by contacting us as described below.

• Right to Opt-Out of “Sale” or “Sharing” (California) / Targeted Advertising (Colorado/Virginia, etc.): We do not sell your personal data for money. We also do not share your data for cross-context behavioral advertising. Therefore, there is no need for you to opt out, as we don’t engage in those practices. If in the future we consider monetizing data in a way that might be considered a “sale” or “sharing,” we will provide a proper opt-out mechanism.

• Right to Limit Use of Sensitive Data (California): We do not use or disclose sensitive personal information for purposes that California law would deem requiring an opt-out. Any sensitive data (e.g., thoughts you journal that might relate to health or sexual orientation) is used only to provide the service to you, not for profiling orbuilding a profile on you.

• California Shine-the-Light Disclosure. We do not share personal information with third parties for their direct‑marketing purposes. If that practice ever changes, California residents may request (once per year, free of charge) a list of the categories of information disclosed and the third parties who received it by emailing legal@reflect.chat with “Shine the Light Request” in the subject line.

• Authorized Agent: If you are an authorized agent seeking to exercise rights on behalf of a user, you will need to provide proof of authorization (such as a signed letter from the user or power of attorney) and we may require the user to verify their identity directly with us, as permitted by law.

• Appeals (for Colorado, etc.): If we decline to take action on a request you make in the exercise of your privacy rights, you may have the right to appeal our decision. We will inform you if we are unable to fulfill a request and provide instructions on how you can appeal, if applicable by law.

We will not discriminate against you for exercising any of these rights. If you have any questions about your rights or how to exercise them, you can always reach out to us.

9. International Data Transfers

Reflect is based in the United States. If you are using the Services from outside the U.S., be aware that your Personal Data will likely be transferred to and processed in the United States. The data protection laws of the United States may be different from those in your country of residence.

However, to the extent we knowingly receive users from other jurisdictions, we will take steps to ensure an adequate level of protection for personal data in accordance with applicable law. For example, if we were to serve European users, we would implement appropriate safeguards such as Standard Contractual Clauses for data transfers.

By using the Services, you understand that your information will be sent to the U.S. and handled as described in this Privacy Policy. We apply the same security measures and privacy practices to all users’ data regardless of region, and in line with this Policy.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the policy, we will change the “Published” date at the top. In some cases, we may provide additional notice to you (such as adding a statement in the app, or sending you a notification) about significant changes.

If we make material changes that would negatively impact your privacy rights, we will provide a prominent notice (for example, via the app or by email) and obtain your consent if required by law. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of Reflect after any updates to this Privacy Policy indicates your acknowledgment of the changes. If you do not agree to the revised policy, you should discontinue use of the Services or contact us to delete your data.

11. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

Solo Eleven LLC (d/b/a Reflect)
Attn: Privacy Team / Legal
Address: 4245 N Central Expy, Ste 492, Dallas, TX 75205

Email: legal@reflect.chat

We will do our best to address your inquiry promptly and thoroughly. Your trust is extremely important to us, and we welcome your feedback on any aspect of our privacy practices.

Reminder. Reflect is a private journaling and self-reflection tool, not a healthcare provider. The privacy of your entries is protected under this Policy, but not under medical privacy laws. Think of it like a diary, not a therapy session. While Reflect is not governed by healthcare privacy laws, we still commit to protecting your data as described here, using encryption and security measures. Just remember that this isn’t the same as sharing information within a doctor’s office; it’s more like storing it in a personal journal app.